testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity

Accepting request 390473 from Base:System

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/390473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=131
This commit is contained in:
Dominique Leuenberger 2016-04-22 14:17:16 +00:00 committed by Git OBS Bridge
parent 2ebd052507
commit fa96b8cfdd
14 changed files with 572 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bsc936563_hack.patch
View File

@ -1,13 +0,0 @@
Index: openssl-1.0.2c/crypto/ec/Makefile
===================================================================
--- openssl-1.0.2c.orig/crypto/ec/Makefile
+++ openssl-1.0.2c/crypto/ec/Makefile
@@ -10,7 +10,7 @@ CFLAG=-g
MAKEFILE= Makefile
AR= ar r
-CFLAGS= $(INCLUDES) $(CFLAG)
+CFLAGS= $(INCLUDES) $(CFLAG) -O0
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)

12
openssl-fips-clearerror.patch Normal file
View File

@ -0,0 +1,12 @@
Index: openssl-1.0.2g/crypto/o_init.c
===================================================================
--- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:54:05.763929573 +0200
+++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:59:08.366168879 +0200
@@ -91,6 +91,7 @@ static void init_fips_mode(void)
NONFIPS_selftest_check();
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
+ ERR_clear_error();
} else {
/* abort if selftest failed */
FIPS_selftest_check();

128
openssl-fips-dont-fall-back-to-default-digest.patch Normal file
View File

@ -0,0 +1,128 @@
Index: openssl-1.0.2g/apps/dgst.c
===================================================================
--- openssl-1.0.2g.orig/apps/dgst.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/dgst.c 2016-04-14 11:04:21.706558132 +0200
@@ -147,7 +147,7 @@ int MAIN(int argc, char **argv)
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
- md = EVP_get_digestbyname(pname);
+ md = EVP_get_digestbyname_fips_disabled(pname);
argc--;
argv++;
@@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
- } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ } else if ((m = EVP_get_digestbyname_fips_disabled(&((*argv)[1]))) != NULL)
md = m;
else
break;
Index: openssl-1.0.2g/apps/apps.c
===================================================================
--- openssl-1.0.2g.orig/apps/apps.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/apps.c 2016-04-14 11:04:21.707558145 +0200
@@ -3226,3 +3226,45 @@ int raw_write_stdout(const void *buf, in
return write(fileno(stdout), buf, siz);
}
#endif
+
+
+const EVP_MD *EVP_get_digestbyname_fips_disabled(const char *name)
+ {
+ int saved_fips_mode = FIPS_mode();
+ EVP_MD *md;
+
+ if (saved_fips_mode)
+ FIPS_mode_set(0);
+
+ OpenSSL_add_all_digests();
+ md=EVP_get_digestbyname(name);
+
+ if (saved_fips_mode && !FIPS_mode_set(saved_fips_mode)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+
+ return md;
+ }
+
+const EVP_CIPHER *EVP_get_cipherbyname_fips_disabled(const char *name)
+ {
+ int saved_fips_mode = FIPS_mode();
+ EVP_CIPHER *ciph;
+
+ if (saved_fips_mode)
+ FIPS_mode_set(0);
+
+ OpenSSL_add_all_ciphers();
+ ciph=EVP_get_cipherbyname(name);
+
+ if (saved_fips_mode && !FIPS_mode_set(saved_fips_mode)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+
+ return ciph;
+ }
+
Index: openssl-1.0.2g/apps/apps.h
===================================================================
--- openssl-1.0.2g.orig/apps/apps.h 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/apps.h 2016-04-14 11:04:21.707558145 +0200
@@ -348,6 +348,9 @@ void print_cert_checks(BIO *bio, X509 *x
void store_setup_crl_download(X509_STORE *st);
+const EVP_MD *EVP_get_digestbyname_fips_disabled(const char *name);
+const EVP_CIPHER *EVP_get_cipherbyname_fips_disabled(const char *name);
+
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
Index: openssl-1.0.2g/apps/enc.c
===================================================================
--- openssl-1.0.2g.orig/apps/enc.c 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2g/apps/enc.c 2016-04-15 13:57:22.782628623 +0200
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
do_zlib = 1;
#endif
- cipher = EVP_get_cipherbyname(pname);
+ cipher = EVP_get_cipherbyname_fips_disabled(pname);
#ifdef ZLIB
if (!do_zlib && !base64 && (cipher == NULL)
&& (strcmp(pname, "enc") != 0))
@@ -269,7 +269,7 @@ int MAIN(int argc, char **argv)
} else if (strcmp(*argv, "-non-fips-allow") == 0)
non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
- ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+ ((c = EVP_get_cipherbyname_fips_disabled(&(argv[0][1]))) != NULL)) {
cipher = c;
} else if (strcmp(*argv, "-none") == 0)
cipher = NULL;
@@ -322,6 +322,10 @@ int MAIN(int argc, char **argv)
argv++;
}
+ /* drop out of fips mode if we should allow non-fips algos */
+ if (non_fips_allow)
+ FIPS_mode_set(0);
+
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
@@ -338,7 +342,7 @@ int MAIN(int argc, char **argv)
goto end;
}
- if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+ if (md && (dgst = EVP_get_digestbyname_fips_disabled(md)) == NULL) {
BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
goto end;
}

14
openssl-fips-fix-odd-rsakeybits.patch Normal file
View File

@ -0,0 +1,14 @@
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:52:34.187646539 +0200
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:53:39.335559301 +0200
@@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa,
goto err;
bitsp = (bits + 1) / 2;
- bitsq = bits - bitsp;
+ /* Use the same number of bits for p and q, our checks assume it. */
+ bitsq = bitsp;
/* prepare a maximum for p and q */
/* 0xB504F334 is (sqrt(2)/2)*2^32 */

39
openssl-fips-rsagen-d-bits.patch Normal file
View File

@ -0,0 +1,39 @@
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:23:50.941168136 +0200
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:47:56.651757817 +0200
@@ -237,6 +237,12 @@ static int FIPS_rsa_builtin_keygen(RSA *
goto err;
}
+ BN_copy(rsa->e, e_value);
+
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
+ test = 1;
+
+retry:
/* prepare approximate minimum p and q */
if (!BN_set_word(r0, 0xB504F334))
goto err;
@@ -249,12 +255,6 @@ static int FIPS_rsa_builtin_keygen(RSA *
if (!BN_lshift(r3, r3, pbits - 100))
goto err;
- BN_copy(rsa->e, e_value);
-
- if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
- test = 1;
-
- retry:
/* generate p and q */
for (i = 0; i < 5 * pbits; i++) {
ploop:
@@ -384,6 +384,8 @@ static int FIPS_rsa_builtin_keygen(RSA *
if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx))
goto err; /* d */
+ /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */
+ /* the LCM part is covered due to the generation by modulo above */
if (BN_num_bits(rsa->d) < pbits)
goto retry; /* d is too small */

74
openssl-fips-selftests_in_nonfips_mode.patch Normal file
View File

@ -0,0 +1,74 @@
Index: openssl-1.0.2g/crypto/fips/fips.c
===================================================================
--- openssl-1.0.2g.orig/crypto/fips/fips.c 2016-04-14 10:49:37.460170356 +0200
+++ openssl-1.0.2g/crypto/fips/fips.c 2016-04-14 10:49:47.270307813 +0200
@@ -448,6 +448,44 @@ int FIPS_module_mode_set(int onoff, cons
return ret;
}
+/* In non-FIPS mode, the selftests must succeed if the
+ * checksum files are present
+ */
+void NONFIPS_selftest_check(void)
+ {
+ int rv;
+ char *hmacpath;
+ char path[PATH_MAX+1];
+
+ if (fips_selftest_fail)
+ {
+ /* check if the checksum files are installed */
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
+ if (rv < 0)
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+
+ hmacpath = make_hmac_path(path);
+ if (hmacpath == NULL)
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+
+ if (access(hmacpath, F_OK))
+ {
+ /* no hmac file is present, ignore the failed selftests */
+ if (errno == ENOENT)
+ {
+ free(hmacpath);
+ return;
+ }
+ /* we fail on any other error */
+ }
+ /* if the file exists, but the selftests failed
+ (eg wrong checksum), we fail too */
+ free(hmacpath);
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+ }
+ /* otherwise ok, selftests were successful */
+ }
+
static CRYPTO_THREADID fips_thread;
static int fips_thread_set = 0;
Index: openssl-1.0.2g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.2g.orig/crypto/fips/fips.h 2016-04-14 10:49:47.270307813 +0200
+++ openssl-1.0.2g/crypto/fips/fips.h 2016-04-14 10:50:45.867128848 +0200
@@ -107,6 +107,7 @@ extern "C" {
int FIPS_selftest_drbg(void);
int FIPS_selftest_drbg_all(void);
int FIPS_selftest_cmac(void);
+ void NONFIPS_selftest_check(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
Index: openssl-1.0.2g/crypto/o_init.c
===================================================================
--- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:49:47.270307813 +0200
+++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:51:31.634770112 +0200
@@ -87,6 +87,8 @@ static void init_fips_mode(void)
*/
if (buf[0] != '1') {
+ /* abort if selftest failed and the module is complete */
+ NONFIPS_selftest_check();
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
} else {

42
openssl-fips_RSA_compute_d_with_lcm.patch Normal file
View File

@ -0,0 +1,42 @@
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-13 15:07:34.371851679 +0200
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-13 15:18:00.630306031 +0200
@@ -177,6 +177,7 @@ static int FIPS_rsa_builtin_keygen(RSA *
BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
BIGNUM local_r0, local_d, local_p;
BIGNUM *pr0, *d, *p;
+ BIGNUM *gcd_p1_q1 = NULL, *lcm_p1_q1 = NULL;
BN_CTX *ctx = NULL;
int ok = -1;
int i;
@@ -204,6 +205,8 @@ static int FIPS_rsa_builtin_keygen(RSA *
r1 = BN_CTX_get(ctx);
r2 = BN_CTX_get(ctx);
r3 = BN_CTX_get(ctx);
+ gcd_p1_q1 = BN_CTX_get(ctx);
+ lcm_p1_q1 = BN_CTX_get(ctx);
if (r3 == NULL)
goto err;
@@ -372,12 +375,18 @@ static int FIPS_rsa_builtin_keygen(RSA *
BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
} else
pr0 = r0;
- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
+
+ /* calculate lcm(p-1,q-1) = (p-1)*(q-1) / gcd(p-1,q-1) */
+ if (!BN_gcd(gcd_p1_q1, r1, r2, ctx))
+ goto err; /* gcd(p-1,q-1) */
+ if (!BN_div(lcm_p1_q1, NULL, pr0, gcd_p1_q1, ctx))
+ goto err;
+ if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx))
goto err; /* d */
if (BN_num_bits(rsa->d) < pbits)
goto retry; /* d is too small */
-
+
/* set up d for correct BN_FLG_CONSTTIME flag */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
d = &local_d;

16
openssl-fips_disallow_ENGINE_loading.patch Normal file
View File

@ -0,0 +1,16 @@
Index: openssl-1.0.2g/crypto/engine/eng_all.c
===================================================================
--- openssl-1.0.2g.orig/crypto/engine/eng_all.c 2016-04-13 15:04:40.644190904 +0200
+++ openssl-1.0.2g/crypto/engine/eng_all.c 2016-04-13 15:06:04.092468490 +0200
@@ -70,11 +70,6 @@ void ENGINE_load_builtin_engines(void)
#ifdef OPENSSL_FIPS
OPENSSL_init_library();
if (FIPS_mode()) {
- /* We allow loading dynamic engine as a third party
- engine might be FIPS validated.
- User is disallowed to load non-validated engines
- by security policy. */
- ENGINE_load_dynamic();
return;
}
#endif

13
openssl-fips_disallow_x931_rand_method.patch Normal file
View File

@ -0,0 +1,13 @@
Index: openssl-1.0.2g/crypto/fips/fips_rand_lib.c
===================================================================
--- openssl-1.0.2g.orig/crypto/fips/fips_rand_lib.c 2016-04-13 15:01:53.236630810 +0200
+++ openssl-1.0.2g/crypto/fips/fips_rand_lib.c 2016-04-13 15:02:48.986482927 +0200
@@ -73,8 +73,6 @@ int FIPS_rand_set_method(const RAND_METH
if (!fips_rand_bits) {
if (meth == FIPS_drbg_method())
fips_approved_rand_meth = 1;
- else if (meth == FIPS_x931_method())
- fips_approved_rand_meth = 2;
else {
fips_approved_rand_meth = 0;
if (FIPS_module_mode()) {

42
openssl-ocloexec.patch
View File

@ -1,7 +1,7 @@
Index: crypto/bio/b_sock.c
===================================================================
--- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100
+++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100
--- crypto/bio/b_sock.c.orig 2016-04-14 11:01:01.957760118 +0200
+++ crypto/bio/b_sock.c 2016-04-14 11:01:04.759799369 +0200
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
}
@ -31,8 +31,8 @@ Index: crypto/bio/b_sock.c
sa.len.i = (int)sa.len.s;
Index: crypto/bio/bss_conn.c
===================================================================
--- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100
+++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100
--- crypto/bio/bss_conn.c.orig 2016-04-14 11:01:01.957760118 +0200
+++ crypto/bio/bss_conn.c 2016-04-14 11:01:04.759799369 +0200
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
c->them.sin_addr.s_addr = htonl(l);
c->state = BIO_CONN_S_CREATE_SOCKET;
@ -44,9 +44,9 @@ Index: crypto/bio/bss_conn.c
ERR_add_error_data(4, "host=", c->param_hostname,
Index: crypto/bio/bss_dgram.c
===================================================================
--- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100
@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char
--- crypto/bio/bss_dgram.c.orig 2016-04-14 11:01:01.958760132 +0200
+++ crypto/bio/bss_dgram.c 2016-04-14 11:01:04.760799384 +0200
@@ -1175,7 +1175,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf;
msg.msg_controllen = 512;
msg.msg_flags = 0;
@ -55,7 +55,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) {
if (n < 0)
@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1800,7 +1800,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -64,7 +64,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1822,7 +1822,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -73,7 +73,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1887,7 +1887,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK);
}
@ -82,7 +82,7 @@ Index: crypto/bio/bss_dgram.c
if (is_dry) {
fcntl(b->num, F_SETFL, sockflags);
@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1929,7 +1929,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK);
@ -91,7 +91,7 @@ Index: crypto/bio/bss_dgram.c
fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */
@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1949,7 +1949,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -102,8 +102,8 @@ Index: crypto/bio/bss_dgram.c
data->handle_notifications(b, data->notification_context,
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100
--- crypto/bio/bss_file.c.orig 2016-04-14 11:01:01.958760132 +0200
+++ crypto/bio/bss_file.c 2016-04-14 11:01:04.760799384 +0200
@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = {
static FILE *file_fopen(const char *filename, const char *mode)
{
@ -143,21 +143,21 @@ Index: crypto/bio/bss_file.c
SYSerr(SYS_F_FOPEN, get_last_sys_error());
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100
@@ -269,7 +269,7 @@ int RAND_poll(void)
--- crypto/rand/rand_unix.c.orig 2016-04-14 11:01:04.761799398 +0200
+++ crypto/rand/rand_unix.c 2016-04-14 11:02:13.950768594 +0200
@@ -270,7 +270,7 @@ int RAND_poll(void)
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
(n < ENTROPY_NEEDED); i++) {
(n < sizeof(tmpbuf)); i++) {
- if ((fd = open(randomfiles[i], O_RDONLY
+ if ((fd = open(randomfiles[i], O_RDONLY|O_CLOEXEC
+ if ((fd = open(randomfiles[i], O_RDONLY | O_CLOEXEC
# ifdef O_NONBLOCK
| O_NONBLOCK
# endif
Index: crypto/rand/randfile.c
===================================================================
--- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100
+++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100
--- crypto/rand/randfile.c.orig 2016-04-14 11:01:01.959760146 +0200
+++ crypto/rand/randfile.c 2016-04-14 11:01:04.761799398 +0200
@@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);

65
openssl-rsakeygen-minimum-distance.patch Normal file
View File

@ -0,0 +1,65 @@
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-13 15:18:47.520016582 +0200
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-13 15:36:32.309233030 +0200
@@ -465,6 +465,19 @@ static int rsa_builtin_keygen(RSA *rsa,
bitsp = (bits + 1) / 2;
bitsq = bits - bitsp;
+ /* prepare a maximum for p and q */
+ /* 0xB504F334 is (sqrt(2)/2)*2^32 */
+ if (!BN_set_word(r0, 0xB504F334))
+ goto err;
+ if (!BN_lshift(r0, r0, bitsp - 32))
+ goto err;
+
+ /* prepare minimum p and q difference */
+ if (!BN_one(r3))
+ goto err;
+ if (!BN_lshift(r3, r3, bitsp - 100))
+ goto err;
+
/* We need the RSA components non-NULL */
if (!rsa->n && ((rsa->n = BN_new()) == NULL))
goto err;
@@ -489,6 +502,8 @@ static int rsa_builtin_keygen(RSA *rsa,
for (;;) {
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
+ if (BN_cmp(rsa->p, r0) < 0)
+ continue;
if (!BN_sub(r2, rsa->p, BN_value_one()))
goto err;
if (!BN_gcd(r1, r2, rsa->e, ctx))
@@ -501,21 +516,17 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!BN_GENCB_call(cb, 3, 0))
goto err;
for (;;) {
- /*
- * When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values. Check for this and
- * bail if it happens 3 times.
- */
- unsigned int degenerate = 0;
- do {
- if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
- goto err;
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
- if (degenerate == 3) {
- ok = 0; /* we set our own err */
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+ /* This function will take care of setting the topmost bit via BN_rand(..,1,1), so
+ * the maximum distance between p and q is less than 2^bitsq */
+ if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ goto err;
+ if (BN_cmp(rsa->q, r0) < 0)
+ continue;
+ /* check for minimum distance between p and q, 2^(bitsp-100) */
+ if (!BN_sub(r2, rsa->q, rsa->p))
goto err;
- }
+ if (BN_ucmp(r2, r3) <= 0)
+ continue;
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
if (!BN_gcd(r1, r2, rsa->e, ctx))

100
openssl-urandom-reseeding.patch Normal file
View File

@ -0,0 +1,100 @@
Index: openssl-1.0.2g/crypto/rand/rand_unix.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rand/rand_unix.c 2016-04-15 14:27:32.058784436 +0200
+++ openssl-1.0.2g/crypto/rand/rand_unix.c 2016-04-15 14:27:32.711794567 +0200
@@ -245,7 +245,8 @@ int RAND_poll(void)
unsigned long l;
pid_t curr_pid = getpid();
# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
- unsigned char tmpbuf[ENTROPY_NEEDED];
+ /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */
+ unsigned char tmpbuf[1024];
int n = 0;
# endif
# ifdef DEVRANDOM
@@ -268,7 +269,7 @@ int RAND_poll(void)
*/
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
- (n < ENTROPY_NEEDED); i++) {
+ (n < sizeof(tmpbuf)); i++) {
if ((fd = open(randomfiles[i], O_RDONLY
# ifdef O_NONBLOCK
| O_NONBLOCK
@@ -355,7 +356,7 @@ int RAND_poll(void)
if (try_read) {
r = read(fd, (unsigned char *)tmpbuf + n,
- ENTROPY_NEEDED - n);
+ sizeof(tmpbuf) - n);
if (r > 0)
n += r;
# if defined(OPENSSL_SYS_BEOS_R5)
@@ -376,7 +377,7 @@ int RAND_poll(void)
}
while ((r > 0 ||
(errno == EINTR || errno == EAGAIN)) && usec != 0
- && n < ENTROPY_NEEDED);
+ && n < sizeof(tmpbuf));
close(fd);
}
@@ -389,12 +390,12 @@ int RAND_poll(void)
* collecting daemon.
*/
- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+ for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);
egdsocket++) {
int r;
r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
- ENTROPY_NEEDED - n);
+ sizeof(tmpbuf) - n);
if (r > 0)
n += r;
}
Index: openssl-1.0.2g/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rand/md_rand.c 2016-04-15 14:27:32.711794567 +0200
+++ openssl-1.0.2g/crypto/rand/md_rand.c 2016-04-15 14:28:18.865510438 +0200
@@ -360,6 +360,10 @@ int ssleay_rand_bytes(unsigned char *buf
if (num <= 0)
return 1;
+ /* special rule for /dev/urandom seeding ... seed with as much bytes
+ * from /dev/urandom as you get out */
+ RAND_load_file("/dev/urandom", num);
+
EVP_MD_CTX_init(&m);
/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
num_ceil =
Index: openssl-1.0.2g/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.0.2g.orig/crypto/fips/fips_drbg_rand.c 2016-04-15 14:27:32.712794583 +0200
+++ openssl-1.0.2g/crypto/fips/fips_drbg_rand.c 2016-04-15 14:29:30.192616518 +0200
@@ -77,6 +77,11 @@ static int fips_drbg_bytes(unsigned char
int rv = 0;
unsigned char *adin = NULL;
size_t adinlen = 0;
+
+ /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */
+ if (count > dctx->min_entropy)
+ RAND_load_file("/dev/urandom", count - dctx->min_entropy);
+
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
do {
size_t rcnt;
Index: openssl-1.0.2g/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rand/rand_lib.c 2016-04-15 14:27:32.712794583 +0200
+++ openssl-1.0.2g/crypto/rand/rand_lib.c 2016-04-15 14:30:45.074777402 +0200
@@ -238,7 +238,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
RAND_SSLeay()->add(in, inlen, entropy);
if (FIPS_rand_status()) {
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- FIPS_drbg_reseed(ctx, NULL, 0);
+ FIPS_drbg_reseed(ctx, in, inlen);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
return 1;

27
openssl.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com
- Remove a hack for bsc#936563
- Drop bsc936563_hack.patch
-------------------------------------------------------------------
Fri Apr 15 11:59:48 UTC 2016 - vcizek@suse.com
- import fips patches from SLE-12
* openssl-fips-clearerror.patch
* openssl-fips-dont-fall-back-to-default-digest.patch
* openssl-fips-fix-odd-rsakeybits.patch
* openssl-fips-rsagen-d-bits.patch
* openssl-fips-selftests_in_nonfips_mode.patch
* openssl-fips_RSA_compute_d_with_lcm.patch
* openssl-fips_disallow_ENGINE_loading.patch
* openssl-fips_disallow_x931_rand_method.patch
* openssl-rsakeygen-minimum-distance.patch
* openssl-urandom-reseeding.patch
-------------------------------------------------------------------
Tue Mar 8 12:50:28 UTC 2016 - vcizek@suse.com
- add support for "ciphers" providing no encryption (bsc#937085)
* don't build with -DSSL_FORBID_ENULL
-------------------------------------------------------------------
Tue Mar 1 14:40:18 UTC 2016 - vcizek@suse.com

27
openssl.spec
View File

@ -73,7 +73,17 @@ Patch34: openssl-fips-hidden.patch
Patch35: openssl-1.0.1e-add-suse-default-cipher.patch
Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch
Patch40: bsc936563_hack.patch
# FIPS patches from SLE-12
Patch50: openssl-fips_disallow_x931_rand_method.patch
Patch51: openssl-fips_disallow_ENGINE_loading.patch
Patch52: openssl-fips_RSA_compute_d_with_lcm.patch
Patch53: openssl-rsakeygen-minimum-distance.patch
Patch54: openssl-urandom-reseeding.patch
Patch55: openssl-fips-rsagen-d-bits.patch
Patch56: openssl-fips-selftests_in_nonfips_mode.patch
Patch57: openssl-fips-fix-odd-rsakeybits.patch
Patch58: openssl-fips-clearerror.patch
Patch59: openssl-fips-dont-fall-back-to-default-digest.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -184,15 +194,21 @@ this package's base documentation.
%patch35 -p1
%patch37 -p1
%patch38 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%if 0%{?suse_version} >= 1120
%patch3
%endif
%patch8 -p1
%patch14 -p1
#workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728
%ifarch ppc64le
%patch40 -p1
%endif
cp -p %{S:10} .
cp -p %{S:11} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
@ -264,7 +280,6 @@ $RPM_OPT_FLAGS -O3 -std=gnu99 \
-fno-common \
-DTERMIO \
-DPURIFY \
-DSSL_FORBID_ENULL \
-D_GNU_SOURCE \
-DOPENSSL_NO_BUF_FREELISTS \
$(getconf LFS_CFLAGS) \