pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1217013 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1217013
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=32
This commit is contained in:
Ana Guerrero 2024-10-29 13:32:23 +00:00 committed by Git OBS Bridge
commit dcc7abb986
26 changed files with 304 additions and 3875 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
openssl-3.1.4.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
openssl-3.1.4.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmU3yaoACgkQ2JTizos9
efXt8BAAqcF9RBzduklMCXSfG4Rzs2KcWmR1+BB0izxG3KwPr+r54qBbSRCCImHA
U22An//xsDsQZ0K4rrkkkumpJCxLV/4F3TlEBdoCS4wzDXz/LfONzTuZ8Z3QP/Si
ElHTKdqPo2tp6LrDIUSGa9BmK1AsxkhOoC/uJlGpLP0mLJGI3PGo5ordyERAjL/C
hTumE16ErrXY3kHVPAeD6tJlxtV3M9UxsZAOK6LVfnhXLzz8hWMu2H5ZigXZWCDx
NG6ylV4xxfqO9eLxT2wUrJzg24w0VZzmbD+ZeZ24v9aAxGsbl3ZHLgMKkDehNNuP
0ADh3aGq9FkIg5n53UQu0pbOc6aBPgWwVuaNfxOheG2GqBCoca42ikW20QZyJAec
h3uLQ76vnWOjUIjeRCjpw0+OCUaWr0wx5WzzfdgYc813VwN6FaC9ZmB46oaLfIeD
MBAyuUxdTif/7SXmGgUIQDIf4Vxr2H7I0NyyDxD+y+C2gwn+zVvuVcBBc2cNq4QN
UINxZvm75CwaCsys+MDjSneDhpcSlAPqTJqM3DvKf/r3+27buz+sFw463fTHnv0F
FpyBPgvvusY4Z4h/jqLcfkl2MBOxlo+lpZJdPpQoEvGz751GsKmmtb0YgZ7BjrYs
5vFvo0EJ066J9bWLbp6VZd825B9P2Uy7u3sUz+E5nuavT4eHv7o=
=EH33
-----END PGP SIGNATURE-----

3
openssl-3.1.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c
size 15684836

16
openssl-3.1.7.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmbXB9UACgkQIWCU39DL
ge/wjg/+MwugS9yaSCXXeqfRDYphyyblQ915j30Zo4kOdxr/ZBkrrzExxQaAN9tC
NR+w33NPmiQQk8MPKKx3dcOZ3giHv7uGlBbo8fHihoUJ5cM9jDLd0UnqSUKU6C7h
mK0BcGBj+Y5Sj2wH0NLPbFgfqbk2rbFRyDDoszj/ZahdE/dr1m1W8vI+FFqqqLjO
hc4J26Dn/oTA1FWgXhIAPQDjG/sUy2waF1Q/nelVkeCwrL5modcW8CXGiwZa5Wan
93cAgk0VUVq20FGQLVVxhGJ9wMGv48nS/hJKugJci1CFqX1eLc5NrbDah3sejGpA
9ZgNoguolbxVe+pFDF+Qj5tLM34+ONI4m2wqtKNAA9UN/W2NuQxatDlHYU2u718C
YpiEodIuNz5ktGAtHAe0fI36rvMJGy/6nKuzMXNF+QmbFzWhtnQRXJuC6uY7dIOa
QHHYmKboVJCb9Ak2gSuTEJvov8HFnlCRzzXBEN2sP6Xd86flERRcMH41VtEu0u2c
wB54o5+9l/7PQ3TOSdNUD6JakjraE05KMHB0KwEUIvAEMceaIrp1q6BnVrEzRjdV
WMsagkvHiv4dUP8lT1DpCEhq7jHyzvHtFrrQq+SAHITgnYiENF6K89w2QLkqoK33
Co/eerwMazO3+qxASYz7pFODPyVAsTIWvuWAJ6CmtubJBinjVnM=
=Z8CX
-----END PGP SIGNATURE-----

42
openssl-3.changes
View File

@ -1,3 +1,45 @@
-------------------------------------------------------------------
Mon Oct 21 11:01:59 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.1.7:
* Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]
- Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
- Fixed possible buffer overread in SSL_select_next_proto()
(CVE-2024-5535)
* Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]
- Fixed potential use after free after SSL_free_buffers() is
called (CVE-2024-4741)
- Fixed an issue where checking excessively long DSA keys or
parameters may be very slow (CVE-2024-4603)
- Fixed unbounded memory growth with session handling in TLSv1.3
(CVE-2024-2511)
* Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
- Fixed PKCS12 Decoding crashes (CVE-2024-0727)
- Fixed Excessive time spent checking invalid RSA public keys
[CVE-2023-6237)
- Fixed POLY1305 MAC implementation corrupting vector registers
on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
- Fix excessive time spent in DH check / generation with large
Q parameter value (CVE-2023-5678)
* Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
* Rebase patches:
- openssl-Force-FIPS.patch
- openssl-FIPS-embed-hmac.patch
- openssl-FIPS-services-minimize.patch
- openssl-FIPS-RSA-disable-shake.patch
- openssl-CVE-2023-50782.patch
* Remove patches fixed in the update:
- openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
- openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch
- openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch
- openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch
- openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch
- openssl-CVE-2023-5678.patch
- openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
- openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
- openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
- reproducible.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 17 12:32:21 UTC 2024 - Pedro Monreal <pmonreal@suse.com> Thu Oct 17 12:32:21 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

31
openssl-3.spec
View File

@ -28,7 +28,7 @@
Name: openssl-3 Name: openssl-3
# Don't forget to update the version in the "openssl" meta-package! # Don't forget to update the version in the "openssl" meta-package!
Version: 3.1.4 Version: 3.1.7
Release: 0 Release: 0
Summary: Secure Sockets and Transport Layer Security Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0 License: Apache-2.0
@ -65,14 +65,6 @@ Patch13: openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
Patch14: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch Patch14: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
Patch15: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch Patch15: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
Patch16: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch Patch16: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
Patch17: openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
# PATCH-FIX-UPSTREAM: bsc#1216922 CVE-2023-5678 Generating excessively long X9.42 DH keys or
# checking excessively long X9.42 DH keys or parameters may be very slow
Patch18: openssl-CVE-2023-5678.patch
# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/22971
Patch19: openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
# PATCH-FIX-UPSTREAM: bsc#1218690 CVE-2023-6129 - POLY1305 MAC implementation corrupts vector registers on PowerPC
Patch20: openssl-CVE-2023-6129.patch
# PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly # PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly
Patch21: openssl-Force-FIPS.patch Patch21: openssl-Force-FIPS.patch
# PATCH-FIX-FEDORA Disable the fipsinstall command-line utility # PATCH-FIX-FEDORA Disable the fipsinstall command-line utility
@ -81,25 +73,8 @@ Patch22: openssl-disable-fipsinstall.patch
Patch23: openssl-load-legacy-provider.patch Patch23: openssl-load-legacy-provider.patch
# PATCH-FIX-FEDORA Embed the FIPS hmac # PATCH-FIX-FEDORA Embed the FIPS hmac
Patch24: openssl-FIPS-embed-hmac.patch Patch24: openssl-FIPS-embed-hmac.patch
# PATCH-FIX-UPSTREAM: bsc#1218810 CVE-2023-6237: Excessive time spent checking invalid RSA public keys
Patch25: openssl-CVE-2023-6237.patch
# PATCH-FIX-SUSE bsc#1194187, bsc#1207472, bsc#1218933 - Add engines section in openssl.cnf # PATCH-FIX-SUSE bsc#1194187, bsc#1207472, bsc#1218933 - Add engines section in openssl.cnf
Patch26: openssl-3-use-include-directive.patch Patch26: openssl-3-use-include-directive.patch
# PATCH-FIX-UPSTREAM: bsc#1219243 CVE-2024-0727: denial of service via null dereference
Patch27: openssl-CVE-2024-0727.patch
# PATCH-FIX-UPSTREAM: bsc#1222548 CVE-2024-2511: Unbounded memory growth with session handling in TLSv1.3
Patch28: openssl-CVE-2024-2511.patch
# PATCH-FIX-UPSTREAM: bsc#1224388 CVE-2024-4603: excessive time spent checking DSA keys and parameters
Patch29: openssl-CVE-2024-4603.patch
# PATCH-FIX-UPSTREAM: bsc#1225291 NVMe/TCP TLS connection fails due to handshake failure
Patch30: openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
Patch31: openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
# PATCH-FIX-UPSTREAM bsc#1225551 CVE-2024-4741: use After Free with SSL_free_buffers
Patch32: openssl-CVE-2024-4741.patch
# PATCH-FIX-UPSTREAM: bsc#1223336 aes-gcm-avx512.pl: fix non-reproducibility issue
Patch33: reproducible.patch
# PATCH-FIX-UPSTREAM: bsc#1227138 CVE-2024-5535: SSL_select_next_proto buffer overread
Patch34: openssl-CVE-2024-5535.patch
# PATCH-FIX-FEDORA bsc#1221786 FIPS: Use of non-Approved Elliptic Curves # PATCH-FIX-FEDORA bsc#1221786 FIPS: Use of non-Approved Elliptic Curves
Patch35: openssl-Add-changes-to-ectest-and-eccurve.patch Patch35: openssl-Add-changes-to-ectest-and-eccurve.patch
Patch36: openssl-Remove-EC-curves.patch Patch36: openssl-Remove-EC-curves.patch
@ -165,8 +140,6 @@ Patch68: openssl-FIPS-enforce-security-checks-during-initialization.patch
Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider # PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider
Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
# PATCH-FIX-UPSTREAM bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks
Patch71: openssl-CVE-2024-6119.patch
# PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validation order of the DH public keys # PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validation order of the DH public keys
Patch72: openssl-CVE-2024-41996.patch Patch72: openssl-CVE-2024-41996.patch
# PATCH-FIX-UPSTREAM bsc#1220262 CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 # PATCH-FIX-UPSTREAM bsc#1220262 CVE-2023-50782: Implicit rejection in PKCS#1 v1.5
@ -474,7 +447,7 @@ fi
%files %files
%license LICENSE.txt %license LICENSE.txt
%doc CHANGES.md NEWS.md FAQ.md README.md %doc CHANGES.md NEWS.md README.md
%dir %{ssletcdir} %dir %{ssletcdir}
%config %{ssletcdir}/openssl-orig.cnf %config %{ssletcdir}/openssl-orig.cnf
%config (noreplace) %{ssletcdir}/openssl.cnf %config (noreplace) %{ssletcdir}/openssl.cnf

112
openssl-CVE-2023-50782.patch
View File

@ -1,7 +1,7 @@
Index: openssl-3.1.4/crypto/cms/cms_env.c Index: openssl-3.1.7/crypto/cms/cms_env.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/cms/cms_env.c --- openssl-3.1.7.orig/crypto/cms/cms_env.c
+++ openssl-3.1.4/crypto/cms/cms_env.c +++ openssl-3.1.7/crypto/cms/cms_env.c
@@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decryp @@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decryp
if (!ossl_cms_env_asn1_ctrl(ri, 1)) if (!ossl_cms_env_asn1_ctrl(ri, 1))
goto err; goto err;
@ -16,10 +16,10 @@ Index: openssl-3.1.4/crypto/cms/cms_env.c
if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
ktri->encryptedKey->data, ktri->encryptedKey->data,
ktri->encryptedKey->length) <= 0) ktri->encryptedKey->length) <= 0)
Index: openssl-3.1.4/crypto/evp/ctrl_params_translate.c Index: openssl-3.1.7/crypto/evp/ctrl_params_translate.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/evp/ctrl_params_translate.c --- openssl-3.1.7.orig/crypto/evp/ctrl_params_translate.c
+++ openssl-3.1.4/crypto/evp/ctrl_params_translate.c +++ openssl-3.1.7/crypto/evp/ctrl_params_translate.c
@@ -2265,6 +2265,12 @@ static const struct translation_st evp_p @@ -2265,6 +2265,12 @@ static const struct translation_st evp_p
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
@ -33,10 +33,10 @@ Index: openssl-3.1.4/crypto/evp/ctrl_params_translate.c
{ SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
Index: openssl-3.1.4/crypto/pkcs7/pk7_doit.c Index: openssl-3.1.7/crypto/pkcs7/pk7_doit.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/pkcs7/pk7_doit.c --- openssl-3.1.7.orig/crypto/pkcs7/pk7_doit.c
+++ openssl-3.1.4/crypto/pkcs7/pk7_doit.c +++ openssl-3.1.7/crypto/pkcs7/pk7_doit.c
@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned @@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned
if (EVP_PKEY_decrypt_init(pctx) <= 0) if (EVP_PKEY_decrypt_init(pctx) <= 0)
goto err; goto err;
@ -51,10 +51,10 @@ Index: openssl-3.1.4/crypto/pkcs7/pk7_doit.c
if (EVP_PKEY_decrypt(pctx, NULL, &eklen, if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0) ri->enc_key->data, ri->enc_key->length) <= 0)
goto err; goto err;
Index: openssl-3.1.4/crypto/rsa/rsa_ossl.c Index: openssl-3.1.7/crypto/rsa/rsa_ossl.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/rsa/rsa_ossl.c --- openssl-3.1.7.orig/crypto/rsa/rsa_ossl.c
+++ openssl-3.1.4/crypto/rsa/rsa_ossl.c +++ openssl-3.1.7/crypto/rsa/rsa_ossl.c
@@ -17,6 +17,9 @@ @@ -17,6 +17,9 @@
#include "crypto/bn.h" #include "crypto/bn.h"
#include "rsa_local.h" #include "rsa_local.h"
@ -209,10 +209,10 @@ Index: openssl-3.1.4/crypto/rsa/rsa_ossl.c
BN_CTX_end(ctx); BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
OPENSSL_clear_free(buf, num); OPENSSL_clear_free(buf, num);
Index: openssl-3.1.4/crypto/rsa/rsa_pk1.c Index: openssl-3.1.7/crypto/rsa/rsa_pk1.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/rsa/rsa_pk1.c --- openssl-3.1.7.orig/crypto/rsa/rsa_pk1.c
+++ openssl-3.1.4/crypto/rsa/rsa_pk1.c +++ openssl-3.1.7/crypto/rsa/rsa_pk1.c
@@ -21,10 +21,14 @@ @@ -21,10 +21,14 @@
#include <openssl/rand.h> #include <openssl/rand.h>
/* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */
@ -483,10 +483,10 @@ Index: openssl-3.1.4/crypto/rsa/rsa_pk1.c
/* /*
* ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
* padding from a decrypted RSA message in a TLS signature. The result is stored * padding from a decrypted RSA message in a TLS signature. The result is stored
Index: openssl-3.1.4/crypto/rsa/rsa_pmeth.c Index: openssl-3.1.7/crypto/rsa/rsa_pmeth.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/rsa/rsa_pmeth.c --- openssl-3.1.7.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-3.1.4/crypto/rsa/rsa_pmeth.c +++ openssl-3.1.7/crypto/rsa/rsa_pmeth.c
@@ -52,6 +52,8 @@ typedef struct { @@ -52,6 +52,8 @@ typedef struct {
/* OAEP label */ /* OAEP label */
unsigned char *oaep_label; unsigned char *oaep_label;
@ -549,12 +549,12 @@ Index: openssl-3.1.4/crypto/rsa/rsa_pmeth.c
case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_DIGESTINIT:
case EVP_PKEY_CTRL_PKCS7_SIGN: case EVP_PKEY_CTRL_PKCS7_SIGN:
#ifndef OPENSSL_NO_CMS #ifndef OPENSSL_NO_CMS
Index: openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in Index: openssl-3.1.7/doc/man1/openssl-pkeyutl.pod.in
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man1/openssl-pkeyutl.pod.in --- openssl-3.1.7.orig/doc/man1/openssl-pkeyutl.pod.in
+++ openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in +++ openssl-3.1.7/doc/man1/openssl-pkeyutl.pod.in
@@ -240,6 +240,11 @@ signed or verified directly instead of u @@ -240,6 +240,11 @@ signed or verified directly instead of u
digest is set then the a B<DigestInfo> structure is used and its the length digest is set, then the B<DigestInfo> structure is used and its length
must correspond to the digest type. must correspond to the digest type.
+Note, for B<pkcs1> padding, as a protection against Bleichenbacher attack, +Note, for B<pkcs1> padding, as a protection against Bleichenbacher attack,
@ -582,10 +582,10 @@ Index: openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in
=back =back
=head1 RSA-PSS ALGORITHM =head1 RSA-PSS ALGORITHM
Index: openssl-3.1.4/doc/man1/openssl-rsautl.pod.in Index: openssl-3.1.7/doc/man1/openssl-rsautl.pod.in
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man1/openssl-rsautl.pod.in --- openssl-3.1.7.orig/doc/man1/openssl-rsautl.pod.in
+++ openssl-3.1.4/doc/man1/openssl-rsautl.pod.in +++ openssl-3.1.7/doc/man1/openssl-rsautl.pod.in
@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the def @@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the def
ANSI X9.31, or no padding, respectively. ANSI X9.31, or no padding, respectively.
For signatures, only B<-pkcs> and B<-raw> can be used. For signatures, only B<-pkcs> and B<-raw> can be used.
@ -598,10 +598,10 @@ Index: openssl-3.1.4/doc/man1/openssl-rsautl.pod.in
=item B<-hexdump> =item B<-hexdump>
Hex dump the output data. Hex dump the output data.
Index: openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod Index: openssl-3.1.7/doc/man3/EVP_PKEY_CTX_ctrl.pod
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man3/EVP_PKEY_CTX_ctrl.pod --- openssl-3.1.7.orig/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ openssl-3.1.7/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -393,6 +393,15 @@ this behaviour should be tolerated then @@ -393,6 +393,15 @@ this behaviour should be tolerated then
OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual
negotiated protocol version. Otherwise it should be left unset. negotiated protocol version. Otherwise it should be left unset.
@ -618,10 +618,10 @@ Index: openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod
=head2 DSA parameters =head2 DSA parameters
EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA
Index: openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod Index: openssl-3.1.7/doc/man3/EVP_PKEY_decrypt.pod
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man3/EVP_PKEY_decrypt.pod --- openssl-3.1.7.orig/doc/man3/EVP_PKEY_decrypt.pod
+++ openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod +++ openssl-3.1.7/doc/man3/EVP_PKEY_decrypt.pod
@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative @@ -51,6 +51,18 @@ return 1 for success and 0 or a negative
return value of -2 indicates the operation is not supported by the public key return value of -2 indicates the operation is not supported by the public key
algorithm. algorithm.
@ -641,10 +641,10 @@ Index: openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod
=head1 EXAMPLES =head1 EXAMPLES
Decrypt data using OAEP (for RSA keys): Decrypt data using OAEP (for RSA keys):
Index: openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod Index: openssl-3.1.7/doc/man3/RSA_padding_add_PKCS1_type_1.pod
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man3/RSA_padding_add_PKCS1_type_1.pod --- openssl-3.1.7.orig/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+++ openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ openssl-3.1.7/doc/man3/RSA_padding_add_PKCS1_type_1.pod
@@ -121,8 +121,8 @@ L<ERR_get_error(3)>. @@ -121,8 +121,8 @@ L<ERR_get_error(3)>.
=head1 WARNINGS =head1 WARNINGS
@ -666,10 +666,10 @@ Index: openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod
=head1 SEE ALSO =head1 SEE ALSO
L<RSA_public_encrypt(3)>, L<RSA_public_encrypt(3)>,
Index: openssl-3.1.4/doc/man3/RSA_public_encrypt.pod Index: openssl-3.1.7/doc/man3/RSA_public_encrypt.pod
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man3/RSA_public_encrypt.pod --- openssl-3.1.7.orig/doc/man3/RSA_public_encrypt.pod
+++ openssl-3.1.4/doc/man3/RSA_public_encrypt.pod +++ openssl-3.1.7/doc/man3/RSA_public_encrypt.pod
@@ -52,8 +52,8 @@ Encrypting user data directly with RSA i @@ -52,8 +52,8 @@ Encrypting user data directly with RSA i
=back =back
@ -695,10 +695,10 @@ Index: openssl-3.1.4/doc/man3/RSA_public_encrypt.pod
=head1 CONFORMING TO =head1 CONFORMING TO
SSL, PKCS #1 v2.0 SSL, PKCS #1 v2.0
Index: openssl-3.1.4/doc/man7/provider-asym_cipher.pod Index: openssl-3.1.7/doc/man7/provider-asym_cipher.pod
=================================================================== ===================================================================
--- openssl-3.1.4.orig/doc/man7/provider-asym_cipher.pod --- openssl-3.1.7.orig/doc/man7/provider-asym_cipher.pod
+++ openssl-3.1.4/doc/man7/provider-asym_cipher.pod +++ openssl-3.1.7/doc/man7/provider-asym_cipher.pod
@@ -234,6 +234,15 @@ The TLS protocol version first requested @@ -234,6 +234,15 @@ The TLS protocol version first requested
The negotiated TLS protocol version. The negotiated TLS protocol version.
@ -715,10 +715,10 @@ Index: openssl-3.1.4/doc/man7/provider-asym_cipher.pod
=back =back
OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params()
Index: openssl-3.1.4/include/crypto/rsa.h Index: openssl-3.1.7/include/crypto/rsa.h
=================================================================== ===================================================================
--- openssl-3.1.4.orig/include/crypto/rsa.h --- openssl-3.1.7.orig/include/crypto/rsa.h
+++ openssl-3.1.4/include/crypto/rsa.h +++ openssl-3.1.7/include/crypto/rsa.h
@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, cons @@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, cons
RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq); OSSL_LIB_CTX *libctx, const char *propq);
@ -730,10 +730,10 @@ Index: openssl-3.1.4/include/crypto/rsa.h
int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to,
size_t tlen, size_t tlen,
const unsigned char *from, const unsigned char *from,
Index: openssl-3.1.4/include/openssl/core_names.h Index: openssl-3.1.7/include/openssl/core_names.h
=================================================================== ===================================================================
--- openssl-3.1.4.orig/include/openssl/core_names.h --- openssl-3.1.7.orig/include/openssl/core_names.h
+++ openssl-3.1.4/include/openssl/core_names.h +++ openssl-3.1.7/include/openssl/core_names.h
@@ -299,6 +299,7 @@ extern "C" { @@ -299,6 +299,7 @@ extern "C" {
#define OSSL_PKEY_PARAM_DIST_ID "distid" #define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub" #define OSSL_PKEY_PARAM_PUB_KEY "pub"
@ -750,10 +750,10 @@ Index: openssl-3.1.4/include/openssl/core_names.h
#ifdef FIPS_MODULE #ifdef FIPS_MODULE
#define OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED "suse-kat-oaep-seed" #define OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED "suse-kat-oaep-seed"
#endif #endif
Index: openssl-3.1.4/include/openssl/rsa.h Index: openssl-3.1.7/include/openssl/rsa.h
=================================================================== ===================================================================
--- openssl-3.1.4.orig/include/openssl/rsa.h --- openssl-3.1.7.orig/include/openssl/rsa.h
+++ openssl-3.1.4/include/openssl/rsa.h +++ openssl-3.1.7/include/openssl/rsa.h
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP @@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP
# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
@ -773,10 +773,10 @@ Index: openssl-3.1.4/include/openssl/rsa.h
# define RSA_PKCS1_PADDING_SIZE 11 # define RSA_PKCS1_PADDING_SIZE 11
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c Index: openssl-3.1.7/providers/implementations/asymciphers/rsa_enc.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/providers/implementations/asymciphers/rsa_enc.c --- openssl-3.1.7.orig/providers/implementations/asymciphers/rsa_enc.c
+++ openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c +++ openssl-3.1.7/providers/implementations/asymciphers/rsa_enc.c
@@ -78,6 +78,8 @@ typedef struct { @@ -78,6 +78,8 @@ typedef struct {
/* TLS padding */ /* TLS padding */
unsigned int client_version; unsigned int client_version;
@ -851,7 +851,7 @@ Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c
return 1; return 1;
} }
@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_c @@ -634,6 +655,7 @@ static const OSSL_PARAM known_settable_c
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@ -859,10 +859,10 @@ Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c
OSSL_PARAM_END OSSL_PARAM_END
}; };
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt Index: openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
=================================================================== ===================================================================
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt --- openssl-3.1.7.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -268,9 +268,25 @@ Decrypt = RSA-2048 @@ -268,9 +268,25 @@ Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
Output = "Hello World" Output = "Hello World"

172
openssl-CVE-2023-5678.patch
View File

@ -1,172 +0,0 @@
From ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 20 Oct 2023 09:18:19 +0200
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.
This change adds all the missing excessive size checks of P and Q.
It's to be noted that behaviours surrounding excessively sized P and Q
differ. DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q. This behaviour is mimicked in
DH_check_pub_key().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22518)
---
crypto/dh/dh_check.c | 12 ++++++++++++
crypto/dh/dh_err.c | 3 ++-
crypto/dh/dh_key.c | 12 ++++++++++++
crypto/err/openssl.txt | 1 +
include/crypto/dherr.h | 2 +-
include/openssl/dh.h | 6 +++---
include/openssl/dherr.h | 3 ++-
7 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 7ba2beae7fd6b..e20eb62081c5e 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
*/
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
+ return 0;
+ }
+
+ if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
+ return 1;
+ }
+
return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
}
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 4152397426cc9..f76ac0dd1463f 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
"unable to check generator"},
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index d84ea99241b9e..afc49f5cdc87d 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
+ if (dh->params.q != NULL
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
+ goto err;
+ }
+
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
return 0;
@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
return 0;
}
+ if (dh->params.q != NULL
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
+ return 0;
+ }
+
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
return 0;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index a1e6bbb617fcb..69e4f61aa1801 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -513,6 +513,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_Q_TOO_LARGE:130:q too large
DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
index bb24d131eb887..519327f795742 100644
--- a/include/crypto/dherr.h
+++ b/include/crypto/dherr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 8bc17448a0817..f1c0ed06b375a 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_GENERATOR_3 3
# define DH_GENERATOR_5 5
-/* DH_check error codes */
+/* DH_check error codes, some of them shared with DH_check_pub_key */
/*
* NB: These values must align with the equivalently named macros in
* internal/ffc.h.
@@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
-# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
# define DH_CHECK_INVALID_J_VALUE 0x40
# define DH_MODULUS_TOO_SMALL 0x80
-# define DH_MODULUS_TOO_LARGE 0x100
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
index 5d2a762a96f8c..074a70145f9f5 100644
--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -50,6 +50,7 @@
# define DH_R_NO_PRIVATE_VALUE 100
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_Q_TOO_LARGE 130
# define DH_R_SHARED_INFO_ERROR 113
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121

109
openssl-CVE-2023-6129.patch
View File

@ -1,109 +0,0 @@
From 050d26383d4e264966fb83428e72d5d48f402d35 Mon Sep 17 00:00:00 2001
From: Rohan McLure <rmclure@linux.ibm.com>
Date: Thu, 4 Jan 2024 10:25:50 +0100
Subject: [PATCH] poly1305-ppc.pl: Fix vector register clobbering
Fixes CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f)
---
crypto/poly1305/asm/poly1305-ppc.pl | 42 ++++++++++++++---------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl
index 9f86134d923fb..2e601bb9c24be 100755
--- a/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/crypto/poly1305/asm/poly1305-ppc.pl
@@ -744,7 +744,7 @@
my $LOCALS= 6*$SIZE_T;
my $VSXFRAME = $LOCALS + 6*$SIZE_T;
$VSXFRAME += 128; # local variables
- $VSXFRAME += 13*16; # v20-v31 offload
+ $VSXFRAME += 12*16; # v20-v31 offload
my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0;
@@ -919,12 +919,12 @@
addi r11,r11,32
stvx v22,r10,$sp
addi r10,r10,32
- stvx v23,r10,$sp
- addi r10,r10,32
- stvx v24,r11,$sp
+ stvx v23,r11,$sp
addi r11,r11,32
- stvx v25,r10,$sp
+ stvx v24,r10,$sp
addi r10,r10,32
+ stvx v25,r11,$sp
+ addi r11,r11,32
stvx v26,r10,$sp
addi r10,r10,32
stvx v27,r11,$sp
@@ -1153,12 +1153,12 @@
addi r11,r11,32
stvx v22,r10,$sp
addi r10,r10,32
- stvx v23,r10,$sp
- addi r10,r10,32
- stvx v24,r11,$sp
+ stvx v23,r11,$sp
addi r11,r11,32
- stvx v25,r10,$sp
+ stvx v24,r10,$sp
addi r10,r10,32
+ stvx v25,r11,$sp
+ addi r11,r11,32
stvx v26,r10,$sp
addi r10,r10,32
stvx v27,r11,$sp
@@ -1899,26 +1899,26 @@
mtspr 256,r12 # restore vrsave
lvx v20,r10,$sp
addi r10,r10,32
- lvx v21,r10,$sp
- addi r10,r10,32
- lvx v22,r11,$sp
+ lvx v21,r11,$sp
addi r11,r11,32
- lvx v23,r10,$sp
+ lvx v22,r10,$sp
addi r10,r10,32
- lvx v24,r11,$sp
+ lvx v23,r11,$sp
addi r11,r11,32
- lvx v25,r10,$sp
+ lvx v24,r10,$sp
addi r10,r10,32
- lvx v26,r11,$sp
+ lvx v25,r11,$sp
addi r11,r11,32
- lvx v27,r10,$sp
+ lvx v26,r10,$sp
addi r10,r10,32
- lvx v28,r11,$sp
+ lvx v27,r11,$sp
addi r11,r11,32
- lvx v29,r10,$sp
+ lvx v28,r10,$sp
addi r10,r10,32
- lvx v30,r11,$sp
- lvx v31,r10,$sp
+ lvx v29,r11,$sp
+ addi r11,r11,32
+ lvx v30,r10,$sp
+ lvx v31,r11,$sp
$POP r27,`$VSXFRAME-$SIZE_T*5`($sp)
$POP r28,`$VSXFRAME-$SIZE_T*4`($sp)
$POP r29,`$VSXFRAME-$SIZE_T*3`($sp)

122
openssl-CVE-2023-6237.patch
View File

@ -1,122 +0,0 @@
From 18c02492138d1eb8b6548cb26e7b625fb2414a2a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 22 Dec 2023 16:25:56 +0100
Subject: [PATCH] Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
---
crypto/rsa/rsa_sp800_56b_check.c | 8 +++-
test/recipes/91-test_pkey_check.t | 2 +-
.../91-test_pkey_check_data/rsapub_17k.pem | 48 +++++++++++++++++++
3 files changed, 56 insertions(+), 2 deletions(-)
create mode 100644 test/recipes/91-test_pkey_check_data/rsapub_17k.pem
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
index fc8f19b48770b..bcbdd24fb8199 100644
--- a/crypto/rsa/rsa_sp800_56b_check.c
+++ b/crypto/rsa/rsa_sp800_56b_check.c
@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
return 0;
nbits = BN_num_bits(rsa->n);
+ if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
#ifdef FIPS_MODULE
/*
* (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
goto err;
}
- ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
+ /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
+ ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
#ifdef FIPS_MODULE
if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
#else
diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
index dc7cc64533af2..f8088df14d36c 100644
--- a/test/recipes/91-test_pkey_check.t
+++ b/test/recipes/91-test_pkey_check.t
@@ -70,7 +70,7 @@ push(@positive_tests, (
"dhpkey.pem"
)) unless disabled("dh");
-my @negative_pubtests = ();
+my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key
push(@negative_pubtests, (
"dsapub_noparam.der"
diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
new file mode 100644
index 0000000000000..9a2eaedaf1b22
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
@@ -0,0 +1,48 @@
+-----BEGIN PUBLIC KEY-----
+MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR
+B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph
+gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2
+GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/
+XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj
+b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2
+gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq
+TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1
+vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0
+V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j
+/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH
+SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa
+PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y
+Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu
+C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J
+xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo
+F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id
+aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB
+nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi
+R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7
+kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN
+mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux
+AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O
+f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi
+ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH
+UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx
+wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP
+fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4
+y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS
+Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL
+HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ
+eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ
+EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz
+chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq
+4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW
+gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC
+A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK
+FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys
+26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC
+xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J
+pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+
+k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa
+2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q
+Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb
+77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID
+AQAB
+-----END PUBLIC KEY-----

120
openssl-CVE-2024-0727.patch
View File

@ -1,120 +0,0 @@
From 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 19 Jan 2024 11:28:58 +0000
Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)
---
crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++
crypto/pkcs12/p12_mutl.c | 5 +++++
crypto/pkcs12/p12_npas.c | 5 +++--
crypto/pkcs7/pk7_mime.c | 7 +++++--
4 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 6fd4184af5a52..80ce31b3bca66 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
return NULL;
}
+
+ if (p7->d.data == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
}
@@ -150,6 +156,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
{
if (!PKCS7_type_is_encrypted(p7))
return NULL;
+
+ if (p7->d.encrypted == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,
ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
pass, passlen,
@@ -188,6 +200,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
return NULL;
}
+
+ if (p12->authsafes->d.data == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
p7s = ASN1_item_unpack(p12->authsafes->d.data,
ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
if (p7s != NULL) {
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 67a885a45f89e..68ff54d0e90ee 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
return 0;
}
+ if (p12->authsafes->d.data == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+ return 0;
+ }
+
salt = p12->mac->salt->data;
saltlen = p12->mac->salt->length;
if (p12->mac->iter == NULL)
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index 62230bc6187ff..1e5b5495991a4 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -77,8 +77,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
- if (!alg_get(p7->d.encrypted->enc_data->algorithm,
- &pbe_nid, &pbe_iter, &pbe_saltlen))
+ if (p7->d.encrypted == NULL
+ || !alg_get(p7->d.encrypted->enc_data->algorithm,
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
goto err;
} else {
continue;
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 49a0da5f819c4..8228315eeaa3a 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
int ctype_nid = OBJ_obj2nid(p7->type);
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
- if (ctype_nid == NID_pkcs7_signed)
+ if (ctype_nid == NID_pkcs7_signed) {
+ if (p7->d.sign == NULL)
+ return 0;
mdalgs = p7->d.sign->md_algs;
- else
+ } else {
mdalgs = NULL;
+ }
flags ^= SMIME_OLDMIME;

116
openssl-CVE-2024-2511.patch
View File

@ -1,116 +0,0 @@
From 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 5 Mar 2024 15:43:53 +0000
Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the session cache. However, if
early data is not in use (and therefore anti-replay protection is being
used), then multiple threads could be resuming from the same session
simultaneously. If this happens and a problem occurs on one of the threads,
then the original session object could be marked as not_resumable. When we
duplicate the session object this not_resumable status gets copied into the
new session object. The new session object is then added to the session
cache even though it is not_resumable.
Subsequently, another bug means that the session_id_length is set to 0 for
sessions that are marked as not_resumable - even though that session is
still in the cache. Once this happens the session can never be removed from
the cache. When that object gets to be the session cache tail object the
cache never shrinks again and grows indefinitely.
CVE-2024-2511
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)
---
ssl/ssl_lib.c | 5 +++--
ssl/ssl_sess.c | 28 ++++++++++++++++++++++------
ssl/statem/statem_srvr.c | 5 ++---
3 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b5cc4af2f0302..e747b7f90aa71 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3737,9 +3737,10 @@ void ssl_update_cache(SSL *s, int mode)
/*
* If the session_id_length is 0, we are not supposed to cache it, and it
- * would be rather hard to do anyway :-)
+ * would be rather hard to do anyway :-). Also if the session has already
+ * been marked as not_resumable we should not cache it for later reuse.
*/
- if (s->session->session_id_length == 0)
+ if (s->session->session_id_length == 0 || s->session->not_resumable)
return;
/*
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index bf84e792251b8..241cf43c46296 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -154,16 +154,11 @@ SSL_SESSION *SSL_SESSION_new(void)
return ss;
}
-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-{
- return ssl_session_dup(src, 1);
-}
-
/*
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
* ticket == 0 then no ticket information is duplicated, otherwise it is.
*/
-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
{
SSL_SESSION *dest;
@@ -287,6 +282,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
return NULL;
}
+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+{
+ return ssl_session_dup_intern(src, 1);
+}
+
+/*
+ * Used internally when duplicating a session which might be already shared.
+ * We will have resumed the original session. Subsequently we might have marked
+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
+ * resume from.
+ */
+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
+
+ if (sess != NULL)
+ sess->not_resumable = 0;
+
+ return sess;
+}
+
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if (len)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5d59d53563ed8..8e493176f658e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
* so the following won't overwrite an ID that we're supposed
* to send back.
*/
- if (s->session->not_resumable ||
- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
- && !s->hit))
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+ && !s->hit)
s->session->session_id_length = 0;
if (usetls13) {

199
openssl-CVE-2024-4603.patch
View File

@ -1,199 +0,0 @@
From 9c39b3858091c152f52513c066ff2c5a47969f0d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 8 May 2024 15:23:45 +0200
Subject: [PATCH] Check DSA parameters for excessive sizes before validating
This avoids overly long computation of various validation
checks.
Fixes CVE-2024-4603
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24346)
(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b)
---
CHANGES.md | 17 ++++++
crypto/dsa/dsa_check.c | 44 ++++++++++++--
.../invalid/p10240_q256_too_big.pem | 57 +++++++++++++++++++
3 files changed, 114 insertions(+), 4 deletions(-)
create mode 100644 test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
Index: openssl-3.1.4/crypto/dsa/dsa_check.c
===================================================================
--- openssl-3.1.4.orig/crypto/dsa/dsa_check.c
+++ openssl-3.1.4/crypto/dsa/dsa_check.c
@@ -19,8 +19,34 @@
#include "dsa_local.h"
#include "crypto/dsa.h"
+static int dsa_precheck_params(const DSA *dsa, int *ret)
+{
+ if (dsa->params.p == NULL || dsa->params.q == NULL) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ return 1;
+}
+
int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
FFC_PARAM_TYPE_DSA, ret);
@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa
*/
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
&& *ret == 0;
}
@@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *ds
*/
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
&& *ret == 0;
}
@@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *d
{
*ret = 0;
- return (dsa->params.q != NULL
- && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
+ return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
}
/*
@@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *d
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL;
- if (dsa->params.p == NULL
- || dsa->params.g == NULL
+ if (!dsa_precheck_params(dsa, &ret))
+ return 0;
+
+ if (dsa->params.g == NULL
|| dsa->priv_key == NULL
|| dsa->pub_key == NULL)
return 0;
Index: openssl-3.1.4/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
===================================================================
--- /dev/null
+++ openssl-3.1.4/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
@@ -0,0 +1,57 @@
+-----BEGIN DSA PARAMETERS-----
+MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja
+p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil
+XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF
+x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk
+oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW
+dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb
+Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O
+pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ
+P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5
+hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2
+UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB
+koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN
+TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl
+RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ
+4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg
+c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG
+cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE
+DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN
+Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2
+rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8
+PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd
+UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW
+5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9
+wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7
+R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s
+xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs
+0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN
+uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy
+9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx
+TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36
+gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2
+ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B
+R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8
+F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W
+SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl
++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX
+UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq
+fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX
+qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot
+B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK
+hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco
+4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD
+vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3
+k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy
+i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct
+9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+
+ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd
+Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG
+KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E
+x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk
+XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF
+YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d
+ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa
+4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D
+vKuje86bePD6kD/LH3wmkA==
+-----END DSA PARAMETERS-----
Index: openssl-3.1.4/CHANGES.md
===================================================================
--- openssl-3.1.4.orig/CHANGES.md
+++ openssl-3.1.4/CHANGES.md
@@ -22,6 +22,23 @@ OpenSSL Releases
OpenSSL 3.1
-----------
+ * Fixed an issue where checking excessively long DSA keys or parameters may
+ be very slow.
+
+ Applications that use the functions EVP_PKEY_param_check() or
+ EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
+ experience long delays. Where the key or parameters that are being checked
+ have been obtained from an untrusted source this may lead to a Denial of
+ Service.
+
+ To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
+ will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
+ reason.
+
+ ([CVE-2024-4603])
+
+ *Tomáš Mráz*
+
### Changes between 3.1.3 and 3.1.4 [24 Oct 2023]
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),

28
openssl-CVE-2024-4741.patch
View File

@ -1,28 +0,0 @@
@@ -, +, @@
---
ssl/record/methods/tls_common.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- openssl-3.0.8/ssl/record/ssl3_buffer.c
+++ openssl-3.0.8/ssl/record/ssl3_buffer.c
@@ -186,5 +186,7 @@ int ssl3_release_read_buffer(SSL *s)
OPENSSL_cleanse(b->buf, b->len);
OPENSSL_free(b->buf);
b->buf = NULL;
+ s->rlayer.packet = NULL;
+ s->rlayer.packet_length = 0;
return 1;
}
--- openssl-3.0.8/ssl/record/rec_layer_s3.c
+++ openssl-3.0.8/ssl/record/rec_layer_s3.c
@@ -238,6 +238,11 @@ int ssl3_read_n(SSL *s, size_t n, size_t
s->rlayer.packet_length = 0;
/* ... now we can act as if 'extend' was set */
}
+ if (!ossl_assert(s->rlayer.packet != NULL)) {
+ /* does not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
len = s->rlayer.packet_length;
pkt = rb->buf + align;

326
openssl-CVE-2024-5535.patch
View File

@ -1,326 +0,0 @@
From 4ada436a1946cbb24db5ab4ca082b69c1bc10f37 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 31 May 2024 11:14:33 +0100
Subject: [PATCH] Fix SSL_select_next_proto
Ensure that the provided client list is non-NULL and starts with a valid
entry. When called from the ALPN callback the client list should already
have been validated by OpenSSL so this should not cause a problem. When
called from the NPN callback the client list is locally configured and
will not have already been validated. Therefore SSL_select_next_proto
should not assume that it is correctly formatted.
We implement stricter checking of the client protocol list. We also do the
same for the server list while we are about it.
CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
---
ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 40 insertions(+), 23 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5493d9b9c7..f218dcf1db 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2953,37 +2953,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
unsigned int server_len,
const unsigned char *client, unsigned int client_len)
{
- unsigned int i, j;
- const unsigned char *result;
- int status = OPENSSL_NPN_UNSUPPORTED;
+ PACKET cpkt, csubpkt, spkt, ssubpkt;
+
+ if (!PACKET_buf_init(&cpkt, client, client_len)
+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
+ || PACKET_remaining(&csubpkt) == 0) {
+ *out = NULL;
+ *outlen = 0;
+ return OPENSSL_NPN_NO_OVERLAP;
+ }
+
+ /*
+ * Set the default opportunistic protocol. Will be overwritten if we find
+ * a match.
+ */
+ *out = (unsigned char *)PACKET_data(&csubpkt);
+ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
/*
* For each protocol in server preference order, see if we support it.
*/
- for (i = 0; i < server_len;) {
- for (j = 0; j < client_len;) {
- if (server[i] == client[j] &&
- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
- /* We found a match */
- result = &server[i];
- status = OPENSSL_NPN_NEGOTIATED;
- goto found;
+ if (PACKET_buf_init(&spkt, server, server_len)) {
+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
+ if (PACKET_remaining(&ssubpkt) == 0)
+ continue; /* Invalid - ignore it */
+ if (PACKET_buf_init(&cpkt, client, client_len)) {
+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
+ PACKET_remaining(&ssubpkt))) {
+ /* We found a match */
+ *out = (unsigned char *)PACKET_data(&ssubpkt);
+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
+ return OPENSSL_NPN_NEGOTIATED;
+ }
+ }
+ /* Ignore spurious trailing bytes in the client list */
+ } else {
+ /* This should never happen */
+ return OPENSSL_NPN_NO_OVERLAP;
}
- j += client[j];
- j++;
}
- i += server[i];
- i++;
+ /* Ignore spurious trailing bytes in the server list */
}
- /* There's no overlap between our protocols and the server's list. */
- result = client;
- status = OPENSSL_NPN_NO_OVERLAP;
-
- found:
- *out = (unsigned char *)result + 1;
- *outlen = result[0];
- return status;
+ /*
+ * There's no overlap between our protocols and the server's list. We use
+ * the default opportunistic protocol selected earlier
+ */
+ return OPENSSL_NPN_NO_OVERLAP;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
--
2.45.2
From 4279c89a726025c758db3dafb263b17e52211304 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 31 May 2024 11:18:27 +0100
Subject: [PATCH] More correctly handle a selected_len of 0 when
processing NPN
In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but
the selected_len is 0 we should fail. Previously this would fail with an
internal_error alert because calling OPENSSL_malloc(selected_len) will
return NULL when selected_len is 0. We make this error detection more
explicit and return a handshake failure alert.
Follow on from CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
---
ssl/statem/extensions_clnt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 842be0722b..a07dc62e9a 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1536,7 +1536,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
PACKET_data(pkt),
PACKET_remaining(pkt),
s->ctx->ext.npn_select_cb_arg) !=
- SSL_TLSEXT_ERR_OK) {
+ SSL_TLSEXT_ERR_OK
+ || selected_len == 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0;
}
--
2.45.2
From 889ed19ba25abebd2690997acd6d4791cbe5c493 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 31 May 2024 11:46:38 +0100
Subject: [PATCH] Clarify the SSL_select_next_proto() documentation
We clarify the input preconditions and the expected behaviour in the event
of no overlap.
Follow on from CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
---
doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
index 102e657851..a29557dd91 100644
--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
set the list of protocols available to be negotiated. The B<protos> must be in
protocol-list format, described below. The length of B<protos> is specified in
-B<protos_len>.
+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
+protocols and no ALPN extension will be sent to the server.
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
server to select which protocol to use for the incoming connection. When B<cb>
@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
described below. The first item in the B<server>, B<server_len> list that
matches an item in the B<client>, B<client_len> list is selected, and returned
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
-B<client>, so it should be copied immediately. If no match is found, the first
-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
-function can also be used in the NPN callback.
+B<client>, so it should be copied immediately. The client list must include at
+least one valid (nonempty) protocol entry in the list.
+
+The SSL_select_next_proto() helper function can be useful from either the ALPN
+callback or the NPN callback (described below). If no match is found, the first
+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
+SSL_select_next_proto().
SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
client needs to select a protocol from the server's provided list, and a
@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
The length of the protocol name must be written into B<outlen>. The
server's advertised protocols are provided in B<in> and B<inlen>. The
callback can assume that B<in> is syntactically valid. The client must
-select a protocol. It is fatal to the connection if this callback returns
-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
-set via SSL_CTX_set_next_proto_select_cb().
+select a protocol (although it may be an empty, zero length protocol). It is
+fatal to the connection if this callback returns a value other than
+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
when a TLS server needs a list of supported protocols for Next Protocol
@@ -149,7 +158,8 @@ A match was found and is returned in B<out>, B<outlen>.
=item OPENSSL_NPN_NO_OVERLAP
No match was found. The first item in B<client>, B<client_len> is returned in
-B<out>, B<outlen>.
+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
+B<client> is invalid).
=back
--
2.45.2
From 087501b4f572825e27ca8cc2c5874fcf6fd47cf7 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 21 Jun 2024 10:41:55 +0100
Subject: [PATCH] Correct return values for
tls_construct_stoc_next_proto_neg
Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
rather than EXT_RETURN_SENT. This actually makes no difference at all to
the current control flow since this return value is ignored in this case
anyway. But lets make it correct anyway.
Follow on from CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
---
ssl/statem/extensions_srvr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 4ea085e1a1..2da880450f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1476,9 +1476,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
s->s3.npn_seen = 1;
+ return EXT_RETURN_SENT;
}
- return EXT_RETURN_SENT;
+ return EXT_RETURN_NOT_SENT;
}
#endif
--
2.45.2
From 017e54183b95617825fb9316d618c154a34c634e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 21 Jun 2024 11:51:54 +0100
Subject: [PATCH] Add ALPN validation in the client
The ALPN protocol selected by the server must be one that we originally
advertised. We should verify that it is.
Follow on from CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
---
ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index a07dc62e9a..b21ccf9273 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1566,6 +1566,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
{
size_t len;
+ PACKET confpkt, protpkt;
+ int valid = 0;
/* We must have requested it. */
if (!s->s3.alpn_sent) {
@@ -1584,6 +1586,28 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
+
+ /* It must be a protocol that we sent */
+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
+ if (PACKET_remaining(&protpkt) != len)
+ continue;
+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
+ /* Valid protocol found */
+ valid = 1;
+ break;
+ }
+ }
+
+ if (!valid) {
+ /* The protocol sent from the server does not match one we advertised */
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+ return 0;
+ }
+
OPENSSL_free(s->s3.alpn_selected);
s->s3.alpn_selected = OPENSSL_malloc(len);
if (s->s3.alpn_selected == NULL) {
--
2.45.2

255
openssl-CVE-2024-6119.patch
View File

@ -1,255 +0,0 @@
commit 97ebe37033e8884f4cca5544a74376633c665e11
Author: Viktor Dukhovni <viktor@openssl.org>
Date: Wed Jun 19 21:04:11 2024 +1000
Avoid type errors in EAI-related name check logic.
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.
The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.
The code in question was lightly refactored with the intent to make it more
obviously correct.
CVE-2024-6119
(cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1)
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 1a18174995..a09414c972 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
ASN1_STRING *cstr;
gen = sk_GENERAL_NAME_value(gens, i);
- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) {
- if (OBJ_obj2nid(gen->d.otherName->type_id) ==
- NID_id_on_SmtpUTF8Mailbox) {
- san_present = 1;
-
- /*
- * If it is not a UTF8String then that is unexpected and we
- * treat it as no match
- */
- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
- cstr = gen->d.otherName->value->value.utf8string;
-
- /* Positive on success, negative on error! */
- if ((rv = do_check_string(cstr, 0, equal, flags,
- chk, chklen, peername)) != 0)
- break;
- }
- } else
+ switch (gen->type) {
+ default:
+ continue;
+ case GEN_OTHERNAME:
+ switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
+ default:
continue;
- } else {
- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME))
+ case NID_id_on_SmtpUTF8Mailbox:
+ /*-
+ * https://datatracker.ietf.org/doc/html/rfc8398#section-3
+ *
+ * Due to name constraint compatibility reasons described
+ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT
+ * be used unless the local-part of the email address
+ * contains non-ASCII characters. When the local-part is
+ * ASCII, rfc822Name subjectAltName MUST be used instead
+ * of SmtpUTF8Mailbox. This is compatible with legacy
+ * software that supports only rfc822Name (and not
+ * SmtpUTF8Mailbox). [...]
+ *
+ * SmtpUTF8Mailbox is encoded as UTF8String.
+ *
+ * If it is not a UTF8String then that is unexpected, and
+ * we ignore the invalid SAN (neither set san_present nor
+ * consider it a candidate for equality). This does mean
+ * that the subject CN may be considered, as would be the
+ * case when the malformed SmtpUtf8Mailbox SAN is instead
+ * simply absent.
+ *
+ * When CN-ID matching is not desirable, applications can
+ * choose to turn it off, doing so is at this time a best
+ * practice.
+ */
+ if (check_type != GEN_EMAIL
+ || gen->d.otherName->value->type != V_ASN1_UTF8STRING)
+ continue;
+ alt_type = 0;
+ cstr = gen->d.otherName->value->value.utf8string;
+ break;
+ }
+ break;
+ case GEN_EMAIL:
+ if (check_type != GEN_EMAIL)
continue;
- }
- san_present = 1;
- if (check_type == GEN_EMAIL)
cstr = gen->d.rfc822Name;
- else if (check_type == GEN_DNS)
+ break;
+ case GEN_DNS:
+ if (check_type != GEN_DNS)
+ continue;
cstr = gen->d.dNSName;
- else
+ break;
+ case GEN_IPADD:
+ if (check_type != GEN_IPADD)
+ continue;
cstr = gen->d.iPAddress;
+ break;
+ }
+ san_present = 1;
/* Positive on success, negative on error! */
if ((rv = do_check_string(cstr, alt_type, equal, flags,
chk, chklen, peername)) != 0)
diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t
index 522982ddfb..e18735d89a 100644
--- a/test/recipes/25-test_eai_data.t
+++ b/test/recipes/25-test_eai_data.t
@@ -21,16 +21,18 @@ setup("test_eai_data");
#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
-plan tests => 12;
+plan tests => 16;
require_ok(srctop_file('test','recipes','tconversion.pl'));
my $folder = "test/recipes/25-test_eai_data";
my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
my $utf8_pem = srctop_file($folder, "utf8_leaf.pem");
+my $kdc_pem = srctop_file($folder, "kdc-cert.pem");
my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem");
+my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem");
my $out;
my $outcnt = 0;
@@ -56,10 +58,18 @@ SKIP: {
ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem])));
+# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
+# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
+# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
+ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
+
#Check that we get the expected failure return code
with({ exit_checker => sub { return shift == 2; } },
sub {
diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem
new file mode 100644
index 0000000000..e8a2c6f55d
--- /dev/null
+++ b/test/recipes/25-test_eai_data/kdc-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU
+RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+
+6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry
+BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8
+vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx
+Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT
+7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9
+3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj
+te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG
+AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU
+RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA
+ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA
+T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb
+iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU
+UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1
+El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9
+0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI
+oDQ9fKfUOAmUFth2/R/eGA==
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem
new file mode 100644
index 0000000000..a74c96bf31
--- /dev/null
+++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS
+b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD
+DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj
+61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0
+qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK
+MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS
+dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj
+3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7
+pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI
+lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT
+Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl
+KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW
+7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS
+vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh
new file mode 100755
index 0000000000..7a8dbc719f
--- /dev/null
+++ b/test/recipes/25-test_eai_data/kdc.sh
@@ -0,0 +1,41 @@
+#! /usr/bin/env bash
+
+# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and
+# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS
+# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should
+# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox`
+# should likewise lead to ASAN issues with email name checks.
+
+rm -f root-key.pem root-cert.pem
+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \
+ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem
+
+exts=$(
+ printf "%s\n%s\n%s\n%s = " \
+ "subjectKeyIdentifier = hash" \
+ "authorityKeyIdentifier = keyid" \
+ "basicConstraints = CA:false" \
+ "subjectAltName"
+ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name"
+ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com"
+ printf "%s, " "email:joe@example.com"
+ printf "%s\n" "DNS:mx1.example.com"
+ printf "[kdc_princ_name]\n"
+ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n"
+ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n"
+ printf "[kdc_principal_seq]\n"
+ printf "name_type = EXP:0, INTEGER:1\n"
+ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n"
+ printf "[kdc_principal_components]\n"
+ printf "princ1 = GeneralString:krbtgt\n"
+ printf "princ2 = GeneralString:TEST.EXAMPLE\n"
+ )
+
+printf "%s\n" "$exts"
+
+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \
+ -subj "/CN=TEST.EXAMPLE" |
+ openssl x509 -req -out kdc-cert.pem \
+ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \
+ -set_serial 2 -days 36524 \
+ -extfile <(printf "%s\n" "$exts")

28
openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
View File

@ -1,28 +0,0 @@
From d2bfec6e464aeb247a2d6853668d4e473f19e15f Mon Sep 17 00:00:00 2001
From: "fangming.fang" <fangming.fang@arm.com>
Date: Thu, 7 Dec 2023 06:17:51 +0000
Subject: [PATCH] Enable BTI feature for md5 on aarch64
Fixes: #22959
---
crypto/md5/asm/md5-aarch64.pl | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl
index 3200a0fa9bff0..5a8608069691d 100755
--- a/crypto/md5/asm/md5-aarch64.pl
+++ b/crypto/md5/asm/md5-aarch64.pl
@@ -28,10 +28,13 @@
*STDOUT=*OUT;
$code .= <<EOF;
+#include "arm_arch.h"
+
.text
.globl ossl_md5_block_asm_data_order
.type ossl_md5_block_asm_data_order,\@function
ossl_md5_block_asm_data_order:
+ AARCH64_VALID_CALL_TARGET
// Save all callee-saved registers
stp x19,x20,[sp,#-80]!
stp x21,x22,[sp,#16]

29
openssl-FIPS-RSA-disable-shake.patch
View File

@ -10,11 +10,11 @@ Patch-id: 85
crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
2 files changed, 44 insertions(+) 2 files changed, 44 insertions(+)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c Index: openssl-3.1.7/crypto/rsa/rsa_oaep.c
index b2f7f7dc4b..af2b0b026c 100644 ===================================================================
--- a/crypto/rsa/rsa_oaep.c --- openssl-3.1.7.orig/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c +++ openssl-3.1.7/crypto/rsa/rsa_oaep.c
@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, @@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1
return 0; return 0;
#endif #endif
} }
@ -38,7 +38,7 @@ index b2f7f7dc4b..af2b0b026c 100644
mdlen = EVP_MD_get_size(md); mdlen = EVP_MD_get_size(md);
if (mdlen <= 0) { if (mdlen <= 0) {
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, @@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(un
#endif #endif
} }
@ -61,12 +61,12 @@ index b2f7f7dc4b..af2b0b026c 100644
+ +
mdlen = EVP_MD_get_size(md); mdlen = EVP_MD_get_size(md);
if (tlen <= 0 || flen <= 0) if (tlen <= 0 || flen <= 0 || mdlen <= 0)
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c Index: openssl-3.1.7/crypto/rsa/rsa_pss.c
index bb46ec64c7..c0fdf232da 100644 ===================================================================
--- a/crypto/rsa/rsa_pss.c --- openssl-3.1.7.orig/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c +++ openssl-3.1.7/crypto/rsa/rsa_pss.c
@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, @@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
if (mgf1Hash == NULL) if (mgf1Hash == NULL)
mgf1Hash = Hash; mgf1Hash = Hash;
@ -81,7 +81,7 @@ index bb46ec64c7..c0fdf232da 100644
hLen = EVP_MD_get_size(Hash); hLen = EVP_MD_get_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, @@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *
if (mgf1Hash == NULL) if (mgf1Hash == NULL)
mgf1Hash = Hash; mgf1Hash = Hash;
@ -96,6 +96,3 @@ index bb46ec64c7..c0fdf232da 100644
hLen = EVP_MD_get_size(Hash); hLen = EVP_MD_get_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
--
2.41.0

84
openssl-FIPS-embed-hmac.patch
View File

@ -20,10 +20,10 @@ From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
8 files changed, 71 insertions(+), 13 deletions(-) 8 files changed, 71 insertions(+), 13 deletions(-)
create mode 100644 test/fipsmodule.cnf create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c Index: openssl-3.1.7/providers/fips/self_test.c
index b8dc9817b2..e3a629018a 100644 ===================================================================
--- a/providers/fips/self_test.c --- openssl-3.1.7.orig/providers/fips/self_test.c
+++ b/providers/fips/self_test.c +++ openssl-3.1.7/providers/fips/self_test.c
@@ -230,11 +230,27 @@ err: @@ -230,11 +230,27 @@ err:
return ok; return ok;
} }
@ -52,7 +52,7 @@ index b8dc9817b2..e3a629018a 100644
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len, unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex @@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BI
EVP_MAC *mac = NULL; EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL; EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params; OSSL_PARAM params[2], *p = params;
@ -76,7 +76,7 @@ index b8dc9817b2..e3a629018a 100644
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL) if (mac == NULL)
goto err; goto err;
@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex @@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BI
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err; goto err;
@ -121,7 +121,7 @@ index b8dc9817b2..e3a629018a 100644
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err; goto err;
@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex @@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BI
goto err; goto err;
ret = 1; ret = 1;
err: err:
@ -129,7 +129,7 @@ index b8dc9817b2..e3a629018a 100644
OSSL_SELF_TEST_onend(ev, ret); OSSL_SELF_TEST_onend(ev, ret);
EVP_MAC_CTX_free(ctx); EVP_MAC_CTX_free(ctx);
EVP_MAC_free(mac); EVP_MAC_free(mac);
@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) @@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
return 0; return 0;
} }
@ -139,7 +139,7 @@ index b8dc9817b2..e3a629018a 100644
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end; goto end;
} }
@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) @@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (ev == NULL) if (ev == NULL)
goto end; goto end;
@ -151,7 +151,7 @@ index b8dc9817b2..e3a629018a 100644
if (module_checksum == NULL) { if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end; goto end;
@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) @@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
end: end:
EVP_RAND_free(testrand); EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev); OSSL_SELF_TEST_free(ev);
@ -159,18 +159,17 @@ index b8dc9817b2..e3a629018a 100644
OPENSSL_free(indicator_checksum); OPENSSL_free(indicator_checksum);
if (st != NULL) { if (st != NULL) {
diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf Index: openssl-3.1.7/test/fipsmodule.cnf
new file mode 100644 ===================================================================
index 0000000000..f05d0dedbe
--- /dev/null --- /dev/null
+++ b/test/fipsmodule.cnf +++ openssl-3.1.7/test/fipsmodule.cnf
@@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
+[fips_sect] +[fips_sect]
+activate = 1 +activate = 1
diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t Index: openssl-3.1.7/test/recipes/00-prep_fipsmodule_cnf.t
index 4e3a6d85e8..e8255ba974 100644 ===================================================================
--- a/test/recipes/00-prep_fipsmodule_cnf.t --- openssl-3.1.7.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ b/test/recipes/00-prep_fipsmodule_cnf.t +++ openssl-3.1.7/test/recipes/00-prep_fipsmodule_cnf.t
@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); @@ -20,7 +20,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -180,10 +179,10 @@ index 4e3a6d85e8..e8255ba974 100644
plan skip_all => "FIPS module config file only supported in a fips build" plan skip_all => "FIPS module config file only supported in a fips build"
if $no_check; if $no_check;
diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t Index: openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t
index ce594817d5..00cebacff8 100644 ===================================================================
--- a/test/recipes/01-test_fipsmodule_cnf.t --- openssl-3.1.7.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ b/test/recipes/01-test_fipsmodule_cnf.t +++ openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t
@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); @@ -23,7 +23,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -193,10 +192,10 @@ index ce594817d5..00cebacff8 100644
plan skip_all => "Test only supported in a fips build" plan skip_all => "Test only supported in a fips build"
if $no_check; if $no_check;
plan tests => 1; plan tests => 1;
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t Index: openssl-3.1.7/test/recipes/03-test_fipsinstall.t
index b8b136d110..8242f4ebc3 100644 ===================================================================
--- a/test/recipes/03-test_fipsinstall.t --- openssl-3.1.7.orig/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t +++ openssl-3.1.7/test/recipes/03-test_fipsinstall.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); @@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -206,10 +205,10 @@ index b8b136d110..8242f4ebc3 100644
# Compatible options for pedantic FIPS compliance # Compatible options for pedantic FIPS compliance
my @pedantic_okay = my @pedantic_okay =
diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t Index: openssl-3.1.7/test/recipes/30-test_defltfips.t
index c8f145405b..56a2ec5dc4 100644 ===================================================================
--- a/test/recipes/30-test_defltfips.t --- openssl-3.1.7.orig/test/recipes/30-test_defltfips.t
+++ b/test/recipes/30-test_defltfips.t +++ openssl-3.1.7/test/recipes/30-test_defltfips.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); @@ -24,7 +24,7 @@ use lib bldtop_dir('.');
plan skip_all => "Configuration loading is turned off" plan skip_all => "Configuration loading is turned off"
if disabled("autoload-config"); if disabled("autoload-config");
@ -219,10 +218,10 @@ index c8f145405b..56a2ec5dc4 100644
plan tests => plan tests =>
($no_fips ? 1 : 5); ($no_fips ? 1 : 5);
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t Index: openssl-3.1.7/test/recipes/80-test_ssl_new.t
index 0c6d6402d9..e45f9cb560 100644 ===================================================================
--- a/test/recipes/80-test_ssl_new.t --- openssl-3.1.7.orig/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t +++ openssl-3.1.7/test/recipes/80-test_ssl_new.t
@@ -27,7 +27,7 @@ setup("test_ssl_new"); @@ -27,7 +27,7 @@ setup("test_ssl_new");
use lib srctop_dir('Configurations'); use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
@ -232,19 +231,16 @@ index 0c6d6402d9..e45f9cb560 100644
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t Index: openssl-3.1.7/test/recipes/90-test_sslapi.t
index 9e9e32b51e..1a1a7159b5 100644 ===================================================================
--- a/test/recipes/90-test_sslapi.t --- openssl-3.1.7.orig/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t +++ openssl-3.1.7/test/recipes/90-test_sslapi.t
@@ -17,7 +17,7 @@ setup("test_sslapi"); @@ -14,7 +14,7 @@ BEGIN {
use lib srctop_dir('Configurations'); setup("test_sslapi");
use lib bldtop_dir('.'); }
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
my $fipsmodcfg_filename = "fipsmodule.cnf"; my $fipsmodcfg_filename = "fipsmodule.cnf";
my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
--
2.41.0

193
openssl-FIPS-services-minimize.patch
View File

@ -26,10 +26,10 @@ Patch-status: |
test/recipes/80-test_ssl_old.t | 2 +- test/recipes/80-test_ssl_old.t | 2 +-
16 files changed, 128 insertions(+), 47 deletions(-) 16 files changed, 128 insertions(+), 47 deletions(-)
diff --git a/apps/ecparam.c b/apps/ecparam.c Index: openssl-3.1.7/apps/ecparam.c
index 9e9ad13683..9c66cf2434 100644 ===================================================================
--- a/apps/ecparam.c --- openssl-3.1.7.orig/apps/ecparam.c
+++ b/apps/ecparam.c +++ openssl-3.1.7/apps/ecparam.c
@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) @@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
const char *comment = curves[n].comment; const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn(curves[n].nid); const char *sname = OBJ_nid2sn(curves[n].nid);
@ -44,10 +44,10 @@ index 9e9ad13683..9c66cf2434 100644
if (comment == NULL) if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE"; comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL) if (sname == NULL)
diff --git a/apps/req.c b/apps/req.c Index: openssl-3.1.7/apps/req.c
index 23757044ab..5916914978 100644 ===================================================================
--- a/apps/req.c --- openssl-3.1.7.orig/apps/req.c
+++ b/apps/req.c +++ openssl-3.1.7/apps/req.c
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) @@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
unsigned long chtype = MBSTRING_ASC, reqflag = 0; unsigned long chtype = MBSTRING_ASC, reqflag = 0;
@ -57,11 +57,11 @@ index 23757044ab..5916914978 100644
#endif #endif
prog = opt_init(argc, argv, req_options); prog = opt_init(argc, argv, req_options);
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c Index: openssl-3.1.7/providers/common/capabilities.c
index ed37e76969..eb836dfa6a 100644 ===================================================================
--- a/providers/common/capabilities.c --- openssl-3.1.7.orig/providers/common/capabilities.c
+++ b/providers/common/capabilities.c +++ openssl-3.1.7/providers/common/capabilities.c
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { @@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
@ -72,11 +72,11 @@ index ed37e76969..eb836dfa6a 100644
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are as per RFC 7919 */ /* Security bit values for FFDHE groups are as per RFC 7919 */
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c Index: openssl-3.1.7/providers/fips/fipsprov.c
index 518226dfc6..29438faea8 100644 ===================================================================
--- a/providers/fips/fipsprov.c --- openssl-3.1.7.orig/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c +++ openssl-3.1.7/providers/fips/fipsprov.c
@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = { @@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
* KMAC128 and KMAC256. * KMAC128 and KMAC256.
*/ */
@ -90,7 +90,7 @@ index 518226dfc6..29438faea8 100644
{ NULL, NULL, NULL } { NULL, NULL, NULL }
}; };
@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { @@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256), ossl_cipher_capable_aes_cbc_hmac_sha256),
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
@ -102,7 +102,7 @@ index 518226dfc6..29438faea8 100644
#endif /* OPENSSL_NO_DES */ #endif /* OPENSSL_NO_DES */
{ { NULL, NULL, NULL }, NULL } { { NULL, NULL, NULL }, NULL }
}; };
@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = { @@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[]
#endif #endif
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
@ -114,7 +114,7 @@ index 518226dfc6..29438faea8 100644
{ NULL, NULL, NULL } { NULL, NULL, NULL }
}; };
@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { @@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
@ -126,7 +126,7 @@ index 518226dfc6..29438faea8 100644
#endif #endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
ossl_kdf_tls1_prf_keyexch_functions }, ossl_kdf_tls1_prf_keyexch_functions },
@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = { @@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch
static const OSSL_ALGORITHM fips_signature[] = { static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
@ -145,7 +145,7 @@ index 518226dfc6..29438faea8 100644
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
#endif #endif
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { @@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt
PROV_DESCS_DHX }, PROV_DESCS_DHX },
#endif #endif
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
@ -157,7 +157,7 @@ index 518226dfc6..29438faea8 100644
#endif #endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
PROV_DESCS_RSA }, PROV_DESCS_RSA },
@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { @@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC }, PROV_DESCS_EC },
@ -175,11 +175,11 @@ index 518226dfc6..29438faea8 100644
#endif #endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
PROV_DESCS_TLS1_PRF_SIGN }, PROV_DESCS_TLS1_PRF_SIGN },
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc Index: openssl-3.1.7/providers/fips/self_test_data.inc
index 2057378d3d..4b80bb70b9 100644 ===================================================================
--- a/providers/fips/self_test_data.inc --- openssl-3.1.7.orig/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc +++ openssl-3.1.7/providers/fips/self_test_data.inc
@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = @@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest
/*- CIPHER TEST DATA */ /*- CIPHER TEST DATA */
/* DES3 test data */ /* DES3 test data */
@ -187,7 +187,7 @@ index 2057378d3d..4b80bb70b9 100644
static const unsigned char des_ede3_cbc_pt[] = { static const unsigned char des_ede3_cbc_pt[] = {
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = { @@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
}; };
@ -196,7 +196,7 @@ index 2057378d3d..4b80bb70b9 100644
/* AES-256 GCM test data */ /* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = { static const unsigned char aes_256_gcm_key[] = {
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { @@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
# endif /* OPENSSL_NO_EC2M */ # endif /* OPENSSL_NO_EC2M */
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
@ -215,7 +215,7 @@ index 2057378d3d..4b80bb70b9 100644
/* Hash DRBG inputs for signature KATs */ /* Hash DRBG inputs for signature KATs */
static const unsigned char sig_kat_entropyin[] = { static const unsigned char sig_kat_entropyin[] = {
@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { @@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
}, },
# endif # endif
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
@ -223,7 +223,7 @@ index 2057378d3d..4b80bb70b9 100644
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
{ {
OSSL_SELF_TEST_DESC_SIGN_DSA, OSSL_SELF_TEST_DESC_SIGN_DSA,
@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { @@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
ITM(dsa_expected_sig) ITM(dsa_expected_sig)
}, },
#endif /* OPENSSL_NO_DSA */ #endif /* OPENSSL_NO_DSA */
@ -231,11 +231,11 @@ index 2057378d3d..4b80bb70b9 100644
}; };
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c Index: openssl-3.1.7/providers/implementations/signature/rsa_sig.c
index d4261e8f7d..2a5504d104 100644 ===================================================================
--- a/providers/implementations/signature/rsa_sig.c --- openssl-3.1.7.orig/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c +++ openssl-3.1.7/providers/implementations/signature/rsa_sig.c
@@ -689,6 +689,14 @@ static int rsa_verify_recover(void *vprsactx, @@ -705,6 +705,14 @@ static int rsa_verify_recover(void *vprs
{ {
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
int ret; int ret;
@ -250,7 +250,7 @@ index d4261e8f7d..2a5504d104 100644
if (!ossl_prov_is_running()) if (!ossl_prov_is_running())
return 0; return 0;
@@ -777,6 +790,14 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, @@ -793,6 +801,14 @@ static int rsa_verify(void *vprsactx, co
{ {
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
size_t rslen; size_t rslen;
@ -265,10 +265,10 @@ index d4261e8f7d..2a5504d104 100644
if (!ossl_prov_is_running()) if (!ossl_prov_is_running())
return 0; return 0;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c Index: openssl-3.1.7/ssl/ssl_ciph.c
index a5e60e8839..f9af07d12b 100644 ===================================================================
--- a/ssl/ssl_ciph.c --- openssl-3.1.7.orig/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c +++ openssl-3.1.7/ssl/ssl_ciph.c
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) @@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
ctx->disabled_mkey_mask = 0; ctx->disabled_mkey_mask = 0;
ctx->disabled_auth_mask = 0; ctx->disabled_auth_mask = 0;
@ -279,10 +279,10 @@ index a5e60e8839..f9af07d12b 100644
/* /*
* We ignore any errors from the fetches below. They are expected to fail * We ignore any errors from the fetches below. They are expected to fail
* if theose algorithms are not available. * if theose algorithms are not available.
diff --git a/test/acvp_test.c b/test/acvp_test.c Index: openssl-3.1.7/test/acvp_test.c
index fee880d441..13d7a0ea8b 100644 ===================================================================
--- a/test/acvp_test.c --- openssl-3.1.7.orig/test/acvp_test.c
+++ b/test/acvp_test.c +++ openssl-3.1.7/test/acvp_test.c
@@ -1476,6 +1476,7 @@ int setup_tests(void) @@ -1476,6 +1476,7 @@ int setup_tests(void)
OSSL_NELEM(dh_safe_prime_keyver_data)); OSSL_NELEM(dh_safe_prime_keyver_data));
#endif /* OPENSSL_NO_DH */ #endif /* OPENSSL_NO_DH */
@ -299,11 +299,11 @@ index fee880d441..13d7a0ea8b 100644
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
diff --git a/test/endecode_test.c b/test/endecode_test.c Index: openssl-3.1.7/test/endecode_test.c
index 9a437d8c64..53385028fc 100644 ===================================================================
--- a/test/endecode_test.c --- openssl-3.1.7.orig/test/endecode_test.c
+++ b/test/endecode_test.c +++ openssl-3.1.7/test/endecode_test.c
@@ -1407,6 +1407,7 @@ int setup_tests(void) @@ -1424,6 +1424,7 @@ int setup_tests(void)
* so no legacy tests. * so no legacy tests.
*/ */
#endif #endif
@ -311,7 +311,7 @@ index 9a437d8c64..53385028fc 100644
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
ADD_TEST_SUITE(DSA); ADD_TEST_SUITE(DSA);
ADD_TEST_SUITE_PARAMS(DSA); ADD_TEST_SUITE_PARAMS(DSA);
@@ -1417,6 +1418,7 @@ int setup_tests(void) @@ -1434,6 +1435,7 @@ int setup_tests(void)
ADD_TEST_SUITE_PROTECTED_PVK(DSA); ADD_TEST_SUITE_PROTECTED_PVK(DSA);
# endif # endif
#endif #endif
@ -319,9 +319,9 @@ index 9a437d8c64..53385028fc 100644
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
ADD_TEST_SUITE(EC); ADD_TEST_SUITE(EC);
ADD_TEST_SUITE_PARAMS(EC); ADD_TEST_SUITE_PARAMS(EC);
@@ -1431,10 +1433,12 @@ int setup_tests(void) @@ -1454,10 +1456,12 @@ int setup_tests(void)
ADD_TEST_SUITE(ECExplicitTri2G); ADD_TEST_SUITE(SM2);
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); }
# endif # endif
+ if (is_fips == 0) { + if (is_fips == 0) {
ADD_TEST_SUITE(ED25519); ADD_TEST_SUITE(ED25519);
@ -332,10 +332,10 @@ index 9a437d8c64..53385028fc 100644
/* /*
* ED25519, ED448, X25519 and X448 have no support for * ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests. * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c Index: openssl-3.1.7/test/evp_libctx_test.c
index 2448c35a14..a7913cda4c 100644 ===================================================================
--- a/test/evp_libctx_test.c --- openssl-3.1.7.orig/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c +++ openssl-3.1.7/test/evp_libctx_test.c
@@ -21,6 +21,7 @@ @@ -21,6 +21,7 @@
*/ */
#include "internal/deprecated.h" #include "internal/deprecated.h"
@ -366,10 +366,10 @@ index 2448c35a14..a7913cda4c 100644
#endif #endif
return 1; return 1;
} }
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t Index: openssl-3.1.7/test/recipes/15-test_gendsa.t
index b495b08bda..69bd299521 100644 ===================================================================
--- a/test/recipes/15-test_gendsa.t --- openssl-3.1.7.orig/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t +++ openssl-3.1.7/test/recipes/15-test_gendsa.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); @@ -24,7 +24,7 @@ use lib bldtop_dir('.');
plan skip_all => "This test is unsupported in a no-dsa build" plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa"); if disabled("dsa");
@ -379,11 +379,11 @@ index b495b08bda..69bd299521 100644
plan tests => plan tests =>
($no_fips ? 0 : 2) # FIPS related tests ($no_fips ? 0 : 2) # FIPS related tests
diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t Index: openssl-3.1.7/test/recipes/20-test_cli_fips.t
index 6d3c5ba1bb..2ba47b5fca 100644 ===================================================================
--- a/test/recipes/20-test_cli_fips.t --- openssl-3.1.7.orig/test/recipes/20-test_cli_fips.t
+++ b/test/recipes/20-test_cli_fips.t +++ openssl-3.1.7/test/recipes/20-test_cli_fips.t
@@ -273,8 +273,7 @@ SKIP: { @@ -278,8 +278,7 @@ SKIP: {
} }
SKIP : { SKIP : {
@ -393,10 +393,10 @@ index 6d3c5ba1bb..2ba47b5fca 100644
subtest DSA => sub { subtest DSA => sub {
my $testtext_prefix = 'DSA'; my $testtext_prefix = 'DSA';
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t Index: openssl-3.1.7/test/recipes/30-test_evp.t
index 9d7040ced2..f8beb538d4 100644 ===================================================================
--- a/test/recipes/30-test_evp.t --- openssl-3.1.7.orig/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t +++ openssl-3.1.7/test/recipes/30-test_evp.t
@@ -42,10 +42,8 @@ my @files = qw( @@ -42,10 +42,8 @@ my @files = qw(
evpciph_aes_cts.txt evpciph_aes_cts.txt
evpciph_aes_wrap.txt evpciph_aes_wrap.txt
@ -408,19 +408,19 @@ index 9d7040ced2..f8beb538d4 100644
evpkdf_pbkdf1.txt evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt evpkdf_pbkdf2.txt
evpkdf_ss.txt evpkdf_ss.txt
@@ -65,12 +63,6 @@ push @files, qw( @@ -66,12 +64,6 @@ push @files, qw(
evppkey_ffdhe.txt
evppkey_dh.txt evppkey_dh.txt
) unless $no_dh; ) unless $no_dh;
-push @files, qw( push @files, qw(
- evpkdf_x942_des.txt - evpkdf_x942_des.txt
- evpmac_cmac_des.txt - evpmac_cmac_des.txt
- ) unless $no_des; - ) unless $no_des;
-push @files, qw(evppkey_dsa.txt) unless $no_dsa; -push @files, qw(evppkey_dsa.txt) unless $no_dsa;
-push @files, qw(evppkey_ecx.txt) unless $no_ec; -push @files, qw(evppkey_ecx.txt) unless $no_ec;
push @files, qw( -push @files, qw(
evppkey_ecc.txt evppkey_ecc.txt
evppkey_ecdh.txt evppkey_ecdh.txt
evppkey_ecdsa.txt
@@ -91,6 +83,7 @@ my @defltfiles = qw( @@ -91,6 +83,7 @@ my @defltfiles = qw(
evpciph_cast5.txt evpciph_cast5.txt
evpciph_chacha.txt evpciph_chacha.txt
@ -447,10 +447,10 @@ index 9d7040ced2..f8beb538d4 100644
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
index 93195df97c..315413cd9b 100644 ===================================================================
--- a/test/recipes/30-test_evp_data/evpmac_common.txt --- openssl-3.1.7.orig/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt +++ openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C @@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Result = MAC_INIT_ERROR Result = MAC_INIT_ERROR
@ -482,7 +482,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256 MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203 Input = 00010203
@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC @@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6
OutputSize = 64 OutputSize = 64
BlockSize = 136 BlockSize = 136
@ -520,7 +520,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128 MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F @@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF6584
XOF = 1 XOF = 1
Ctrl = size:32 Ctrl = size:32
@ -575,7 +575,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128 MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F @@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF6584
Ctrl = xof:1 Ctrl = xof:1
Ctrl = size:32 Ctrl = size:32
@ -623,10 +623,10 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256 MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t Index: openssl-3.1.7/test/recipes/80-test_cms.t
index 40dd585c18..cbec426137 100644 ===================================================================
--- a/test/recipes/80-test_cms.t --- openssl-3.1.7.orig/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t +++ openssl-3.1.7/test/recipes/80-test_cms.t
@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( @@ -96,7 +96,7 @@ my @smime_pkcs7_tests = (
\&final_compare \&final_compare
], ],
@ -699,7 +699,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont, [ "{cmd1}", @prov, "-sign", "-in", $smcont,
"-signer", $smrsa1, "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smrsa2.pem"),
@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( @@ -250,7 +250,7 @@ my @smime_pkcs7_tests = (
my @smime_cms_tests = ( my @smime_cms_tests = (
@ -708,7 +708,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-keyid", "-nodetach", "-keyid",
"-signer", $smrsa1, "-signer", $smrsa1,
@@ -261,7 +261,7 @@ my @smime_cms_tests = ( @@ -263,7 +263,7 @@ my @smime_cms_tests = (
\&final_compare \&final_compare
], ],
@ -717,7 +717,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
"-signer", $smrsa1, "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smrsa2.pem"),
@@ -371,7 +371,7 @@ my @smime_cms_tests = ( @@ -373,7 +373,7 @@ my @smime_cms_tests = (
\&final_compare \&final_compare
], ],
@ -726,10 +726,10 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
"-stream", "-out", "{output}.cms" ], "-stream", "-out", "{output}.cms" ],
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t Index: openssl-3.1.7/test/recipes/80-test_ssl_old.t
index 50b74a1e29..e2dcb68fb5 100644 ===================================================================
--- a/test/recipes/80-test_ssl_old.t --- openssl-3.1.7.orig/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t +++ openssl-3.1.7/test/recipes/80-test_ssl_old.t
@@ -436,7 +436,7 @@ sub testssl { @@ -436,7 +436,7 @@ sub testssl {
my @exkeys = (); my @exkeys = ();
my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
@ -739,6 +739,3 @@ index 50b74a1e29..e2dcb68fb5 100644
push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
} }
--
2.41.0

309
openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
View File

@ -1,309 +0,0 @@
From 4580c303fa88f77a98461fee5fe26b5db725967c Mon Sep 17 00:00:00 2001
From: Todd Short <todd.short@me.com>
Date: Thu, 1 Feb 2024 23:09:38 -0500
Subject: [PATCH 1/2] Fix EVP_PKEY_CTX_add1_hkdf_info() behavior
Fix #23448
`EVP_PKEY_CTX_add1_hkdf_info()` behaves like a `set1` function.
Fix the setting of the parameter in the params code.
Update the TLS_PRF code to also use the params code.
Add tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23456)
(cherry picked from commit 6b566687b58fde08b28e3331377f050768fad89b)
---
crypto/evp/pmeth_lib.c | 65 ++++++++++++++++++-
providers/implementations/exchange/kdf_exch.c | 42 ++++++++++++
providers/implementations/kdfs/hkdf.c | 8 +++
test/pkey_meth_kdf_test.c | 53 +++++++++++----
4 files changed, 156 insertions(+), 12 deletions(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index ba1971c..d0eeaf7 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1028,6 +1028,69 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
return EVP_PKEY_CTX_set_params(ctx, octet_string_params);
}
+static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
+ const char *param, int op, int ctrl,
+ const unsigned char *data,
+ int datalen)
+{
+ OSSL_PARAM os_params[2];
+ unsigned char *info = NULL;
+ size_t info_len = 0;
+ size_t info_alloc = 0;
+ int ret = 0;
+
+ if (ctx == NULL || (ctx->operation & op) == 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* Code below to be removed when legacy support is dropped. */
+ if (fallback)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data));
+ /* end of legacy support */
+
+ if (datalen < 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+ return 0;
+ }
+
+ /* Get the original value length */
+ os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
+ os_params[1] = OSSL_PARAM_construct_end();
+
+ if (!EVP_PKEY_CTX_get_params(ctx, os_params))
+ return 0;
+
+ /* Older provider that doesn't support getting this parameter */
+ if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
+
+ info_alloc = os_params[0].return_size + datalen;
+ if (info_alloc == 0)
+ return 0;
+ info = OPENSSL_zalloc(info_alloc);
+ if (info == NULL)
+ return 0;
+ info_len = os_params[0].return_size;
+
+ os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc);
+
+ /* if we have data, then go get it */
+ if (info_len > 0) {
+ if (!EVP_PKEY_CTX_get_params(ctx, os_params))
+ goto error;
+ }
+
+ /* Copy the input data */
+ memcpy(&info[info_len], data, datalen);
+ ret = EVP_PKEY_CTX_set_params(ctx, os_params);
+
+ error:
+ OPENSSL_clear_free(info, info_alloc);
+ return ret;
+}
+
int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx,
const unsigned char *sec, int seclen)
{
@@ -1078,7 +1141,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
const unsigned char *info, int infolen)
{
- return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
+ return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL,
OSSL_KDF_PARAM_INFO,
EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_INFO,
diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c
index 527a866..4bc8102 100644
--- a/providers/implementations/exchange/kdf_exch.c
+++ b/providers/implementations/exchange/kdf_exch.c
@@ -28,9 +28,13 @@ static OSSL_FUNC_keyexch_derive_fn kdf_derive;
static OSSL_FUNC_keyexch_freectx_fn kdf_freectx;
static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx;
static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params;
+static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params;
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params;
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params;
+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params;
+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params;
typedef struct {
void *provctx;
@@ -169,6 +173,13 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[])
return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params);
}
+static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[])
+{
+ PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx;
+
+ return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params);
+}
+
static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx,
void *provctx,
const char *kdfname)
@@ -197,6 +208,34 @@ KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF")
KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF")
KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
+static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx,
+ void *provctx,
+ const char *kdfname)
+{
+ EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname,
+ NULL);
+ const OSSL_PARAM *params;
+
+ if (kdf == NULL)
+ return NULL;
+
+ params = EVP_KDF_gettable_ctx_params(kdf);
+ EVP_KDF_free(kdf);
+
+ return params;
+}
+
+#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \
+ static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \
+ void *provctx) \
+ { \
+ return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \
+ }
+
+KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF")
+KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF")
+KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
+
#define KDF_KEYEXCH_FUNCTIONS(funcname) \
const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \
{ OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \
@@ -205,8 +244,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
{ OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \
{ OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \
{ OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \
+ { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \
{ OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \
(void (*)(void))kdf_##funcname##_settable_ctx_params }, \
+ { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \
{ 0, NULL } \
};
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index daa619b..dd65a2a 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -371,6 +371,13 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
return 0;
return OSSL_PARAM_set_size_t(p, sz);
}
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
+ if (ctx->info == NULL || ctx->info_len == 0) {
+ p->return_size = 0;
+ return 1;
+ }
+ return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
+ }
return -2;
}
@@ -379,6 +386,7 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
OSSL_PARAM_END
};
return known_gettable_ctx_params;
diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c
index f816d24..c09e2f3 100644
--- a/test/pkey_meth_kdf_test.c
+++ b/test/pkey_meth_kdf_test.c
@@ -16,7 +16,7 @@
#include <openssl/kdf.h>
#include "testutil.h"
-static int test_kdf_tls1_prf(void)
+static int test_kdf_tls1_prf(int index)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
@@ -40,10 +40,23 @@ static int test_kdf_tls1_prf(void)
TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret");
goto err;
}
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
- (unsigned char *)"seed", 4) <= 0) {
- TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
- goto err;
+ if (index == 0) {
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
+ (unsigned char *)"seed", 4) <= 0) {
+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
+ goto err;
+ }
+ } else {
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
+ (unsigned char *)"se", 2) <= 0) {
+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
+ goto err;
+ }
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
+ (unsigned char *)"ed", 2) <= 0) {
+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
+ goto err;
+ }
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
@@ -65,7 +78,7 @@ err:
return ret;
}
-static int test_kdf_hkdf(void)
+static int test_kdf_hkdf(int index)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
@@ -94,10 +107,23 @@ static int test_kdf_hkdf(void)
TEST_error("EVP_PKEY_CTX_set1_hkdf_key");
goto err;
}
- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5)
+ if (index == 0) {
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5)
<= 0) {
- TEST_error("EVP_PKEY_CTX_set1_hkdf_info");
- goto err;
+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
+ goto err;
+ }
+ } else {
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3)
+ <= 0) {
+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
+ goto err;
+ }
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2)
+ <= 0) {
+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
+ goto err;
+ }
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
@@ -195,8 +221,13 @@ err:
int setup_tests(void)
{
- ADD_TEST(test_kdf_tls1_prf);
- ADD_TEST(test_kdf_hkdf);
+ int tests = 1;
+
+ if (fips_provider_version_ge(NULL, 3, 3, 1))
+ tests = 2;
+
+ ADD_ALL_TESTS(test_kdf_tls1_prf, tests);
+ ADD_ALL_TESTS(test_kdf_hkdf, tests);
#ifndef OPENSSL_NO_SCRYPT
ADD_TEST(test_kdf_scrypt);
#endif
--
2.45.1

18
openssl-Force-FIPS.patch
View File

@ -11,10 +11,10 @@ Patch-status: |
crypto/provider_conf.c | 28 +++++++++++++++++++++++++++- crypto/provider_conf.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-) 1 file changed, 27 insertions(+), 1 deletion(-)
Index: openssl-3.1.4/crypto/provider_conf.c Index: openssl-3.1.7/crypto/provider_conf.c
=================================================================== ===================================================================
--- openssl-3.1.4.orig/crypto/provider_conf.c --- openssl-3.1.7.orig/crypto/provider_conf.c
+++ openssl-3.1.4/crypto/provider_conf.c +++ openssl-3.1.7/crypto/provider_conf.c
@@ -10,6 +10,8 @@ @@ -10,6 +10,8 @@
#include <string.h> #include <string.h>
#include <openssl/trace.h> #include <openssl/trace.h>
@ -24,25 +24,25 @@ Index: openssl-3.1.4/crypto/provider_conf.c
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/safestack.h> #include <openssl/safestack.h>
#include <openssl/provider.h> #include <openssl/provider.h>
@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_L @@ -237,7 +239,7 @@ static int provider_conf_activate(OSSL_L
if (path != NULL) if (path != NULL)
ossl_provider_set_module_path(prov, path); ossl_provider_set_module_path(prov, path);
- ok = provider_conf_params(prov, NULL, NULL, value, cnf); - ok = provider_conf_params(prov, NULL, NULL, value, cnf);
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; + ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
if (ok) { if (ok == 1) {
if (!ossl_provider_activate(prov, 1, 0)) { if (!ossl_provider_activate(prov, 1, 0)) {
@@ -197,6 +199,8 @@ static int provider_conf_activate(OSSL_L @@ -266,6 +268,8 @@ static int provider_conf_activate(OSSL_L
}
if (!ok) if (ok <= 0)
ossl_provider_free(prov); ossl_provider_free(prov);
+ } else { + } else {
+ ok = 1; + ok = 1;
} }
CRYPTO_THREAD_unlock(pcgbl->lock); CRYPTO_THREAD_unlock(pcgbl->lock);
@@ -309,6 +313,33 @@ static int provider_conf_init(CONF_IMODU @@ -383,6 +387,33 @@ static int provider_conf_init(CONF_IMODU
return 0; return 0;
} }

94
openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
View File

@ -1,94 +0,0 @@
From d6a9c21302e01c33a9a919e7ba380ba3b0ed65b0 Mon Sep 17 00:00:00 2001
From: trinity-1686a <trinity@deuxfleurs.fr>
Date: Mon, 15 Apr 2024 11:13:14 +0200
Subject: [PATCH 2/2] Handle empty param in EVP_PKEY_CTX_add1_hkdf_info
Fixes #24130
The regression was introduced in PR #23456.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24141)
(cherry picked from commit 299996fb1fcd76eeadfd547958de2a1b822f37f5)
---
crypto/evp/pmeth_lib.c | 2 ++
test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index d0eeaf7..bce1ebc 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1053,6 +1053,8 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
if (datalen < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
return 0;
+ } else if (datalen == 0) {
+ return 1;
}
/* Get the original value length */
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 9b3bee7..22121ce 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -2565,6 +2565,47 @@ static int test_emptyikm_HKDF(void)
return ret;
}
+static int test_empty_salt_info_HKDF(void)
+{
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[20];
+ size_t outlen;
+ int ret = 0;
+ unsigned char salt[] = "";
+ unsigned char key[] = "012345678901234567890123456789";
+ unsigned char info[] = "";
+ const unsigned char expected[] = {
+ 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
+ 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
+ };
+ size_t expectedlen = sizeof(expected);
+
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
+ goto done;
+
+ outlen = sizeof(out);
+ memset(out, 0, outlen);
+
+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+ sizeof(salt) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+ sizeof(key) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+ sizeof(info) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
+ || !TEST_mem_eq(out, outlen, expected, expectedlen))
+ goto done;
+
+ ret = 1;
+
+ done:
+ EVP_PKEY_CTX_free(pctx);
+
+ return ret;
+}
+
#ifndef OPENSSL_NO_EC
static int test_X509_PUBKEY_inplace(void)
{
@@ -5166,6 +5207,7 @@ int setup_tests(void)
#endif
ADD_TEST(test_HKDF);
ADD_TEST(test_emptyikm_HKDF);
+ ADD_TEST(test_empty_salt_info_HKDF);
#ifndef OPENSSL_NO_EC
ADD_TEST(test_X509_PUBKEY_inplace);
ADD_TEST(test_X509_PUBKEY_dup);
--
2.45.1

495
openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
View File

@ -1,495 +0,0 @@
From 3d3a7ecd1ae5ab08d22041f7b3b035c34f12fa02 Mon Sep 17 00:00:00 2001
From: Danny Tsen <dtsen@linux.ibm.com>
Date: Tue, 22 Aug 2023 15:58:53 -0400
Subject: [PATCH] Improve performance for 6x unrolling with vpermxor
instruction
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21812)
---
crypto/aes/asm/aesp8-ppc.pl | 145 +++++++++++++++++++++++-------------
1 file changed, 95 insertions(+), 50 deletions(-)
diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
index 60cf86f52aed2..38b9405a283b7 100755
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@@ -99,11 +99,12 @@
.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev
.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev
.long 0,0,0,0 ?asis
+.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
Lconsts:
mflr r0
bcl 20,31,\$+4
mflr $ptr #vvvvv "distance between . and rcon
- addi $ptr,$ptr,-0x48
+ addi $ptr,$ptr,-0x58
mtlr r0
blr
.long 0
@@ -2405,7 +2406,7 @@ ()
my $key_=$key2;
my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
$x00=0 if ($flavour =~ /osx/);
-my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5));
+my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5));
my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys
@@ -2460,6 +2461,18 @@ ()
li $x70,0x70
mtspr 256,r0
+ # Reverse eighty7 to 0x010101..87
+ xxlor 2, 32+$eighty7, 32+$eighty7
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
+ xxlor 1, 32+$eighty7, 32+$eighty7
+
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+ mr $x70, r6
+ bl Lconsts
+ lxvw4x 0, $x40, r6 # load XOR contents
+ mr r6, $x70
+ li $x70,0x70
+
subi $rounds,$rounds,3 # -4 in total
lvx $rndkey0,$x00,$key1 # load key schedule
@@ -2502,69 +2515,77 @@ ()
?vperm v31,v31,$twk5,$keyperm
lvx v25,$x10,$key_ # pre-load round[2]
+ # Switch to use the following codes with 0x010101..87 to generate tweak.
+ # eighty7 = 0x010101..87
+ # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits
+ # vand tmp, tmp, eighty7 # last byte with carry
+ # vaddubm tweak, tweak, tweak # left shift 1 bit (x2)
+ # xxlor vsx, 0, 0
+ # vpermxor tweak, tweak, tmp, vsx
+
vperm $in0,$inout,$inptail,$inpperm
subi $inp,$inp,31 # undo "caller"
vxor $twk0,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vand $tmp,$tmp,$eighty7
vxor $out0,$in0,$twk0
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
lvx_u $in1,$x10,$inp
vxor $twk1,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in1,$in1,$in1,$leperm
vand $tmp,$tmp,$eighty7
vxor $out1,$in1,$twk1
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
lvx_u $in2,$x20,$inp
andi. $taillen,$len,15
vxor $twk2,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in2,$in2,$in2,$leperm
vand $tmp,$tmp,$eighty7
vxor $out2,$in2,$twk2
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
lvx_u $in3,$x30,$inp
sub $len,$len,$taillen
vxor $twk3,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in3,$in3,$in3,$leperm
vand $tmp,$tmp,$eighty7
vxor $out3,$in3,$twk3
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
lvx_u $in4,$x40,$inp
subi $len,$len,0x60
vxor $twk4,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in4,$in4,$in4,$leperm
vand $tmp,$tmp,$eighty7
vxor $out4,$in4,$twk4
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
lvx_u $in5,$x50,$inp
addi $inp,$inp,0x60
vxor $twk5,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in5,$in5,$in5,$leperm
vand $tmp,$tmp,$eighty7
vxor $out5,$in5,$twk5
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
vxor v31,v31,$rndkey0
mtctr $rounds
@@ -2590,6 +2611,8 @@ ()
lvx v25,$x10,$key_ # round[4]
bdnz Loop_xts_enc6x
+ xxlor 32+$eighty7, 1, 1 # 0x010101..87
+
subic $len,$len,96 # $len-=96
vxor $in0,$twk0,v31 # xor with last round key
vcipher $out0,$out0,v24
@@ -2599,7 +2622,6 @@ ()
vaddubm $tweak,$tweak,$tweak
vcipher $out2,$out2,v24
vcipher $out3,$out3,v24
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out4,$out4,v24
vcipher $out5,$out5,v24
@@ -2607,7 +2629,8 @@ ()
vand $tmp,$tmp,$eighty7
vcipher $out0,$out0,v25
vcipher $out1,$out1,v25
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
vcipher $out2,$out2,v25
vcipher $out3,$out3,v25
vxor $in1,$twk1,v31
@@ -2618,13 +2641,13 @@ ()
and r0,r0,$len
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out0,$out0,v26
vcipher $out1,$out1,v26
vand $tmp,$tmp,$eighty7
vcipher $out2,$out2,v26
vcipher $out3,$out3,v26
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
vcipher $out4,$out4,v26
vcipher $out5,$out5,v26
@@ -2638,7 +2661,6 @@ ()
vaddubm $tweak,$tweak,$tweak
vcipher $out0,$out0,v27
vcipher $out1,$out1,v27
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out2,$out2,v27
vcipher $out3,$out3,v27
vand $tmp,$tmp,$eighty7
@@ -2646,7 +2668,8 @@ ()
vcipher $out5,$out5,v27
addi $key_,$sp,$FRAME+15 # rewind $key_
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
vcipher $out0,$out0,v28
vcipher $out1,$out1,v28
vxor $in3,$twk3,v31
@@ -2655,7 +2678,6 @@ ()
vcipher $out2,$out2,v28
vcipher $out3,$out3,v28
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out4,$out4,v28
vcipher $out5,$out5,v28
lvx v24,$x00,$key_ # re-pre-load round[1]
@@ -2663,7 +2685,8 @@ ()
vcipher $out0,$out0,v29
vcipher $out1,$out1,v29
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
vcipher $out2,$out2,v29
vcipher $out3,$out3,v29
vxor $in4,$twk4,v31
@@ -2673,14 +2696,14 @@ ()
vcipher $out5,$out5,v29
lvx v25,$x10,$key_ # re-pre-load round[2]
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out0,$out0,v30
vcipher $out1,$out1,v30
vand $tmp,$tmp,$eighty7
vcipher $out2,$out2,v30
vcipher $out3,$out3,v30
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
vcipher $out4,$out4,v30
vcipher $out5,$out5,v30
vxor $in5,$twk5,v31
@@ -2690,7 +2713,6 @@ ()
vcipherlast $out0,$out0,$in0
lvx_u $in0,$x00,$inp # load next input block
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipherlast $out1,$out1,$in1
lvx_u $in1,$x10,$inp
vcipherlast $out2,$out2,$in2
@@ -2703,7 +2725,10 @@ ()
vcipherlast $out4,$out4,$in4
le?vperm $in2,$in2,$in2,$leperm
lvx_u $in4,$x40,$inp
- vxor $tweak,$tweak,$tmp
+ xxlor 10, 32+$in0, 32+$in0
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
+ xxlor 32+$in0, 10, 10
vcipherlast $tmp,$out5,$in5 # last block might be needed
# in stealing mode
le?vperm $in3,$in3,$in3,$leperm
@@ -2736,6 +2761,8 @@ ()
mtctr $rounds
beq Loop_xts_enc6x # did $len-=96 borrow?
+ xxlor 32+$eighty7, 2, 2 # 0x870101..01
+
addic. $len,$len,0x60
beq Lxts_enc6x_zero
cmpwi $len,0x20
@@ -3112,6 +3139,18 @@ ()
li $x70,0x70
mtspr 256,r0
+ # Reverse eighty7 to 0x010101..87
+ xxlor 2, 32+$eighty7, 32+$eighty7
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
+ xxlor 1, 32+$eighty7, 32+$eighty7
+
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+ mr $x70, r6
+ bl Lconsts
+ lxvw4x 0, $x40, r6 # load XOR contents
+ mr r6, $x70
+ li $x70,0x70
+
subi $rounds,$rounds,3 # -4 in total
lvx $rndkey0,$x00,$key1 # load key schedule
@@ -3159,64 +3198,64 @@ ()
vxor $twk0,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vand $tmp,$tmp,$eighty7
vxor $out0,$in0,$twk0
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
lvx_u $in1,$x10,$inp
vxor $twk1,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in1,$in1,$in1,$leperm
vand $tmp,$tmp,$eighty7
vxor $out1,$in1,$twk1
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
lvx_u $in2,$x20,$inp
andi. $taillen,$len,15
vxor $twk2,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in2,$in2,$in2,$leperm
vand $tmp,$tmp,$eighty7
vxor $out2,$in2,$twk2
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
lvx_u $in3,$x30,$inp
sub $len,$len,$taillen
vxor $twk3,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in3,$in3,$in3,$leperm
vand $tmp,$tmp,$eighty7
vxor $out3,$in3,$twk3
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
lvx_u $in4,$x40,$inp
subi $len,$len,0x60
vxor $twk4,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in4,$in4,$in4,$leperm
vand $tmp,$tmp,$eighty7
vxor $out4,$in4,$twk4
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
lvx_u $in5,$x50,$inp
addi $inp,$inp,0x60
vxor $twk5,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in5,$in5,$in5,$leperm
vand $tmp,$tmp,$eighty7
vxor $out5,$in5,$twk5
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
vxor v31,v31,$rndkey0
mtctr $rounds
@@ -3242,6 +3281,8 @@ ()
lvx v25,$x10,$key_ # round[4]
bdnz Loop_xts_dec6x
+ xxlor 32+$eighty7, 1, 1
+
subic $len,$len,96 # $len-=96
vxor $in0,$twk0,v31 # xor with last round key
vncipher $out0,$out0,v24
@@ -3251,7 +3292,6 @@ ()
vaddubm $tweak,$tweak,$tweak
vncipher $out2,$out2,v24
vncipher $out3,$out3,v24
- vsldoi $tmp,$tmp,$tmp,15
vncipher $out4,$out4,v24
vncipher $out5,$out5,v24
@@ -3259,7 +3299,8 @@ ()
vand $tmp,$tmp,$eighty7
vncipher $out0,$out0,v25
vncipher $out1,$out1,v25
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
vncipher $out2,$out2,v25
vncipher $out3,$out3,v25
vxor $in1,$twk1,v31
@@ -3270,13 +3311,13 @@ ()
and r0,r0,$len
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vncipher $out0,$out0,v26
vncipher $out1,$out1,v26
vand $tmp,$tmp,$eighty7
vncipher $out2,$out2,v26
vncipher $out3,$out3,v26
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
vncipher $out4,$out4,v26
vncipher $out5,$out5,v26
@@ -3290,7 +3331,6 @@ ()
vaddubm $tweak,$tweak,$tweak
vncipher $out0,$out0,v27
vncipher $out1,$out1,v27
- vsldoi $tmp,$tmp,$tmp,15
vncipher $out2,$out2,v27
vncipher $out3,$out3,v27
vand $tmp,$tmp,$eighty7
@@ -3298,7 +3338,8 @@ ()
vncipher $out5,$out5,v27
addi $key_,$sp,$FRAME+15 # rewind $key_
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
vncipher $out0,$out0,v28
vncipher $out1,$out1,v28
vxor $in3,$twk3,v31
@@ -3307,7 +3348,6 @@ ()
vncipher $out2,$out2,v28
vncipher $out3,$out3,v28
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vncipher $out4,$out4,v28
vncipher $out5,$out5,v28
lvx v24,$x00,$key_ # re-pre-load round[1]
@@ -3315,7 +3355,8 @@ ()
vncipher $out0,$out0,v29
vncipher $out1,$out1,v29
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
vncipher $out2,$out2,v29
vncipher $out3,$out3,v29
vxor $in4,$twk4,v31
@@ -3325,14 +3366,14 @@ ()
vncipher $out5,$out5,v29
lvx v25,$x10,$key_ # re-pre-load round[2]
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vncipher $out0,$out0,v30
vncipher $out1,$out1,v30
vand $tmp,$tmp,$eighty7
vncipher $out2,$out2,v30
vncipher $out3,$out3,v30
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
vncipher $out4,$out4,v30
vncipher $out5,$out5,v30
vxor $in5,$twk5,v31
@@ -3342,7 +3383,6 @@ ()
vncipherlast $out0,$out0,$in0
lvx_u $in0,$x00,$inp # load next input block
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vncipherlast $out1,$out1,$in1
lvx_u $in1,$x10,$inp
vncipherlast $out2,$out2,$in2
@@ -3355,7 +3395,10 @@ ()
vncipherlast $out4,$out4,$in4
le?vperm $in2,$in2,$in2,$leperm
lvx_u $in4,$x40,$inp
- vxor $tweak,$tweak,$tmp
+ xxlor 10, 32+$in0, 32+$in0
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
+ xxlor 32+$in0, 10, 10
vncipherlast $out5,$out5,$in5
le?vperm $in3,$in3,$in3,$leperm
lvx_u $in5,$x50,$inp
@@ -3386,6 +3429,8 @@ ()
mtctr $rounds
beq Loop_xts_dec6x # did $len-=96 borrow?
+ xxlor 32+$eighty7, 2, 2
+
addic. $len,$len,0x60
beq Lxts_dec6x_zero
cmpwi $len,0x20

330
openssl.keyring
View File

@ -1,305 +1,31 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 Comment: BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
Comment: Matt Caswell <matt@openssl.org> Comment: OpenSSL <openssl@openssl.org>
Comment: Matt Caswell <frodo@baggins.org>
mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay xsFNBGYT46cBEADnGgpkGwVTO5hu+sqoC3UWXM1nxr3v+tLveHQQlMA/MLDwK+TS
hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3 1sMFSsOEE1ehAlhaEVCaiHSh+8PSqs8bvxrkbC8FXj6UkHvdZOoBgoDqEVUXawen
iN7I8aU66yMt710nGEmcrR5E4u4NuNoHtnOBKEh+RCLGp5mo6hwbUYUzG3eUI/zi UmW/3OEQtC/815ByacwHsbgabTY+bXQBAvKnDsKMIg04YlE1UVLnO6Rf0v/AvnlK
2hLApPpaATXnD3ZkhgtHV3ln3Z16nUWQAdIVToxYhvVno2EQsqe8Q3ifl2Uf0Ypa 400c0J/KOPOXP2+e5dYMxRN/8CMFA+Jo8m1N2/gDKb3y1Ga6Ug9Qg/7VmL+zp/9A
N19BDBrxM3WPOAKbJk0Ab1bjgEadavrFBCOl9CrbThewRGmkOdxJWaVkERXMShlz +JnVQFhVQgpt2hVGKcKteJvDJODRAmBG371E+KV+lnh0jvALUxGiC+h/XrHmm8Em
UzjJvKOUEUGOxJCmnfQimPQoCdQyVFLgHfRFABEBAAG0H01hdHQgQ2Fzd2VsbCA8 7hQM7LLoVKGDPxYYUQKA6U6+//Q3J7JgrstLTxAZ6Xz3516o8gM4EeNXo/rXNqNw
bWF0dEBvcGVuc3NsLm9yZz6JATgEEwECACIFAlPevrwCGwMGCwkIBwMCBhUIAgkK Ng4zKeYAU0klk0hDIf7JHluT/Xxy9ezgRK6V3RJEvvjA1RjpsTVe7uDw5GPEoRO/
CwQWAgMBAh4BAheAAAoJENnE0m0OYESRoD0H/1lEJXfr66rdvskyOi0zU0ARvUXH xXtcLghhPixbL6y1FOspZqx3BzroX6Ic4V03Ub61YL6Zx3Q3tTcaj+4QFGXVA3SN
jbmmYkZ7ETkdXh7Va/Tjn81T3pwmr3F4IcLGNLDz4Eg67xbq/T8rrsEPOx5nV/mR WL6is2XBdvZAiOgO/7lbRXGq/vFtvynYPLEx6LbZdKtdfADUCgD7If4gvif5yaL2
nUT97UmsQuLnR2wLGbRBu24FKM7oX3KQvgIdJWdxHHJsjpGCViE1mIFARAzlN+6p isSfD3UmoXPdDDLGdga5/dhmg2658AigHw6t0fPWnxPx4EUc1tL2bb+dEG+soRoj
3tPbnQzANjRy7i/PYU/niGdqVcMhcnZCX5F7YH6w6t0ZmYH3m1QeREnWqfxu7eyH s4QHHoAhEeVEKdeFfu7lE3i0omS/mp63IFUFI7AybnHYiZ2ujyc5sBBsnwARAQAB
sIvebMgKTI/bMG8Z7KlLZha9HwrFXQAPIST6sfc1blKJ9INUDM9iK6DR/ulkw7e0 zR1PcGVuU1NMIDxvcGVuc3NsQG9wZW5zc2wub3JnPsLBlAQTAQoAPhYhBLpUc6Kw
hmHLqjWqYs5PzyXeoNnsPXJt69wiADYqj4KNDIdNp1RoF9qfb1nE+DM6rga0IE1h WHsH+yfPLSFglN/Qy4HvBQJmE+OnAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMB
dHQgQ2Fzd2VsbCA8ZnJvZG9AYmFnZ2lucy5vcmc+iQE4BBMBAgAiBQJRgC7CAhsD Ah4BAheAAAoJECFglN/Qy4HvXIcP/jCgVgZ7wMwMaDqbwBJOVKQ7sVzNvjy1xMr+
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDZxNJtDmBEkWP+B/0SsWSeLGo+ XkXn1FHme1MlRl4Uw9Wzeh8TUckzx59+CAqe/pRRYhR9kL0S8WUhoa4VK61c47WS
viob8935Uirei4FvnzGOUV1w/dgDLSzavmysVxb4q9psp1vj1KEtm18vzZO79AeA 0wFWzOOuQ4JQO9v9zP6hsKubnQdA9ggq3rvkFrRDIV0DPU6iFxXs2/kYmuqHxIkO
RGwWTQYGmFmrNRWZ2DgbjGyJ4LS5kLBqQ9FaF7vUFtml6R04yx+RTgQTg601XsAj GgLx+aCWPx0XNAdJyov46EbQnIjJOdialeC2dIEdIU0Vk5N0jWYv6MKweAmXRVLM
eU8uSarmeZgGVMAInsdMrUc74lJeWKSnovr4IFOdgiU/env19tK355bsfTvb0ksE Jusz3yfNZ0FmydSo90aNQcQz4fp3vgF8qP7Z5BmMOSWOnXJawJd8+ic0RXRWdsMS
5Q7wnnoRXdLyNet0AWf4ednWDEnRb6cIVDF28URjxH6yIfqAVe7VnuDB4Sfuck4R oxyAEKH/98IUPZII8N8c5u8pAJ52m7LQRm8CKk4GzylStaV+Pe6PuNTVkx1sIE62
4gYFS/xGfTgocPUDZ4rUz8wleGLwDIiU7GpilmtZTl1FTPkFa/mqbcJgdVTJqLZO Sv0RFbd2yJ5Wou5Z/1lRZvzjF5R3G+dobKZLym2HwNkJtFROODFqiPkcKYCSSd4c
5vISJkZvqE5UuQENBFGALsIBCADPZ1CQBKbFQWMCvdjz/TJaNf3rV6eiYASOvLDg sqlOVh2X6/8VlJZ9Q4r7pAm/ulPnf/PSEo8l7kr/JS7Q09nlwNaa5l9nwvrt2z+u
icU8Mwa208yJXr1UF6lvc3Tgw+jmynIBjbhvhujcJ+eD+jHEaXdncaK/WAPsmiNM +5dNZt5syyVgpNd4mPZMFb9TXqoFrhrZfLGZ2I3GQ7tLX2boHhBXNl32a1sb2Qsv
k+glZ4cbF48HP77kOLQQC+rX7jAF0VSHhFZNtnCpOByQevCJlwgkXckYvRyBOYk6 9fbz++sFbYrfDhsjH5eEwBjW7o4Kkd/cTMJGufLczy3Cb+RyrjyBrSwfMQf0xHkp
2R7BwuLIwLIq4ZXNKPIVN4KpCodhIcGuvlPJczcdOoaBRGcSFUbXqM9Y8whyJhex QKidfWOKv9j+yeEhGVCHaIPilYNVeZFRHzL1H9oIkda2BZamj7iYveVnnDBjgpN7
F87RHAyGpjvLnJFSgLimyYBRpFN25LzYFpXPD4MeLUVDSRgtSxOJ2KmkhMHntUqQ k6YNfbUM
P1XsIgzm4/ez6Mwkxc0QlAQp0r2gJU56QPdE5zgx+2q/i+WhABEBAAGJAR8EGAEC =Fi54
AAkFAlGALsICGwwACgkQ2cTSbQ5gRJELNgf/elwfYchaV/24buNWDa+50gOuXQ4v
Xfj5DKry6aYnJBt1UeMV1ssMxCU8OltgzTMhTupjrXV1oDXYAxexymWLxwa+qcrb
SwDD+wX1gb1O2GOfbiplEnOb5dDc7Gkm8eTw0kBJEiAiyPv4SMLhFzm+me4Dq1+x
dbsvN05hxTjow9pi5eYrFMxYWi1ZNH2UmPpgoIN/4p28G/IN9fdWG5Ni315p3WhL
HRMzC609IOsCIJsm8+lHVblT30jxpctFVlQBtbDTzgqQLiaTVevlca3VYgMd70D2
8d186gxUtSEpZ3dKkv+0V8DLhQ6VR/wQ780HKIpFp6UWP5aDxpEoOEwe2g==
=Z0q9
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45
Comment: Paul Dale <pauli@openssl.org>
mQINBGApr7sBEACoyczHMNgWiVg4jMjtdkb5j7csKPdFx8B7FJNMFrL/Z/I1BjwM
TQ7fxKvDN6z3mjAMKhU+wCL9vUSSMUtyze/fox09n84jYDwN3n37ozkrhcDB01ia
iKCCeRNEW6meTs3/aJPGCznIOk/kMHlnZnQPcSphIexo/ZUyB59h6smz2LvoTZg0
aeZeJwe0cfaVnWYA1a9wr+QJDQwRkEqdy772cM03Phs/sRWd4+nBqP1XxWlX30Yj
VGjDsY3gH9AAy4oUnb7tOmk5S9FIKuMdkkWeU0Abm8/36OfZyMFbZDAMbO8i3un4
eIQOg5tjynSXYel3nlJ/fwoSHefPgavCkBdknk842LM9xr22t+IKmy99uW7FDqvj
wbPoMg6z2Jarl0Fqu3GhIjCmKMe6TBfkYwB4fp5KtzRwrSjDo16vkMoM69mXqA7w
f1JV+BKvE6QTePNt8ix4ib5c6mPOrFnYG1X3tkNOc4/q6KcGbvS1xMax12q2/zSZ
PmoJvzWTrSF8lQDZKjMnXnhrZMY8h7lu/QE4DQ1M9U1PFdf6vwLrNaHHfi/rWKTe
fsrGp2TIqU4lm45p0fDroYqDML+gp8RMUZBU8M4wGwhludEiCoOFjXu2ECvvgrB7
JHrh+FtMuuRPx4q2eRO75NepDfZqmp48PIqkt2b3VjisNceB70uYiUQ2eQARAQAB
tB1QYXVsIERhbGUgPHBhdWxpQG9wZW5zc2wub3JnPokCTgQTAQoAOBYhBLfBwUNg
81OjaGLk1SMchM3cxpxFBQJgKa+7AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJECMchM3cxpxFa0YQAIAnnNek3+UXZL/u4R6hs/lJopC9p/MFbCnL0b1zZnbz
Kbbva10PA3PEv+szhylDKeDIbDKF1yEjI4BTNCLS8sLKEZWSLTMW1MZhmxWm5TdF
ebhoj6Tjjfxme4ETyk3+v3hC3Ylm0jiqHHErutRAPIW1VDFQVxKZPasv1yj3YNiB
SktTSH1MjZZtlDYjp9z3VTczvrO3BBJJSxQ5CY749pEwtjwdLTqOVtoJL8thZ3J9
jSnSDsgFVp/pPNVxxV98Yd89JqM34MvOuD3jYSOEtMUCJgMFXNZ/c2+BpWrX+ssP
qrY9vBrq7o91K+OQHbb4Z1pjK/dzDq183E32uTOYbco7ga/JqE7c997zY0fgQsIz
hdEveC4oMydzwHQ9WzHUYR7AtTgF9kKsTHy8H6ye3uaJMIMSEdAvI4mxG/k/zG/Q
KrIt1nUJh/M7uu2IT9fM+AoR+2VV1u1vimxpCpOXpTB4mTIR5YfiaRfXnHm55iq/
odxVj/yVqFUcujy+YC9SAoKRGJRQV0KZur1xAOJsgwUJ1iXJZwypowkI59jpwl2q
WCfZIS1ZrpIebiVk4ZBaHDe1v178uLO3IasZR7HLvcD7ESX8U88ng8J1nXHq+Uc7
4j5Dc6CMTd5WYTkFvhjO33JiHncK8CLYOFsndIGXts/OEhp08N5JELHCeSuu4UIb
uQINBGApr7sBEADNQ6w6jQNqxWxHDjJzcXclQJFPB2qlT/5eMa7QeOYiJ5DmY2VQ
P0Mltkmrc8T/I9NfRFpaB7Z+8zE5lmjSi3N5fYWjhoZp9oP0WYfSLef4KpD7KfEE
TaBohn8cw0Kt+nmEN904w9kpLE+WAvD0qRKnilcCUWE5Es719W8dMh/8cB6FiCI5
8myIvV63yDV1DiNyEcKNeasIFF8n3FCd0gWPXXS9Fe7muQpIJ4Lb2p3ylqcY9UaU
8n+LQAb1LL1kC468MU0LBhhkCnZ2BacWnJu7JrzQ1Nihk+JRyXt0QARcgsITt8+3
rQdZDb6o6jTixClNXOJ2LGZMAI2NrQppfn3uBny06veyde9l3riwtOYwqEfETt6O
Ndy0gOd4zelPOnfMtzwDePC0m0b5ibNsMGVYGu5bmu4XFZrk8ivcAiEg4TJHcYtU
meONyuhmaCbcG8in0GZvUgb/YLcBpLBhFFUUd1ALBfi6cXlvFlSU0HHQoNRIAyFt
C1DQaAOWQ9v21KSF6zFG9Qg3yHKy+xBjXjfp0IZOqN5jrmXxbfl/+LWqUHD54tmS
iHrUf1CiW6no+4WBI9f6/+QCVLFBoStlNgoRt/OcIXmq1cTJ2pTSPl3S0+HobCEa
llEGEDXqsGxmV2kNmxsUks/knEGFElp/XtMrhykicIdQYntMaRebljrpiwARAQAB
iQI2BBgBCgAgFiEEt8HBQ2DzU6NoYuTVIxyEzdzGnEUFAmApr7sCGwwACgkQIxyE
zdzGnEW2ew/+IzGVXgB34NeHnaLVDTtiUXgrNoOV4xFTS+kvZXrGC5i+mMhae9Pc
gvAyjssJ7dVP2RJBSNkfdxrRd2D4HFcf3dn/n646HNiTinirfvoUf4VIA1jdDp9q
ixi//tO7fsPyn35d672OA9AC3ccBgji6V9XA58REonF+ap2bE0JBJYTJZrET9Wny
BPEjefdpORSHaXqimfHN59QV5gXEFZ4Ci1jCt9n6WEb0oo+kQTkUb8z7F9P+7ojj
Q+4KrgtlXb9ijxCwMfGRPNInnumqyKJ0PhTVwhM1JNdi53nwVY98OGEZXWiKPFQ6
lAGyLLXwaOSztKGSdsFPK/tpyVihwoqHjJCU5St/PVlpvRKhbtq24FfDu7YyDO2Q
Dp2/F+QIdVnUFO2I1xeb2k+/Tx+3nfKYNui+AFaudOblrYQzPrlswJzCmmB/OTkt
wuOqr2nvQr2JUwmSaRvdCAe8EI/HAa/ujlA87T69L4T66KwBWuBkIYZQxFtCiC+B
mksPCYe9TBTZm2+8xk6UiSMKurwESTkDj/uUGmtGHi3cSJPSQ5x41COSEc+/yZ0k
eQTSnnkVrB71cMr2yVe9WWiUqUoHbkwiiy9YAHkp76jHbTRsCjs8O2otioAW06Yb
7r1iWp6twh/giBzsVJndeP5Ss/85TQfrl8x8yJjv1OQiIRrTTz6GdU0=
=AbiA
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C
Comment: Tomáš Mráz <tm@t8m.info>
Comment: Tomáš Mráz <tomas@arleto.cz>
Comment: Tomáš Mráz <tomas@openssl.org>
mQINBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr
55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH
F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi
UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag
pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K
/Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv
MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8
laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB
HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3
zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06
YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB
tBtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz6JAlQEEwEIAD4WIQSiH6t0sAiK
o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy
U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE
KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W
nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh
1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I
m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj
kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD
IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M
8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6
z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41
xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM
MriPFbQfVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PokCVAQTAQgAPhYh
BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk
8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO
UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv
FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW
FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q
UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy
Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS
2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW
kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm
T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI
yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I
8tmXB4BcoHFB9N0AtCFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz6J
AlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh
KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo
2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ
+J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4
yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M
cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A
ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly
Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y
q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt
Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj
hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI
w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZbkCDQRg8UyoARAApiWRrHjdEu9Fp2yd7K93
VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27
1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp
djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50
IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK
bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn
gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w
NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh
D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H
a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB
HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc
nAaLOI/nw1ydegw8F+s1ALEAEQEAAYkEcgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv
Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy
Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+
otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5
SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358
cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0
8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ
vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV
yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A
HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg
K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs
aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh
uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE
cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk
RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F
9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/
JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g
muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN
86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr
HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S
DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE
ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro
uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY
YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl
JKbGoqC+wchHmOK5Ag0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u
aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq
oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7
FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM
ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL
vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+
i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb
PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum
ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE
N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH
eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs
LQ1kotFTABEBAAGJAjwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM
JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh
QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB
uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS
nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u
sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD
NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C
nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE
FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ
qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX
Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc
zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2
TIdjvGbJ/k4qxw==
=Ctij
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
Comment: OpenSSL security team <openssl-security@openssl.org>
Comment: OpenSSL OMC <openssl-omc@openssl.org>
Comment: OpenSSL Security <openssl-security@openssl.org>
mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM
kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy
yUGFTb8TppptXnzzDoNz4yUQcRP2oeG1vC/ePXPWHKgtp+0hmM3MQ3WIN+gSmpdt
4vMIoWKKCq+E1tYcsFk9URBWWEwBw+OJ37o7TrernyxwtXwdPOjYhA4mLtnKHs+5
QivuOvK7gNf5hggyv6fp6d2ixvJZ9CdUYFdlOwaHA97B694RcAMxaMtzUpfkiJ/Q
2zR83QG4az6COKK38W6Kp7bLveMF6Rb4Y+gOjV4KvHKpzNAP2sNkmCIohlmoPhT9
Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO
3GLcyTJW4enmTUFxy0d24Bfdgu7FpH1vHIisDkON3QO4TMwCJoLWGULqpJKP7kUf
5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc
zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK
eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB
tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz
bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck
Z9YTy4PH7W0w2JTizos9efUFAmPX/PkFCRGJRs4ACgkQ2JTizos9efWXgg/+Negn
a1HZIWs18LDktjV49a3IeKhjJV+UrTvQnFpSNXbwpnKa6iVX9PlE+3nLkIrkz6HJ
uBl1MZElcmrqIsVCKHcrbcJSgZM4fV0AgEEm5gNfK19gbJjs1qdbtwTYccDiHwGl
4EeTkPsOCo20QEC8jvkdHvMsvoD11c57NprQVVsOyuyz7B7LwV+6hZ2MAv6BZrNE
XBjzqxHGKcq4iyOKTGwRAufiXdq2+kV7GVjihH41YjV08f/b7O2uAm4k/IbULtvY
3Y/9rVvtU/Na044FQBGObH7/DbEOc8uFAH8Vy7M32rZmQet7pO8M5BrBMAaU2OAz
ZQ5CqauGvjTJ4GXi+pBoCVafPvsGkB1W6IxnPPJZsFw9kxOKSV1Md4jh90OdaIGe
HW4qagRaLDtDRtkFnIkbtc38HC/e30ANoNS3Enws7XSNvQ+O7HfeSsATsM/2cjL8
c281Nv9o+xaNI4TN3KsfRswcQtnsN2cCkPZWKgTJcjpdANkX9CK7mYNS8bu6YsAV
nRF2iAB25Vjcz/92Dd28/nPI2CkKkOMhDtnFty8B2LZ2tbfoU1DsNzg+b3ejaXLZ
jhnZdL3b3F4iKpyzDhTpDHo4P/yxrtV8LOmHJN63oc1JljqgkU+RcxndSZ/LDHqt
VH02VwVHMVt4no62mZj2UNT2+Ci5p+tze4Rhfl60JU9wZW5TU0wgT01DIDxvcGVu
c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCY9f87QUJEYlGzgAKCRDY
lOLOiz159XBzD/9InUdyS1hdC7f2uEbD5A+5UFUwy9hqzy8sXLrGfUMtJC3Ur+CA
RqpHw6LC9oqFlAMhdSpIINzswLvpYqYKUllQWw0bStqWed6wuonC7nQk4fJhaWhT
MEyVNC7gpy1FcFQYZZ/rwVxftvV6EesOIL+cM9Tg2IKvdrJsuFtmhcrEmrAVrPuO
VkIBbOjylU5iHbs3hW15DqMXiu6s9wLlxSJtqWWcGT4Xp3SjUy2XRzsWwFPrdsnZ
cj1h1C1onglIpNuq7yQF6rrBmKUdy7FClXswEg+He6qV6zLhZo6bRAZO2b/g4aNX
NVOh5BS9ZpQds5FejHx3la6GzfPM/szC0WJR2r/6RqR/dizrPlhsJX3g5I+fRnNG
mOrUa7S/OrR3QlWyE5pvytKTno0UvPuITA7MGtQf3z4n4UbM7bYyLmCIVEkDQl9K
ax1vtEYLKKx7sVLmJUQVqo8RmmjottRZ6+B5UWOB+dXvt3Z+mJLHt92y6NLk4iOX
q3bgO9eMPgk+GdLXjgtgeu7S33BNE984/0B+jDLqhgEjK2spA50uPXBUtDm+Au+s
1zfePJVfQxdaoKY00iOltujRS6sqE1PtbebTHgDakxnr9MClzTmRz6ymAglxo72o
gk0OJCNELdckK0HHd5hGLEKBlSVGYSx2J985o7VE/raBr7/YULm4k0LXJbQvT3Bl
blNTTCBTZWN1cml0eSA8b3BlbnNzbC1zZWN1cml0eUBvcGVuc3NsLm9yZz6JAlUE
EwEKAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE78CkZ9YTy4PH7W0w
2JTizos9efUFAmIp6vAFCRdgAsUACgkQ2JTizos9efWbyA//cw5h9kzqjHNPrWyU
nqchSA/BAxGAfv8IW5vTXKIGou/vbF+2eV4pGe8cjYErfiEMI2XEqgW3NqtB8Ie1
JpvHb/JARDpXRAeO0nAz68UZiv0s+BYG1cL0MJgxSmwLEo1XIxx+NYQRPaIPhWId
gdJmhOylGHRbZPfUu0gsX3JvFYYJvqSbZYJx47JzLgvsaRtY06oOt89hqVOp9geS
4HtwcZiIohq1E4Fy8+TYR7iMv62lBAG0xOoLCy4UzM3pVbChzcfmLLtH4ZbDO2ks
vhafec6lUetxMJuvqClp4oYDp9ucrcZF3pJA0feSGF6EXOmYo3KMiVbG35DqfJrI
8gva6QPTFo8WRsTZ7hUrn/BioXx7Orrmtl5++IPAU7c/0JPHCVordxinD/XDdcFV
s2IIf5iL914/CaI8AXmeM4H0m9kuaS9N0UI8+3gIBhO19cP1VJBw/EWdwjwHtUlf
d6mOAbwuVAjPEWQmcf0jIxoUR9t+3ieZjPdcHus5d9/xH2iOLdEHYQRHRiLlKFtu
PhWgqy7UgpWRye/628at5C9m5TfGQBldSoOkUzPQGGpV3pUiHeJlQPBAYl1AAvAK
8+Y2T9iSZXUuMXiMp3lplDEzXKHjUaXXUkgFuGs/L8YB+BBNBSE/GS078kQrc6Wu
y7mmnE22aFf7G0N/hin+9QeIWJq0J09wZW5TU0wgdGVhbSA8b3BlbnNzbC10ZWFt
QG9wZW5zc2wub3JnPokCWQQwAQoAQxYhBO/ApGfWE8uDx+1tMNiU4s6LPXn1BQJZ
2fY1JR0gUmVwbGFjZWQgYnkgb3BlbnNzbC1vbWNAb3BlbnNzbC5vcmcACgkQ2JTi
zos9efVQIg/8C1c/ChPOM/ojwXA1yUeIa4rD6BXlLDetE3KIqD1MvR251xV8Ox21
3GYFHW+6CEfQ82xiy02CB+VsYh58tMi41NDWq6fkZOW4vFnJbFx/pYk8xFMl0ml3
LkGsh9cVoesSiEBAsF4vQ/bmCNfM68DsLtjAK7GQobcW5ArIqvgc3LlYXUspkgE9
yMcQcPqyMsNrEPgrFCcd3fWzXF1qsO8Rtd4bwyaJACkpQnZ832wY91uuMGzWcG2A
+SxkdOFPuDkWm5l8hbA6+DpdFp/YiDnfwAZqr6uoqdkcT0e8IRsGqJ2FJ7qHeGSv
kFjkGHaOPkJM69lJIEFMCrjvBQVN4b8HhcqbnJbnrWVGFDxgSdjNvXqzBDJgDqMh
GN5ZHJhGhiZDi02uzqJ0p+OUzK1CiEo0/Mc7Nb5sVfvYrP4LoqKRceNePgwZp8Jw
OnC5U84TWa6pHYm3rijfrBPPMFex9NDQQ/KEFINhAMQVMUtj2iy5ANPpqsftOIjs
RfWWn+7QIi4EuYRADcllRaHJaTBAzI56ngkDaA55oyaMnSUnu0fjgWTiD4CEVbsS
rR0nWJKhCg5DbVwq/dImoN1iK78ziR6cJdeQhe3GY+AdWe7Ci+75TiYy8Zlh9Sz4
mpl81xRz9eYcO/g0xG6wpPE/fqua8/AgeKArEKJWN1uvKCCFZzRB7uq5Ag0EVC/p
nwEQAMB3s+8dq5T8fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD
30C6zj2+CJrMxPQ/BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrF
KOlXAyte2awA0fC+e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+h
VPIN3evnh1Ajn4A85848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pT
hIB2X9DM39Rgy3qC4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsY
MWnMHcGlOcuzQJRAalqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6
lVa7GCSASTRrS3OvmY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzv
Si6iaIqMhaTaJq5qxOR0q430KakQktNPX53HflWL7YenDPYw1rEyQFxGqjaBY1X8
NtuzZ0P4cahgsBFc8HgYu2u3Ysd5wmvSTsOXld8Qsns1KIUOpzgWw56AJ6dxS3lK
4QSUFwjzbZW9H0jJ49eBMAaA+hCjv8c/4BFuZq9Gvsafn425Lx1V/3PFJlPu55V+
7qWjeOkSzNctMlmCqPQVetbZ/pHLAJO5IUO3SoTs5kl6bARzABEBAAGJAjwEGAEK
ACYCGwwWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCY9f9DQUJEYlG7gAKCRDYlOLO
iz159f5RD/9Dhv5+muyWX9U4wNH7Dt7KHOtFyQ6+YrlLGj6WgZlFQD3sz1hVabJs
HwFuiaIjnZmQwiUJm72jCMUncL3OsWrQXm6SU60aG20XeQl1oXWmSD9D/len23hO
Yo/3WsC3o1AIkLA9cJ3h/oo3I7RE30skw4MwQ4oCFlmidmOLvkz3TD22qxf+WaK7
KO0vJRVHQIVl1ZdsBSSULcr8BcupKXaKSBJQDya2TkEh6OUf1B/7EIk811oeNSaL
9eJXS9VGDytVyjGGXSbudBw2XAV0/oiPPDKYElbOZH66d6marGwCCdc29cNono/7
zf0+/hyunzY3m1PkYGyzUmfWq4WNulJ9GEAz0O1rss/4hxnGqn/m3gue+aQx4hji
/K/vAV+531YT9MEp6m6e3074a7Hvn2l/tsBoL1Xseb6J9ZGL8fnZiuG6RF4sP1Lz
sQXmyjgr1yTlCShgNQCYXAgprWXPCwv176kL0WxkGhcI+GmSe3kNWr3HYoeTfBQ/
G8GWaIZ2qJRY/d/P9bgWu3oztWcVqEDorK3Pbu5/VeIeEfIkc717EgvdZU4EB70v
E/jnY1V9GLFzdPcygy7bz5aA4IA/Y12VFdhQ9/E7HFvEv0KUa294rQiH86lRyCJI
aEUqeymypLjoU2oeR4Cujkne+5spQHBfn2/RWGqH28v+vqHysb/8GA==
=Q+Oa
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

929
reproducible.patch
View File

@ -1,929 +0,0 @@
commit 0fbc50ef0cb8894973d4739af62e95be825b7ccf
Author: trigpolynom <trigpolynom@gmail.com>
Date: Tue Oct 17 22:44:45 2023 -0400
aes-gcm-avx512.pl: fix non-reproducibility issue
Replace the random suffix with a counter, to make the
build reproducible.
Fixes #20954
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22415)
diff --git a/crypto/modes/asm/aes-gcm-avx512.pl b/crypto/modes/asm/aes-gcm-avx512.pl
index afd2af941a..9f9124373b 100644
--- a/crypto/modes/asm/aes-gcm-avx512.pl
+++ b/crypto/modes/asm/aes-gcm-avx512.pl
@@ -155,6 +155,9 @@ my $STACK_LOCAL_OFFSET = ($STACK_HKEYS_OFFSET + $HKEYS_STORAGE);
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
my ($arg1, $arg2, $arg3, $arg4, $arg5, $arg6, $arg7, $arg8, $arg9, $arg10, $arg11);
+# ; Counter used for assembly label generation
+my $label_count = 0;
+
# ; This implementation follows the convention: for non-leaf functions (they
# ; must call PROLOG) %rbp is used as a frame pointer, and has fixed offset from
# ; the function entry: $GP_STORAGE + [8 bytes alignment (Windows only)]. This
@@ -200,15 +203,6 @@ my $CTX_OFFSET_HTable = (16 * 6); # ; (Htable) Precomputed table (a
# ;;; Helper functions
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-# ; Generates "random" local labels
-sub random_string() {
- my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
- my $length = 15;
- my $str;
- map { $str .= $chars[rand(33)] } 1 .. $length;
- return $str;
-}
-
sub BYTE {
my ($reg) = @_;
if ($reg =~ /%r[abcd]x/i) {
@@ -417,7 +411,7 @@ ___
sub EPILOG {
my ($hkeys_storage_on_stack, $payload_len) = @_;
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
if ($hkeys_storage_on_stack && $CLEAR_HKEYS_STORAGE_ON_EXIT) {
@@ -425,13 +419,13 @@ sub EPILOG {
# ; were stored in the local frame storage
$code .= <<___;
cmpq \$`16*16`,$payload_len
- jbe .Lskip_hkeys_cleanup_${rndsuffix}
+ jbe .Lskip_hkeys_cleanup_${label_suffix}
vpxor %xmm0,%xmm0,%xmm0
___
for (my $i = 0; $i < int($HKEYS_STORAGE / 64); $i++) {
$code .= "vmovdqa64 %zmm0,`$STACK_HKEYS_OFFSET + 64*$i`(%rsp)\n";
}
- $code .= ".Lskip_hkeys_cleanup_${rndsuffix}:\n";
+ $code .= ".Lskip_hkeys_cleanup_${label_suffix}:\n";
}
if ($CLEAR_SCRATCH_REGISTERS) {
@@ -537,11 +531,11 @@ sub precompute_hkeys_on_stack {
&& $HKEYS_RANGE ne "first32"
&& $HKEYS_RANGE ne "last32");
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
test $HKEYS_READY,$HKEYS_READY
- jnz .L_skip_hkeys_precomputation_${rndsuffix}
+ jnz .L_skip_hkeys_precomputation_${label_suffix}
___
if ($HKEYS_RANGE eq "first16" || $HKEYS_RANGE eq "first32" || $HKEYS_RANGE eq "all") {
@@ -615,7 +609,7 @@ ___
}
}
- $code .= ".L_skip_hkeys_precomputation_${rndsuffix}:\n";
+ $code .= ".L_skip_hkeys_precomputation_${label_suffix}:\n";
}
# ;; =============================================================================
@@ -1418,20 +1412,20 @@ sub CALC_AAD_HASH {
my $SHFMSK = $ZT13;
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
mov $A_IN,$T1 # ; T1 = AAD
mov $A_LEN,$T2 # ; T2 = aadLen
or $T2,$T2
- jz .L_CALC_AAD_done_${rndsuffix}
+ jz .L_CALC_AAD_done_${label_suffix}
xor $HKEYS_READY,$HKEYS_READY
vmovdqa64 SHUF_MASK(%rip),$SHFMSK
-.L_get_AAD_loop48x16_${rndsuffix}:
+.L_get_AAD_loop48x16_${label_suffix}:
cmp \$`(48*16)`,$T2
- jl .L_exit_AAD_loop48x16_${rndsuffix}
+ jl .L_exit_AAD_loop48x16_${label_suffix}
___
$code .= <<___;
@@ -1499,15 +1493,15 @@ ___
$code .= <<___;
sub \$`(48*16)`,$T2
- je .L_CALC_AAD_done_${rndsuffix}
+ je .L_CALC_AAD_done_${label_suffix}
add \$`(48*16)`,$T1
- jmp .L_get_AAD_loop48x16_${rndsuffix}
+ jmp .L_get_AAD_loop48x16_${label_suffix}
-.L_exit_AAD_loop48x16_${rndsuffix}:
+.L_exit_AAD_loop48x16_${label_suffix}:
# ; Less than 48x16 bytes remaining
cmp \$`(32*16)`,$T2
- jl .L_less_than_32x16_${rndsuffix}
+ jl .L_less_than_32x16_${label_suffix}
___
$code .= <<___;
@@ -1556,14 +1550,14 @@ ___
$code .= <<___;
sub \$`(32*16)`,$T2
- je .L_CALC_AAD_done_${rndsuffix}
+ je .L_CALC_AAD_done_${label_suffix}
add \$`(32*16)`,$T1
- jmp .L_less_than_16x16_${rndsuffix}
+ jmp .L_less_than_16x16_${label_suffix}
-.L_less_than_32x16_${rndsuffix}:
+.L_less_than_32x16_${label_suffix}:
cmp \$`(16*16)`,$T2
- jl .L_less_than_16x16_${rndsuffix}
+ jl .L_less_than_16x16_${label_suffix}
# ; Get next 16 blocks
vmovdqu64 `64*0`($T1),$ZT1
vmovdqu64 `64*1`($T1),$ZT2
@@ -1588,11 +1582,11 @@ ___
$code .= <<___;
sub \$`(16*16)`,$T2
- je .L_CALC_AAD_done_${rndsuffix}
+ je .L_CALC_AAD_done_${label_suffix}
add \$`(16*16)`,$T1
# ; Less than 16x16 bytes remaining
-.L_less_than_16x16_${rndsuffix}:
+.L_less_than_16x16_${label_suffix}:
# ;; prep mask source address
lea byte64_len_to_mask_table(%rip),$T3
lea ($T3,$T2,8),$T3
@@ -1601,28 +1595,28 @@ ___
add \$15,@{[DWORD($T2)]}
shr \$4,@{[DWORD($T2)]}
cmp \$2,@{[DWORD($T2)]}
- jb .L_AAD_blocks_1_${rndsuffix}
- je .L_AAD_blocks_2_${rndsuffix}
+ jb .L_AAD_blocks_1_${label_suffix}
+ je .L_AAD_blocks_2_${label_suffix}
cmp \$4,@{[DWORD($T2)]}
- jb .L_AAD_blocks_3_${rndsuffix}
- je .L_AAD_blocks_4_${rndsuffix}
+ jb .L_AAD_blocks_3_${label_suffix}
+ je .L_AAD_blocks_4_${label_suffix}
cmp \$6,@{[DWORD($T2)]}
- jb .L_AAD_blocks_5_${rndsuffix}
- je .L_AAD_blocks_6_${rndsuffix}
+ jb .L_AAD_blocks_5_${label_suffix}
+ je .L_AAD_blocks_6_${label_suffix}
cmp \$8,@{[DWORD($T2)]}
- jb .L_AAD_blocks_7_${rndsuffix}
- je .L_AAD_blocks_8_${rndsuffix}
+ jb .L_AAD_blocks_7_${label_suffix}
+ je .L_AAD_blocks_8_${label_suffix}
cmp \$10,@{[DWORD($T2)]}
- jb .L_AAD_blocks_9_${rndsuffix}
- je .L_AAD_blocks_10_${rndsuffix}
+ jb .L_AAD_blocks_9_${label_suffix}
+ je .L_AAD_blocks_10_${label_suffix}
cmp \$12,@{[DWORD($T2)]}
- jb .L_AAD_blocks_11_${rndsuffix}
- je .L_AAD_blocks_12_${rndsuffix}
+ jb .L_AAD_blocks_11_${label_suffix}
+ je .L_AAD_blocks_12_${label_suffix}
cmp \$14,@{[DWORD($T2)]}
- jb .L_AAD_blocks_13_${rndsuffix}
- je .L_AAD_blocks_14_${rndsuffix}
+ jb .L_AAD_blocks_13_${label_suffix}
+ je .L_AAD_blocks_14_${label_suffix}
cmp \$15,@{[DWORD($T2)]}
- je .L_AAD_blocks_15_${rndsuffix}
+ je .L_AAD_blocks_15_${label_suffix}
___
# ;; fall through for 16 blocks
@@ -1635,7 +1629,7 @@ ___
# ;; - jump to reduction code
for (my $aad_blocks = 16; $aad_blocks > 0; $aad_blocks--) {
- $code .= ".L_AAD_blocks_${aad_blocks}_${rndsuffix}:\n";
+ $code .= ".L_AAD_blocks_${aad_blocks}_${label_suffix}:\n";
if ($aad_blocks > 12) {
$code .= "sub \$`12*16*8`, $T3\n";
} elsif ($aad_blocks > 8) {
@@ -1656,11 +1650,11 @@ ___
if ($aad_blocks > 1) {
# ;; fall through to CALC_AAD_done in 1 block case
- $code .= "jmp .L_CALC_AAD_done_${rndsuffix}\n";
+ $code .= "jmp .L_CALC_AAD_done_${label_suffix}\n";
}
}
- $code .= ".L_CALC_AAD_done_${rndsuffix}:\n";
+ $code .= ".L_CALC_AAD_done_${label_suffix}:\n";
# ;; result in AAD_HASH
}
@@ -1710,13 +1704,13 @@ sub PARTIAL_BLOCK {
my $IA1 = $GPTMP2;
my $IA2 = $GPTMP0;
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
# ;; if no partial block present then LENGTH/DATA_OFFSET will be set to zero
mov ($PBLOCK_LEN),$LENGTH
or $LENGTH,$LENGTH
- je .L_partial_block_done_${rndsuffix} # ;Leave Macro if no partial blocks
+ je .L_partial_block_done_${label_suffix} # ;Leave Macro if no partial blocks
___
&READ_SMALL_DATA_INPUT($XTMP0, $PLAIN_CIPH_IN, $PLAIN_CIPH_LEN, $IA0, $IA2, $MASKREG);
@@ -1755,9 +1749,9 @@ ___
}
$code .= <<___;
sub \$16,$IA1
- jge .L_no_extra_mask_${rndsuffix}
+ jge .L_no_extra_mask_${label_suffix}
sub $IA1,$IA0
-.L_no_extra_mask_${rndsuffix}:
+.L_no_extra_mask_${label_suffix}:
# ;; get the appropriate mask to mask out bottom $LENGTH bytes of $XTMP1
# ;; - mask out bottom $LENGTH bytes of $XTMP1
# ;; sizeof(SHIFT_MASK) == 16 bytes
@@ -1781,7 +1775,7 @@ ___
}
$code .= <<___;
cmp \$0,$IA1
- jl .L_partial_incomplete_${rndsuffix}
+ jl .L_partial_incomplete_${label_suffix}
___
# ;; GHASH computation for the last <16 Byte block
@@ -1793,9 +1787,9 @@ ___
mov $LENGTH,$IA0
mov \$16,$LENGTH
sub $IA0,$LENGTH
- jmp .L_enc_dec_done_${rndsuffix}
+ jmp .L_enc_dec_done_${label_suffix}
-.L_partial_incomplete_${rndsuffix}:
+.L_partial_incomplete_${label_suffix}:
___
if ($win64) {
$code .= <<___;
@@ -1808,7 +1802,7 @@ ___
$code .= <<___;
mov $PLAIN_CIPH_LEN,$LENGTH
-.L_enc_dec_done_${rndsuffix}:
+.L_enc_dec_done_${label_suffix}:
# ;; output encrypted Bytes
lea byte_len_to_mask_table(%rip),$IA0
@@ -1826,7 +1820,7 @@ ___
$code .= <<___;
mov $CIPH_PLAIN_OUT,$IA0
vmovdqu8 $XTMP1,($IA0){$MASKREG}
-.L_partial_block_done_${rndsuffix}:
+.L_partial_block_done_${label_suffix}:
___
}
@@ -2016,7 +2010,7 @@ sub INITIAL_BLOCKS_PARTIAL_GHASH {
my $GM = $_[23]; # [in] ZMM with mid prodcut part
my $GL = $_[24]; # [in] ZMM with lo product part
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
# ;;; - Hash all but the last partial block of data
@@ -2034,7 +2028,7 @@ sub INITIAL_BLOCKS_PARTIAL_GHASH {
# ;; NOTE: the 'jl' is always taken for num_initial_blocks = 16.
# ;; This is run in the context of GCM_ENC_DEC_SMALL for length < 256.
cmp \$16,$LENGTH
- jl .L_small_initial_partial_block_${rndsuffix}
+ jl .L_small_initial_partial_block_${label_suffix}
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
# ;;; Handle a full length final block - encrypt and hash all blocks
@@ -2056,11 +2050,11 @@ ___
&GHASH_1_TO_16($GCM128_CTX, $HASH_IN_OUT, $ZT0, $ZT1, $ZT2, $ZT3, $ZT4,
$ZT5, $ZT6, $ZT7, $ZT8, &ZWORD($HASH_IN_OUT), $DAT0, $DAT1, $DAT2, $DAT3, $NUM_BLOCKS, $GH, $GM, $GL);
}
- $code .= "jmp .L_small_initial_compute_done_${rndsuffix}\n";
+ $code .= "jmp .L_small_initial_compute_done_${label_suffix}\n";
}
$code .= <<___;
-.L_small_initial_partial_block_${rndsuffix}:
+.L_small_initial_partial_block_${label_suffix}:
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
# ;;; Handle ghash for a <16B final block
@@ -2125,7 +2119,7 @@ ___
# ;; a partial block of data, so xor that into the hash.
vpxorq $LAST_GHASH_BLK,$HASH_IN_OUT,$HASH_IN_OUT
# ;; The result is in $HASH_IN_OUT
- jmp .L_after_reduction_${rndsuffix}
+ jmp .L_after_reduction_${label_suffix}
___
}
@@ -2133,7 +2127,7 @@ ___
# ;;; After GHASH reduction
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- $code .= ".L_small_initial_compute_done_${rndsuffix}:\n";
+ $code .= ".L_small_initial_compute_done_${label_suffix}:\n";
# ;; If using init/update/finalize, we need to xor any partial block data
# ;; into the hash.
@@ -2144,13 +2138,13 @@ ___
$code .= <<___;
# ;; NOTE: for $NUM_BLOCKS = 16, $LENGTH, stored in [PBlockLen] is never zero
or $LENGTH,$LENGTH
- je .L_after_reduction_${rndsuffix}
+ je .L_after_reduction_${label_suffix}
___
}
$code .= "vpxorq $LAST_GHASH_BLK,$HASH_IN_OUT,$HASH_IN_OUT\n";
}
- $code .= ".L_after_reduction_${rndsuffix}:\n";
+ $code .= ".L_after_reduction_${label_suffix}:\n";
# ;; Final hash is now in HASH_IN_OUT
}
@@ -2266,7 +2260,7 @@ sub GHASH_16_ENCRYPT_N_GHASH_N {
die "GHASH_16_ENCRYPT_N_GHASH_N: num_blocks is out of bounds = $NUM_BLOCKS\n"
if ($NUM_BLOCKS > 16 || $NUM_BLOCKS < 0);
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
my $GH1H = $HASH_IN_OUT;
@@ -2326,16 +2320,16 @@ ___
$code .= <<___;
cmp \$`(256 - $NUM_BLOCKS)`,@{[DWORD($CTR_CHECK)]}
- jae .L_16_blocks_overflow_${rndsuffix}
+ jae .L_16_blocks_overflow_${label_suffix}
___
&ZMM_OPCODE3_DSTR_SRC1R_SRC2R_BLOCKS_0_16(
$NUM_BLOCKS, "vpaddd", $B00_03, $B04_07, $B08_11, $B12_15, $CTR_BE,
$B00_03, $B04_07, $B08_11, $ADDBE_1234, $ADDBE_4x4, $ADDBE_4x4, $ADDBE_4x4);
$code .= <<___;
- jmp .L_16_blocks_ok_${rndsuffix}
+ jmp .L_16_blocks_ok_${label_suffix}
-.L_16_blocks_overflow_${rndsuffix}:
+.L_16_blocks_overflow_${label_suffix}:
vpshufb $SHFMSK,$CTR_BE,$CTR_BE
vpaddd ddq_add_1234(%rip),$CTR_BE,$B00_03
___
@@ -2355,7 +2349,7 @@ ___
$NUM_BLOCKS, "vpshufb", $B00_03, $B04_07, $B08_11, $B12_15, $B00_03,
$B04_07, $B08_11, $B12_15, $SHFMSK, $SHFMSK, $SHFMSK, $SHFMSK);
$code .= <<___;
-.L_16_blocks_ok_${rndsuffix}:
+.L_16_blocks_ok_${label_suffix}:
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
# ;; - pre-load constants
@@ -2805,53 +2799,53 @@ sub GCM_ENC_DEC_LAST {
my $MASKREG = $_[44]; # [clobbered] mask register
my $PBLOCK_LEN = $_[45]; # [in] partial block length
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
mov @{[DWORD($LENGTH)]},@{[DWORD($IA0)]}
add \$15,@{[DWORD($IA0)]}
shr \$4,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_0_${rndsuffix}
+ je .L_last_num_blocks_is_0_${label_suffix}
cmp \$8,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_8_${rndsuffix}
- jb .L_last_num_blocks_is_7_1_${rndsuffix}
+ je .L_last_num_blocks_is_8_${label_suffix}
+ jb .L_last_num_blocks_is_7_1_${label_suffix}
cmp \$12,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_12_${rndsuffix}
- jb .L_last_num_blocks_is_11_9_${rndsuffix}
+ je .L_last_num_blocks_is_12_${label_suffix}
+ jb .L_last_num_blocks_is_11_9_${label_suffix}
# ;; 16, 15, 14 or 13
cmp \$15,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_15_${rndsuffix}
- ja .L_last_num_blocks_is_16_${rndsuffix}
+ je .L_last_num_blocks_is_15_${label_suffix}
+ ja .L_last_num_blocks_is_16_${label_suffix}
cmp \$14,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_14_${rndsuffix}
- jmp .L_last_num_blocks_is_13_${rndsuffix}
+ je .L_last_num_blocks_is_14_${label_suffix}
+ jmp .L_last_num_blocks_is_13_${label_suffix}
-.L_last_num_blocks_is_11_9_${rndsuffix}:
+.L_last_num_blocks_is_11_9_${label_suffix}:
# ;; 11, 10 or 9
cmp \$10,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_10_${rndsuffix}
- ja .L_last_num_blocks_is_11_${rndsuffix}
- jmp .L_last_num_blocks_is_9_${rndsuffix}
+ je .L_last_num_blocks_is_10_${label_suffix}
+ ja .L_last_num_blocks_is_11_${label_suffix}
+ jmp .L_last_num_blocks_is_9_${label_suffix}
-.L_last_num_blocks_is_7_1_${rndsuffix}:
+.L_last_num_blocks_is_7_1_${label_suffix}:
cmp \$4,@{[DWORD($IA0)]}
- je .L_last_num_blocks_is_4_${rndsuffix}
- jb .L_last_num_blocks_is_3_1_${rndsuffix}
+ je .L_last_num_blocks_is_4_${label_suffix}
+ jb .L_last_num_blocks_is_3_1_${label_suffix}
# ;; 7, 6 or 5
cmp \$6,@{[DWORD($IA0)]}
- ja .L_last_num_blocks_is_7_${rndsuffix}
- je .L_last_num_blocks_is_6_${rndsuffix}
- jmp .L_last_num_blocks_is_5_${rndsuffix}
+ ja .L_last_num_blocks_is_7_${label_suffix}
+ je .L_last_num_blocks_is_6_${label_suffix}
+ jmp .L_last_num_blocks_is_5_${label_suffix}
-.L_last_num_blocks_is_3_1_${rndsuffix}:
+.L_last_num_blocks_is_3_1_${label_suffix}:
# ;; 3, 2 or 1
cmp \$2,@{[DWORD($IA0)]}
- ja .L_last_num_blocks_is_3_${rndsuffix}
- je .L_last_num_blocks_is_2_${rndsuffix}
+ ja .L_last_num_blocks_is_3_${label_suffix}
+ je .L_last_num_blocks_is_2_${label_suffix}
___
# ;; fall through for `jmp .L_last_num_blocks_is_1`
@@ -2859,7 +2853,7 @@ ___
# ;; Use rep to generate different block size variants
# ;; - one block size has to be the first one
for my $num_blocks (1 .. 16) {
- $code .= ".L_last_num_blocks_is_${num_blocks}_${rndsuffix}:\n";
+ $code .= ".L_last_num_blocks_is_${num_blocks}_${label_suffix}:\n";
&GHASH_16_ENCRYPT_N_GHASH_N(
$AES_KEYS, $GCM128_CTX, $CIPH_PLAIN_OUT, $PLAIN_CIPH_IN, $DATA_OFFSET,
$LENGTH, $CTR_BE, $CTR_CHECK, $HASHKEY_OFFSET, $GHASHIN_BLK_OFFSET,
@@ -2872,10 +2866,10 @@ ___
$ENC_DEC, $HASH_IN_OUT, $IA0, $IA1, $MASKREG,
$num_blocks, $PBLOCK_LEN);
- $code .= "jmp .L_last_blocks_done_${rndsuffix}\n";
+ $code .= "jmp .L_last_blocks_done_${label_suffix}\n";
}
- $code .= ".L_last_num_blocks_is_0_${rndsuffix}:\n";
+ $code .= ".L_last_num_blocks_is_0_${label_suffix}:\n";
# ;; if there is 0 blocks to cipher then there are only 16 blocks for ghash and reduction
# ;; - convert mid into end_reduce
@@ -2891,7 +2885,7 @@ ___
$GHASHIN_BLK_OFFSET, 0, "%rsp", $HASHKEY_OFFSET, 0, $HASH_IN_OUT, $ZT00, $ZT01,
$ZT02, $ZT03, $ZT04, $ZT05, $ZT06, $ZT07, $ZT08, $ZT09);
- $code .= ".L_last_blocks_done_${rndsuffix}:\n";
+ $code .= ".L_last_blocks_done_${label_suffix}:\n";
}
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2985,20 +2979,20 @@ sub GHASH_16_ENCRYPT_16_PARALLEL {
my $GHDAT1 = $ZT21;
my $GHDAT2 = $ZT22;
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
# ;; prepare counter blocks
$code .= <<___;
cmpb \$`(256 - 16)`,@{[BYTE($CTR_CHECK)]}
- jae .L_16_blocks_overflow_${rndsuffix}
+ jae .L_16_blocks_overflow_${label_suffix}
vpaddd $ADDBE_1234,$CTR_BE,$B00_03
vpaddd $ADDBE_4x4,$B00_03,$B04_07
vpaddd $ADDBE_4x4,$B04_07,$B08_11
vpaddd $ADDBE_4x4,$B08_11,$B12_15
- jmp .L_16_blocks_ok_${rndsuffix}
-.L_16_blocks_overflow_${rndsuffix}:
+ jmp .L_16_blocks_ok_${label_suffix}
+.L_16_blocks_overflow_${label_suffix}:
vpshufb $SHFMSK,$CTR_BE,$CTR_BE
vmovdqa64 ddq_add_4444(%rip),$B12_15
vpaddd ddq_add_1234(%rip),$CTR_BE,$B00_03
@@ -3009,7 +3003,7 @@ sub GHASH_16_ENCRYPT_16_PARALLEL {
vpshufb $SHFMSK,$B04_07,$B04_07
vpshufb $SHFMSK,$B08_11,$B08_11
vpshufb $SHFMSK,$B12_15,$B12_15
-.L_16_blocks_ok_${rndsuffix}:
+.L_16_blocks_ok_${label_suffix}:
___
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -3338,25 +3332,25 @@ sub ENCRYPT_SINGLE_BLOCK {
my $XMM0 = $_[1]; # ; [in/out]
my $GPR1 = $_[2]; # ; [clobbered]
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
# ; load number of rounds from AES_KEY structure (offset in bytes is
# ; size of the |rd_key| buffer)
mov `4*15*4`($AES_KEY),@{[DWORD($GPR1)]}
cmp \$9,@{[DWORD($GPR1)]}
- je .Laes_128_${rndsuffix}
+ je .Laes_128_${label_suffix}
cmp \$11,@{[DWORD($GPR1)]}
- je .Laes_192_${rndsuffix}
+ je .Laes_192_${label_suffix}
cmp \$13,@{[DWORD($GPR1)]}
- je .Laes_256_${rndsuffix}
- jmp .Lexit_aes_${rndsuffix}
+ je .Laes_256_${label_suffix}
+ jmp .Lexit_aes_${label_suffix}
___
for my $keylen (sort keys %aes_rounds) {
my $nr = $aes_rounds{$keylen};
$code .= <<___;
.align 32
-.Laes_${keylen}_${rndsuffix}:
+.Laes_${keylen}_${label_suffix}:
___
$code .= "vpxorq `16*0`($AES_KEY),$XMM0, $XMM0\n\n";
for (my $i = 1; $i <= $nr; $i++) {
@@ -3364,10 +3358,10 @@ ___
}
$code .= <<___;
vaesenclast `16*($nr+1)`($AES_KEY),$XMM0,$XMM0
- jmp .Lexit_aes_${rndsuffix}
+ jmp .Lexit_aes_${label_suffix}
___
}
- $code .= ".Lexit_aes_${rndsuffix}:\n\n";
+ $code .= ".Lexit_aes_${label_suffix}:\n\n";
}
sub CALC_J0 {
@@ -3562,52 +3556,52 @@ sub GCM_ENC_DEC_SMALL {
my $SHUFMASK = $_[29]; # [in] ZMM with BE/LE shuffle mask
my $PBLOCK_LEN = $_[30]; # [in] partial block length
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
cmp \$8,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_8_${rndsuffix}
- jl .L_small_initial_num_blocks_is_7_1_${rndsuffix}
+ je .L_small_initial_num_blocks_is_8_${label_suffix}
+ jl .L_small_initial_num_blocks_is_7_1_${label_suffix}
cmp \$12,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_12_${rndsuffix}
- jl .L_small_initial_num_blocks_is_11_9_${rndsuffix}
+ je .L_small_initial_num_blocks_is_12_${label_suffix}
+ jl .L_small_initial_num_blocks_is_11_9_${label_suffix}
# ;; 16, 15, 14 or 13
cmp \$16,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_16_${rndsuffix}
+ je .L_small_initial_num_blocks_is_16_${label_suffix}
cmp \$15,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_15_${rndsuffix}
+ je .L_small_initial_num_blocks_is_15_${label_suffix}
cmp \$14,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_14_${rndsuffix}
- jmp .L_small_initial_num_blocks_is_13_${rndsuffix}
+ je .L_small_initial_num_blocks_is_14_${label_suffix}
+ jmp .L_small_initial_num_blocks_is_13_${label_suffix}
-.L_small_initial_num_blocks_is_11_9_${rndsuffix}:
+.L_small_initial_num_blocks_is_11_9_${label_suffix}:
# ;; 11, 10 or 9
cmp \$11,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_11_${rndsuffix}
+ je .L_small_initial_num_blocks_is_11_${label_suffix}
cmp \$10,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_10_${rndsuffix}
- jmp .L_small_initial_num_blocks_is_9_${rndsuffix}
+ je .L_small_initial_num_blocks_is_10_${label_suffix}
+ jmp .L_small_initial_num_blocks_is_9_${label_suffix}
-.L_small_initial_num_blocks_is_7_1_${rndsuffix}:
+.L_small_initial_num_blocks_is_7_1_${label_suffix}:
cmp \$4,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_4_${rndsuffix}
- jl .L_small_initial_num_blocks_is_3_1_${rndsuffix}
+ je .L_small_initial_num_blocks_is_4_${label_suffix}
+ jl .L_small_initial_num_blocks_is_3_1_${label_suffix}
# ;; 7, 6 or 5
cmp \$7,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_7_${rndsuffix}
+ je .L_small_initial_num_blocks_is_7_${label_suffix}
cmp \$6,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_6_${rndsuffix}
- jmp .L_small_initial_num_blocks_is_5_${rndsuffix}
+ je .L_small_initial_num_blocks_is_6_${label_suffix}
+ jmp .L_small_initial_num_blocks_is_5_${label_suffix}
-.L_small_initial_num_blocks_is_3_1_${rndsuffix}:
+.L_small_initial_num_blocks_is_3_1_${label_suffix}:
# ;; 3, 2 or 1
cmp \$3,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_3_${rndsuffix}
+ je .L_small_initial_num_blocks_is_3_${label_suffix}
cmp \$2,$NUM_BLOCKS
- je .L_small_initial_num_blocks_is_2_${rndsuffix}
+ je .L_small_initial_num_blocks_is_2_${label_suffix}
# ;; for $NUM_BLOCKS == 1, just fall through and no 'jmp' needed
@@ -3616,7 +3610,7 @@ sub GCM_ENC_DEC_SMALL {
___
for (my $num_blocks = 1; $num_blocks <= 16; $num_blocks++) {
- $code .= ".L_small_initial_num_blocks_is_${num_blocks}_${rndsuffix}:\n";
+ $code .= ".L_small_initial_num_blocks_is_${num_blocks}_${label_suffix}:\n";
&INITIAL_BLOCKS_PARTIAL(
$AES_KEYS, $GCM128_CTX, $CIPH_PLAIN_OUT, $PLAIN_CIPH_IN, $LENGTH, $DATA_OFFSET,
$num_blocks, $CTR, $HASH_IN_OUT, $ENC_DEC, $ZTMP0, $ZTMP1,
@@ -3625,11 +3619,11 @@ ___
$ZTMP14, $IA0, $IA1, $MASKREG, $SHUFMASK, $PBLOCK_LEN);
if ($num_blocks != 16) {
- $code .= "jmp .L_small_initial_blocks_encrypted_${rndsuffix}\n";
+ $code .= "jmp .L_small_initial_blocks_encrypted_${label_suffix}\n";
}
}
- $code .= ".L_small_initial_blocks_encrypted_${rndsuffix}:\n";
+ $code .= ".L_small_initial_blocks_encrypted_${label_suffix}:\n";
}
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -3710,7 +3704,7 @@ sub GCM_ENC_DEC {
my $MASKREG = "%k1";
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
# ;; reduction every 48 blocks, depth 32 blocks
# ;; @note 48 blocks is the maximum capacity of the stack frame
@@ -3751,7 +3745,7 @@ sub GCM_ENC_DEC {
} else {
$code .= "or $PLAIN_CIPH_LEN,$PLAIN_CIPH_LEN\n";
}
- $code .= "je .L_enc_dec_done_${rndsuffix}\n";
+ $code .= "je .L_enc_dec_done_${label_suffix}\n";
# Length value from context $CTX_OFFSET_InLen`($GCM128_CTX) is updated in
# 'providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc'
@@ -3778,12 +3772,12 @@ sub GCM_ENC_DEC {
# ;; There may be no more data if it was consumed in the partial block.
$code .= <<___;
sub $DATA_OFFSET,$LENGTH
- je .L_enc_dec_done_${rndsuffix}
+ je .L_enc_dec_done_${label_suffix}
___
$code .= <<___;
cmp \$`(16 * 16)`,$LENGTH
- jbe .L_message_below_equal_16_blocks_${rndsuffix}
+ jbe .L_message_below_equal_16_blocks_${label_suffix}
vmovdqa64 SHUF_MASK(%rip),$SHUF_MASK
vmovdqa64 ddq_addbe_4444(%rip),$ADDBE_4x4
@@ -3815,7 +3809,7 @@ ___
$code .= <<___;
cmp \$`(32 * 16)`,$LENGTH
- jb .L_message_below_32_blocks_${rndsuffix}
+ jb .L_message_below_32_blocks_${label_suffix}
___
# ;; ==== AES-CTR - next 16 blocks
@@ -3836,13 +3830,13 @@ ___
sub \$`(32 * 16)`,$LENGTH
cmp \$`($big_loop_nblocks * 16)`,$LENGTH
- jb .L_no_more_big_nblocks_${rndsuffix}
+ jb .L_no_more_big_nblocks_${label_suffix}
___
# ;; ====
# ;; ==== AES-CTR + GHASH - 48 blocks loop
# ;; ====
- $code .= ".L_encrypt_big_nblocks_${rndsuffix}:\n";
+ $code .= ".L_encrypt_big_nblocks_${label_suffix}:\n";
# ;; ==== AES-CTR + GHASH - 16 blocks, start
$aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16));
@@ -3893,15 +3887,15 @@ ___
add \$`($big_loop_nblocks * 16)`,$DATA_OFFSET
sub \$`($big_loop_nblocks * 16)`,$LENGTH
cmp \$`($big_loop_nblocks * 16)`,$LENGTH
- jae .L_encrypt_big_nblocks_${rndsuffix}
+ jae .L_encrypt_big_nblocks_${label_suffix}
-.L_no_more_big_nblocks_${rndsuffix}:
+.L_no_more_big_nblocks_${label_suffix}:
cmp \$`(32 * 16)`,$LENGTH
- jae .L_encrypt_32_blocks_${rndsuffix}
+ jae .L_encrypt_32_blocks_${label_suffix}
cmp \$`(16 * 16)`,$LENGTH
- jae .L_encrypt_16_blocks_${rndsuffix}
+ jae .L_encrypt_16_blocks_${label_suffix}
___
# ;; =====================================================
@@ -3909,7 +3903,7 @@ ___
# ;; ==== GHASH 1 x 16 blocks
# ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks
# ;; ==== then GHASH N blocks
- $code .= ".L_encrypt_0_blocks_ghash_32_${rndsuffix}:\n";
+ $code .= ".L_encrypt_0_blocks_ghash_32_${label_suffix}:\n";
# ;; calculate offset to the right hash key
$code .= <<___;
@@ -3937,7 +3931,7 @@ ___
$IA0, $IA5, $MASKREG, $PBLOCK_LEN);
$code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n";
- $code .= "jmp .L_ghash_done_${rndsuffix}\n";
+ $code .= "jmp .L_ghash_done_${label_suffix}\n";
# ;; =====================================================
# ;; =====================================================
@@ -3946,7 +3940,7 @@ ___
# ;; ==== GHASH 1 x 16 blocks (reduction)
# ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks
# ;; ==== then GHASH N blocks
- $code .= ".L_encrypt_32_blocks_${rndsuffix}:\n";
+ $code .= ".L_encrypt_32_blocks_${label_suffix}:\n";
# ;; ==== AES-CTR + GHASH - 16 blocks, start
$aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16));
@@ -4007,7 +4001,7 @@ ___
$IA0, $IA5, $MASKREG, $PBLOCK_LEN);
$code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n";
- $code .= "jmp .L_ghash_done_${rndsuffix}\n";
+ $code .= "jmp .L_ghash_done_${label_suffix}\n";
# ;; =====================================================
# ;; =====================================================
@@ -4015,7 +4009,7 @@ ___
# ;; ==== GHASH 1 x 16 blocks
# ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks
# ;; ==== then GHASH N blocks
- $code .= ".L_encrypt_16_blocks_${rndsuffix}:\n";
+ $code .= ".L_encrypt_16_blocks_${label_suffix}:\n";
# ;; ==== AES-CTR + GHASH - 16 blocks, start
$aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16));
@@ -4059,9 +4053,9 @@ ___
$code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n";
$code .= <<___;
- jmp .L_ghash_done_${rndsuffix}
+ jmp .L_ghash_done_${label_suffix}
-.L_message_below_32_blocks_${rndsuffix}:
+.L_message_below_32_blocks_${label_suffix}:
# ;; 32 > number of blocks > 16
sub \$`(16 * 16)`,$LENGTH
@@ -4094,9 +4088,9 @@ ___
$code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n";
$code .= <<___;
- jmp .L_ghash_done_${rndsuffix}
+ jmp .L_ghash_done_${label_suffix}
-.L_message_below_equal_16_blocks_${rndsuffix}:
+.L_message_below_equal_16_blocks_${label_suffix}:
# ;; Determine how many blocks to process
# ;; - process one additional block if there is a partial block
mov @{[DWORD($LENGTH)]},@{[DWORD($IA1)]}
@@ -4113,13 +4107,13 @@ ___
# ;; fall through to exit
- $code .= ".L_ghash_done_${rndsuffix}:\n";
+ $code .= ".L_ghash_done_${label_suffix}:\n";
# ;; save the last counter block
$code .= "vmovdqu64 $CTR_BLOCKx,`$CTX_OFFSET_CurCount`($GCM128_CTX)\n";
$code .= <<___;
vmovdqu64 $AAD_HASHx,`$CTX_OFFSET_AadHash`($GCM128_CTX)
-.L_enc_dec_done_${rndsuffix}:
+.L_enc_dec_done_${label_suffix}:
___
}
@@ -4155,7 +4149,7 @@ sub INITIAL_BLOCKS_16 {
my $B08_11 = $T7;
my $B12_15 = $T8;
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
my $stack_offset = $BLK_OFFSET;
$code .= <<___;
@@ -4163,13 +4157,13 @@ sub INITIAL_BLOCKS_16 {
# ;; prepare counter blocks
cmpb \$`(256 - 16)`,@{[BYTE($CTR_CHECK)]}
- jae .L_next_16_overflow_${rndsuffix}
+ jae .L_next_16_overflow_${label_suffix}
vpaddd $ADDBE_1234,$CTR,$B00_03
vpaddd $ADDBE_4x4,$B00_03,$B04_07
vpaddd $ADDBE_4x4,$B04_07,$B08_11
vpaddd $ADDBE_4x4,$B08_11,$B12_15
- jmp .L_next_16_ok_${rndsuffix}
-.L_next_16_overflow_${rndsuffix}:
+ jmp .L_next_16_ok_${label_suffix}
+.L_next_16_overflow_${label_suffix}:
vpshufb $SHUF_MASK,$CTR,$CTR
vmovdqa64 ddq_add_4444(%rip),$B12_15
vpaddd ddq_add_1234(%rip),$CTR,$B00_03
@@ -4180,7 +4174,7 @@ sub INITIAL_BLOCKS_16 {
vpshufb $SHUF_MASK,$B04_07,$B04_07
vpshufb $SHUF_MASK,$B08_11,$B08_11
vpshufb $SHUF_MASK,$B12_15,$B12_15
-.L_next_16_ok_${rndsuffix}:
+.L_next_16_ok_${label_suffix}:
vshufi64x2 \$0b11111111,$B12_15,$B12_15,$CTR
addb \$16,@{[BYTE($CTR_CHECK)]}
# ;; === load 16 blocks of data
@@ -4264,7 +4258,7 @@ sub GCM_COMPLETE {
my $GCM128_CTX = $_[0];
my $PBLOCK_LEN = $_[1];
- my $rndsuffix = &random_string();
+ my $label_suffix = $label_count++;
$code .= <<___;
vmovdqu @{[HashKeyByIdx(1,$GCM128_CTX)]},%xmm2
@@ -4276,14 +4270,14 @@ ___
# ;; Process the final partial block.
cmp \$0,$PBLOCK_LEN
- je .L_partial_done_${rndsuffix}
+ je .L_partial_done_${label_suffix}
___
# ;GHASH computation for the last <16 Byte block
&GHASH_MUL("%xmm4", "%xmm2", "%xmm0", "%xmm16", "%xmm17");
$code .= <<___;
-.L_partial_done_${rndsuffix}:
+.L_partial_done_${label_suffix}:
vmovq `$CTX_OFFSET_InLen`($GCM128_CTX), %xmm5
vpinsrq \$1, `$CTX_OFFSET_AadLen`($GCM128_CTX), %xmm5, %xmm5 # ; xmm5 = len(A)||len(C)
vpsllq \$3, %xmm5, %xmm5 # ; convert bytes into bits
@@ -4297,7 +4291,7 @@ ___
vpshufb SHUF_MASK(%rip),%xmm4,%xmm4 # ; perform a 16Byte swap
vpxor %xmm4,%xmm3,%xmm3
-.L_return_T_${rndsuffix}:
+.L_return_T_${label_suffix}:
vmovdqu %xmm3,`$CTX_OFFSET_AadHash`($GCM128_CTX)
___
}