diff --git a/base/openssl3/0003-Do-not-install-html-docs.patch b/base/openssl3/0003-Do-not-install-html-docs.patch index 6aabf8b..6be6e68 100644 --- a/base/openssl3/0003-Do-not-install-html-docs.patch +++ b/base/openssl3/0003-Do-not-install-html-docs.patch @@ -1,15 +1,19 @@ -From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:05:55 +0200 -Subject: Do not install html docs +From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 19 Oct 2023 13:12:39 +0200 +Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch -(was openssl-1.1.1-no-html.patch) +Patch-name: 0003-Do-not-install-html-docs.patch +Patch-id: 3 +Patch-status: | + # # Do not install html docs +From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 --- Configurations/unix-Makefile.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 342e46d24d..9f369edf0e 100644 +index a48fae5fb8..56b42926e7 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime @@ -22,5 +26,5 @@ index 342e46d24d..9f369edf0e 100644 uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation $(RM) -r "$(DESTDIR)$(DOCDIR)" -- -2.26.2 +2.41.0 diff --git a/base/openssl3/0004-Override-default-paths-for-the-CA-directory-tree.patch b/base/openssl3/0004-Override-default-paths-for-the-CA-directory-tree.patch index f16e22b..9ba7947 100644 --- a/base/openssl3/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/base/openssl3/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,14 +1,14 @@ -From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:17:26 +0200 -Subject: Override default paths for the CA directory tree +From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 04/35] + 0004-Override-default-paths-for-the-CA-directory-tree.patch -Also add default section to load crypto-policies configuration -for TLS. - -It needs to be reverted before running tests. - -(was openssl-1.1.1-conf-paths.patch) +Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch +Patch-id: 4 +Patch-status: | + # Override default paths for the CA directory tree +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- apps/CA.pl.in | 2 +- apps/openssl.cnf | 20 ++++++++++++++++++-- diff --git a/base/openssl3/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/base/openssl3/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 9decdce..83d5c23 100644 --- a/base/openssl3/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/base/openssl3/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,9 +1,14 @@ -From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 10:16:46 +0200 -Subject: Add support for PROFILE=SYSTEM system default cipherlist +From 8be4ef77c64fcada41041c00e02c34b07658ba66 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 07/49] + 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -(was openssl-1.1.1-system-cipherlist.patch) +Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +Patch-id: 7 +Patch-status: | + # # Add support for PROFILE=SYSTEM system default cipherlist +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- Configurations/unix-Makefile.tmpl | 5 ++ Configure | 11 +++- @@ -15,7 +20,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist 7 files changed, 109 insertions(+), 13 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 9f369edf0e..c52389f831 100644 +index 5d61ce9550..e9fba957f1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man @@ -81,7 +86,7 @@ index cca1ac8d16..2ae1cd0bc2 100755 { $banner = $1 . "\n"; diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in -index b4ed3e51d5..2122e6bdfd 100644 +index d4df30686f..cec4835268 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. @@ -91,7 +96,7 @@ index b4ed3e51d5..2122e6bdfd 100644 +=item B + +The list of enabled cipher suites will be loaded from the system crypto policy -+configuration file B. ++configuration file B. +See also L. +This is the default behavior unless an application explicitly sets a cipher +list. If used in a cipher list configuration value this string must be at the @@ -101,7 +106,7 @@ index b4ed3e51d5..2122e6bdfd 100644 "High" encryption cipher suites. This currently means those with key lengths diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index f9a61609e4..c6f95fed3f 100644 +index 9f91039f8a..fc34d4ca61 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -209,6 +209,11 @@ extern "C" { @@ -117,17 +122,16 @@ index f9a61609e4..c6f95fed3f 100644 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index b1d3f7919e..f7cc7fed48 100644 +index 8360991ce4..33c23efb0d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1455,6 +1455,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) +@@ -1455,6 +1455,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } +#ifdef SYSTEM_CIPHERS_FILE +static char *load_system_str(const char *suffix) +{ -+ FILE *fp; + char buf[1024]; + char *new_rules; + const char *ciphers_path; @@ -135,29 +139,26 @@ index b1d3f7919e..f7cc7fed48 100644 + + if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) + ciphers_path = SYSTEM_CIPHERS_FILE; -+ fp = fopen(ciphers_path, "r"); -+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { -+ /* cannot open or file is empty */ ++ ERR_set_mark(); ++ if (access(ciphers_path, R_OK) == 0) { ++ CONF *conf = NCONF_new_ex(NULL, NCONF_default()); ++ char *value = NULL; ++ ++ if (NCONF_load(conf, ciphers_path, NULL) > 0) ++ value = NCONF_get_string(conf, "global", "CipherString"); ++ ++ snprintf(buf, sizeof(buf), "%s", value ? value : SSL_DEFAULT_CIPHER_LIST); ++ ++ NCONF_free(conf); ++ } else { + snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); + } -+ -+ if (fp) -+ fclose(fp); -+ ++ ERR_pop_to_mark(); + slen = strlen(suffix); + len = strlen(buf); + -+ if (buf[len - 1] == '\n') { -+ len--; -+ buf[len] = 0; -+ } -+ if (buf[len - 1] == '\r') { -+ len--; -+ buf[len] = 0; -+ } -+ -+ new_rules = OPENSSL_malloc(len + slen + 1); -+ if (new_rules == 0) ++ new_rules = OPENSSL_zalloc(len + slen + 1); ++ if (new_rules == NULL) + return NULL; + + memcpy(new_rules, buf, len); @@ -174,7 +175,7 @@ index b1d3f7919e..f7cc7fed48 100644 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -182,7 +183,7 @@ index b1d3f7919e..f7cc7fed48 100644 + char *new_rules = NULL; + + if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { -+ char *p = rule_str + 14; ++ const char *p = rule_str + 14; + + new_rules = load_system_str(p); + rule_str = new_rules; @@ -211,7 +212,7 @@ index b1d3f7919e..f7cc7fed48 100644 } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -221,16 +222,17 @@ index b1d3f7919e..f7cc7fed48 100644 } /* -@@ -1611,7 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1611,8 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(co_list); +- OPENSSL_free(co_list); - return NULL; /* Failure */ + goto err; } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1637,8 +1693,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -240,7 +242,7 @@ index b1d3f7919e..f7cc7fed48 100644 } /* -@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1646,10 +1701,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -256,7 +258,7 @@ index b1d3f7919e..f7cc7fed48 100644 /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1701,6 +1759,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -272,10 +274,10 @@ index b1d3f7919e..f7cc7fed48 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index d14d5819ba..48d491219a 100644 +index cf59d2dfa5..1329841aaf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +@@ -700,7 +700,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -284,7 +286,7 @@ index d14d5819ba..48d491219a 100644 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +@@ -3966,7 +3966,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -294,10 +296,10 @@ index d14d5819ba..48d491219a 100644 ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c -index 380f0727fc..6922a87c30 100644 +index c46e431b00..19d05e860b 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c -@@ -244,7 +244,9 @@ end: +@@ -261,7 +261,9 @@ end: int setup_tests(void) { @@ -308,5 +310,5 @@ index 380f0727fc..6922a87c30 100644 ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_stdname_cipherlist); -- -2.26.2 +2.44.0 diff --git a/base/openssl3/0008-Add-FIPS_mode-compatibility-macro.patch b/base/openssl3/0008-Add-FIPS_mode-compatibility-macro.patch index 2e72999..c05aa79 100644 --- a/base/openssl3/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/base/openssl3/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,20 +1,22 @@ -From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 26 Nov 2020 14:00:16 +0100 -Subject: Add FIPS_mode() compatibility macro +From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch -The macro calls EVP_default_properties_is_fips_enabled() on the -default context. +Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch +Patch-id: 8 +Patch-status: | + # Add FIPS_mode() compatibility macro +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- - include/openssl/crypto.h.in | 1 + - include/openssl/fips.h | 25 +++++++++++++++++++++++++ - test/property_test.c | 13 +++++++++++++ - 3 files changed, 39 insertions(+) + include/openssl/fips.h | 26 ++++++++++++++++++++++++++ + test/property_test.c | 14 ++++++++++++++ + 2 files changed, 40 insertions(+) create mode 100644 include/openssl/fips.h diff --git a/include/openssl/fips.h b/include/openssl/fips.h new file mode 100644 -index 0000000000..c64f0f8e8f +index 0000000000..4162cbf88e --- /dev/null +++ b/include/openssl/fips.h @@ -0,0 +1,26 @@ @@ -44,13 +46,14 @@ index 0000000000..c64f0f8e8f +} +# endif +#endif -diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c ---- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 -+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 -@@ -488,6 +488,19 @@ static int test_property_list_to_string( +diff --git a/test/property_test.c b/test/property_test.c +index 45b1db3e85..8894c1c1cb 100644 +--- a/test/property_test.c ++++ b/test/property_test.c +@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i) return ret; } - + +#include +static int test_downstream_FIPS_mode(void) +{ @@ -67,7 +70,7 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1 int setup_tests(void) { ADD_TEST(test_property_string); -@@ -500,6 +512,7 @@ int setup_tests(void) +@@ -690,6 +703,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); @@ -75,3 +78,6 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1 ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); return 1; } +-- +2.41.0 + diff --git a/base/openssl3/0012-Disable-explicit-ec.patch b/base/openssl3/0012-Disable-explicit-ec.patch index aea4ccf..9b86309 100644 --- a/base/openssl3/0012-Disable-explicit-ec.patch +++ b/base/openssl3/0012-Disable-explicit-ec.patch @@ -1,7 +1,27 @@ -diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c ---- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100 -+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100 -@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** +From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch + +Patch-name: 0012-Disable-explicit-ec.patch +Patch-id: 12 +Patch-status: | + # Disable explicit EC curves + # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_asn1.c | 11 ++++++++++ + crypto/ec/ec_lib.c | 6 +++++ + test/ectest.c | 22 ++++++++++--------- + test/endecode_test.c | 20 ++++++++--------- + .../30-test_evp_data/evppkey_ecdsa.txt | 12 ---------- + 5 files changed, 39 insertions(+), 32 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 7a0b35a594..d19d57344e 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -14,7 +34,7 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry if (a) { EC_GROUP_free(*a); *a = group; -@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con +@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } @@ -114,10 +134,11 @@ index 4890b0555e..e11aec5b3b 100644 ret = 1; err: -diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c ---- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100 -+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100 -@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL; +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 14648287eb..9a437d8c64 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; static OSSL_PARAM_BLD *bld_prime = NULL; static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; @@ -126,7 +147,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; -@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") +@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") @@ -139,7 +160,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) -@@ -1318,7 +1318,7 @@ int setup_tests(void) +@@ -1352,7 +1352,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) @@ -148,7 +169,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) -@@ -1346,7 +1346,7 @@ int setup_tests(void) +@@ -1380,7 +1380,7 @@ int setup_tests(void) TEST_info("Generating EC keys..."); MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); @@ -157,7 +178,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -@@ -1389,8 +1389,8 @@ int setup_tests(void) +@@ -1423,8 +1423,8 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(EC); ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); @@ -168,7 +189,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); -@@ -1427,7 +1427,7 @@ void cleanup_tests(void) +@@ -1461,7 +1461,7 @@ void cleanup_tests(void) { #ifndef OPENSSL_NO_EC OSSL_PARAM_free(ec_explicit_prime_params_nc); @@ -177,7 +198,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); # ifndef OPENSSL_NO_EC2M -@@ -1449,7 +1449,7 @@ void cleanup_tests(void) +@@ -1483,7 +1483,7 @@ void cleanup_tests(void) #ifndef OPENSSL_NO_EC FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); @@ -186,10 +207,11 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); -diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ---- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100 -+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100 -@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index ec3c032aba..584ecee0eb 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl -----END PRIVATE KEY----- @@ -208,3 +230,6 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_e PrivateKey = B-163 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K +-- +2.41.0 + diff --git a/base/openssl3/0013-skipped-tests-EC-curves.patch b/base/openssl3/0013-skipped-tests-EC-curves.patch index 5bdef1e..fc544c9 100644 --- a/base/openssl3/0013-skipped-tests-EC-curves.patch +++ b/base/openssl3/0013-skipped-tests-EC-curves.patch @@ -1,7 +1,24 @@ -diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t ---- ./test/recipes/15-test_ec.t.skip-tests 2023-03-14 13:42:38.865508269 +0100 -+++ ./test/recipes/15-test_ec.t 2023-03-14 13:43:36.237021635 +0100 -@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key +From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch + +Patch-name: 0013-skipped-tests-EC-curves.patch +Patch-id: 13 +Patch-status: | + # Skipped tests from former 0011-Remove-EC-curves.patch +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + test/recipes/15-test_ec.t | 2 +- + test/recipes/65-test_cmp_protect.t | 2 +- + test/recipes/65-test_cmp_vfy.t | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t +index 0638d626e7..c0efd77649 100644 +--- a/test/recipes/15-test_ec.t ++++ b/test/recipes/15-test_ec.t +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub { subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" @@ -10,10 +27,11 @@ diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t plan tests => 2; -diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_cmp_protect.t ---- ./test/recipes/65-test_cmp_protect.t.skip-tests 2023-03-14 10:13:11.342056559 +0100 -+++ ./test/recipes/65-test_cmp_protect.t 2023-03-14 10:14:42.643873496 +0100 -@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo +diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t +index 631603df7c..4cb2ffebbc 100644 +--- a/test/recipes/65-test_cmp_protect.t ++++ b/test/recipes/65-test_cmp_protect.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a shared library build on Windows" if $^O eq 'MSWin32' && !disabled("shared"); @@ -35,3 +53,6 @@ index f722800e27..26a01786bb 100644 my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), +-- +2.41.0 + diff --git a/base/openssl3/0024-load-legacy-prov.patch b/base/openssl3/0024-load-legacy-prov.patch index 52ac5d5..1a65417 100644 --- a/base/openssl3/0024-load-legacy-prov.patch +++ b/base/openssl3/0024-load-legacy-prov.patch @@ -1,3 +1,18 @@ +From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 14/35] 0024-load-legacy-prov.patch + +Patch-name: 0024-load-legacy-prov.patch +Patch-id: 24 +Patch-status: | + # Instructions to load legacy provider in openssl.cnf +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/openssl.cnf | 37 +++++++++++++++---------------------- + doc/man5/config.pod | 8 ++++++++ + 2 files changed, 23 insertions(+), 22 deletions(-) + diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf --- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 +++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 diff --git a/base/openssl3/0025-for-tests.patch b/base/openssl3/0025-for-tests.patch index aef200b..0e0146c 100644 --- a/base/openssl3/0025-for-tests.patch +++ b/base/openssl3/0025-for-tests.patch @@ -1,7 +1,7 @@ diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf --- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 +++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 -@@ -55,11 +55,11 @@ providers = provider_sect +@@ -55,17 +55,17 @@ providers = provider_sect # to side-channel attacks and as such have been deprecated. [provider_sect] @@ -16,3 +16,11 @@ diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf ##[legacy_sect] ##activate = 1 + +-#Place the third party provider configuration files into this folder +-.include /etc/pki/tls/openssl.d ++##Place the third party provider configuration files into this folder ++#.include /etc/pki/tls/openssl.d + + +#################################################################### diff --git a/base/openssl3/0035-speed-skip-unavailable-dgst.patch b/base/openssl3/0035-speed-skip-unavailable-dgst.patch index 9256f7f..d52d5e1 100644 --- a/base/openssl3/0035-speed-skip-unavailable-dgst.patch +++ b/base/openssl3/0035-speed-skip-unavailable-dgst.patch @@ -1,7 +1,22 @@ -diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c ---- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 -+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 -@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo +From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch + +Patch-name: 0035-speed-skip-unavailable-dgst.patch +Patch-id: 35 +Patch-status: | + # Skip unavailable algorithms running `openssl speed` +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/speed.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/apps/speed.c b/apps/speed.c +index d527f12f18..2ff3eb53bd 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args) for (count = 0; COND(c[algindex][testnum]); count++) { size_t outl; @@ -11,3 +26,6 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c if (!EVP_MAC_init(mctx, NULL, 0, NULL) || !EVP_MAC_update(mctx, buf, lengths[testnum]) || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) +-- +2.41.0 + diff --git a/base/openssl3/0044-FIPS-140-3-keychecks.patch b/base/openssl3/0044-FIPS-140-3-keychecks.patch index 3fedb4c..e9012e4 100644 --- a/base/openssl3/0044-FIPS-140-3-keychecks.patch +++ b/base/openssl3/0044-FIPS-140-3-keychecks.patch @@ -383,6 +383,8 @@ index cd5de6bd51..d4261e8f7d 100644 const OSSL_DISPATCH ossl_rsa_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, +-- +2.41.0 diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index e0d139d..35f23b2 100644 --- a/crypto/rsa/rsa_gen.c diff --git a/base/openssl3/0045-FIPS-services-minimize.patch b/base/openssl3/0045-FIPS-services-minimize.patch index 117e6b2..befa23b 100644 --- a/base/openssl3/0045-FIPS-services-minimize.patch +++ b/base/openssl3/0045-FIPS-services-minimize.patch @@ -1,13 +1,12 @@ -From e25b25227043a2b2cf156527c31d7686a4265bf3 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 20/49] 0045-FIPS-services-minimize.patch +From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 12:55:57 +0200 +Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch Patch-name: 0045-FIPS-services-minimize.patch Patch-id: 45 Patch-status: | - # # Minimize fips services -From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce + # Minimize fips services --- apps/ecparam.c | 7 +++ apps/req.c | 2 +- @@ -21,14 +20,14 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce test/evp_libctx_test.c | 9 +++- test/recipes/15-test_gendsa.t | 2 +- test/recipes/20-test_cli_fips.t | 3 +- - test/recipes/30-test_evp.t | 20 ++++----- + test/recipes/30-test_evp.t | 16 +++---- .../30-test_evp_data/evpmac_common.txt | 22 ++++++++++ test/recipes/80-test_cms.t | 22 +++++----- test/recipes/80-test_ssl_old.t | 2 +- - 16 files changed, 128 insertions(+), 51 deletions(-) + 16 files changed, 128 insertions(+), 47 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c -index 71f93c4ca5..347bf62d5c 100644 +index 9e9ad13683..9c66cf2434 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) @@ -46,10 +45,10 @@ index 71f93c4ca5..347bf62d5c 100644 comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) diff --git a/apps/req.c b/apps/req.c -index 8995453dca..cb38e6aa64 100644 +index 23757044ab..5916914978 100644 --- a/apps/req.c +++ b/apps/req.c -@@ -268,7 +268,7 @@ int req_main(int argc, char **argv) +@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) unsigned long chtype = MBSTRING_ASC, reqflag = 0; #ifndef OPENSSL_NO_DES @@ -59,10 +58,10 @@ index 8995453dca..cb38e6aa64 100644 opt_set_unknown_name("digest"); diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f7234615e4..0d4c0e3388 100644 +index ed37e76969..eb836dfa6a 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c -@@ -189,9 +189,9 @@ static const OSSL_PARAM param_group_list[][10] = { +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), @@ -74,7 +73,7 @@ index f7234615e4..0d4c0e3388 100644 TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30), TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31), diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 7ec409710b..ec5bdd5a69 100644 +index 518226dfc6..29438faea8 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) @@ -132,7 +131,7 @@ index 7ec409710b..ec5bdd5a69 100644 { NULL, NULL, NULL } }; -@@ -410,8 +413,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { +@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, # ifndef OPENSSL_NO_ECX @@ -144,27 +143,7 @@ index 7ec409710b..ec5bdd5a69 100644 # endif #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, -@@ -422,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch[] = { - - static const OSSL_ALGORITHM fips_signature[] = { - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, - #ifndef OPENSSL_NO_EC - # ifndef OPENSSL_NO_ECX -- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, - ossl_ed25519_signature_functions }, -- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, -+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/ - # endif - { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, - #endif -@@ -460,8 +466,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA @@ -176,7 +155,7 @@ index 7ec409710b..ec5bdd5a69 100644 #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, PROV_DESCS_RSA }, -@@ -471,14 +478,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, # ifndef OPENSSL_NO_ECX @@ -251,10 +230,10 @@ index 2057378d3d..4b80bb70b9 100644 static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 22d93ead53..c1405f47ea 100644 +index d4261e8f7d..2a5504d104 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -686,6 +686,19 @@ static int rsa_verify_recover(void *vprsactx, +@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -274,7 +253,7 @@ index 22d93ead53..c1405f47ea 100644 if (!ossl_prov_is_running()) return 0; -@@ -774,6 +787,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, +@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; size_t rslen; @@ -295,7 +274,7 @@ index 22d93ead53..c1405f47ea 100644 if (!ossl_prov_is_running()) return 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 33c23efb0d..113c204716 100644 +index a5e60e8839..f9af07d12b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) @@ -309,10 +288,10 @@ index 33c23efb0d..113c204716 100644 * We ignore any errors from the fetches below. They are expected to fail * if these algorithms are not available. diff --git a/test/acvp_test.c b/test/acvp_test.c -index 45509095af..4a67519bb4 100644 +index fee880d441..13d7a0ea8b 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c -@@ -1478,6 +1478,7 @@ int setup_tests(void) +@@ -1476,6 +1476,7 @@ int setup_tests(void) OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ @@ -320,7 +299,7 @@ index 45509095af..4a67519bb4 100644 #ifndef OPENSSL_NO_DSA ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); -@@ -1485,6 +1486,7 @@ int setup_tests(void) +@@ -1483,6 +1484,7 @@ int setup_tests(void) ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); #endif /* OPENSSL_NO_DSA */ @@ -329,10 +308,10 @@ index 45509095af..4a67519bb4 100644 #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); diff --git a/test/endecode_test.c b/test/endecode_test.c -index b53b7b715b..885e49a47c 100644 +index 9a437d8c64..53385028fc 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -1419,6 +1419,7 @@ int setup_tests(void) +@@ -1407,6 +1407,7 @@ int setup_tests(void) * so no legacy tests. */ #endif @@ -340,7 +319,7 @@ index b53b7b715b..885e49a47c 100644 #ifndef OPENSSL_NO_DSA ADD_TEST_SUITE(DSA); ADD_TEST_SUITE_PARAMS(DSA); -@@ -1429,6 +1430,7 @@ int setup_tests(void) +@@ -1417,6 +1418,7 @@ int setup_tests(void) ADD_TEST_SUITE_PROTECTED_PVK(DSA); # endif #endif @@ -348,7 +327,7 @@ index b53b7b715b..885e49a47c 100644 #ifndef OPENSSL_NO_EC ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); -@@ -1443,10 +1445,12 @@ int setup_tests(void) +@@ -1431,10 +1433,12 @@ int setup_tests(void) ADD_TEST_SUITE(ECExplicitTri2G); ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); # endif @@ -396,7 +375,7 @@ index 2448c35a14..a7913cda4c 100644 return 1; } diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t -index 4bc460784b..93052eb3e7 100644 +index b495b08bda..69bd299521 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); @@ -409,10 +388,10 @@ index 4bc460784b..93052eb3e7 100644 plan tests => ($no_fips ? 0 : 2) # FIPS related tests diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t -index d4b4d4ca51..031814e8ff 100644 +index 6d3c5ba1bb..2ba47b5fca 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t -@@ -278,8 +278,7 @@ SKIP: { +@@ -273,8 +273,7 @@ SKIP: { } SKIP : { @@ -423,10 +402,10 @@ index d4b4d4ca51..031814e8ff 100644 subtest DSA => sub { my $testtext_prefix = 'DSA'; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index eddca5c58e..36a192d041 100644 +index 9d7040ced2..f8beb538d4 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t -@@ -46,10 +46,8 @@ my @files = qw( +@@ -42,10 +42,8 @@ my @files = qw( evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_aes_stitched.txt @@ -437,23 +416,7 @@ index eddca5c58e..36a192d041 100644 evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt evpkdf_ss.txt -@@ -69,15 +67,6 @@ push @files, qw( - evppkey_ffdhe.txt - evppkey_dh.txt - ) unless $no_dh; --push @files, qw( -- evpkdf_x942_des.txt -- evpmac_cmac_des.txt -- ) unless $no_des; --push @files, qw(evppkey_dsa.txt) unless $no_dsa; --push @files, qw( -- evppkey_ecx.txt -- evppkey_mismatch_ecx.txt -- ) unless $no_ecx; - push @files, qw( - evppkey_ecc.txt - evppkey_ecdh.txt -@@ -97,6 +86,7 @@ my @defltfiles = qw( +@@ -91,6 +83,7 @@ my @defltfiles = qw( evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt @@ -461,7 +424,7 @@ index eddca5c58e..36a192d041 100644 evpciph_idea.txt evpciph_rc2.txt evpciph_rc4.txt -@@ -121,13 +111,19 @@ my @defltfiles = qw( +@@ -114,10 +107,17 @@ my @defltfiles = qw( evpmd_whirlpool.txt evppbe_scrypt.txt evppbe_pkcs12.txt @@ -478,15 +441,12 @@ index eddca5c58e..36a192d041 100644 + ) unless $no_des; push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; --push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; - push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; + push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt -index e47023aae6..96a8febeef 100644 +index 93195df97c..315413cd9b 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt -@@ -363,6 +363,7 @@ IV = 7AE8E2CA4EC500012E58495C +@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Result = MAC_INIT_ERROR @@ -494,7 +454,7 @@ index e47023aae6..96a8febeef 100644 Title = KMAC Tests (From NIST) MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -@@ -373,12 +374,14 @@ Ctrl = xof:0 +@@ -350,12 +351,14 @@ Ctrl = xof:0 OutputSize = 32 BlockSize = 168 @@ -509,7 +469,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -386,6 +389,7 @@ Custom = "My Tagged Application" +@@ -363,6 +366,7 @@ Custom = "My Tagged Application" Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 Ctrl = size:32 @@ -517,7 +477,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -394,12 +398,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC +@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC OutputSize = 64 BlockSize = 136 @@ -532,7 +492,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -409,12 +415,14 @@ Ctrl = size:64 +@@ -386,12 +392,14 @@ Ctrl = size:64 Title = KMAC XOF Tests (From NIST) @@ -547,7 +507,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -422,6 +430,7 @@ Custom = "My Tagged Application" +@@ -399,6 +407,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C XOF = 1 @@ -555,7 +515,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -430,6 +439,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F XOF = 1 Ctrl = size:32 @@ -563,7 +523,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -437,6 +447,7 @@ Custom = "My Tagged Application" +@@ -414,6 +424,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B XOF = 1 @@ -571,7 +531,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -444,6 +455,7 @@ Custom = "" +@@ -421,6 +432,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B XOF = 1 @@ -579,7 +539,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -454,6 +466,7 @@ XOF = 1 +@@ -431,6 +443,7 @@ XOF = 1 Title = KMAC long customisation string (from NIST ACVP) @@ -587,7 +547,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -464,12 +477,14 @@ XOF = 1 +@@ -441,12 +454,14 @@ XOF = 1 Title = KMAC XOF Tests via ctrl (From NIST) @@ -602,7 +562,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -477,6 +492,7 @@ Custom = "My Tagged Application" +@@ -454,6 +469,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C Ctrl = xof:1 @@ -610,7 +570,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -485,6 +501,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F Ctrl = xof:1 Ctrl = size:32 @@ -618,7 +578,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -492,6 +509,7 @@ Custom = "My Tagged Application" +@@ -469,6 +486,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B Ctrl = xof:1 @@ -626,7 +586,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -499,6 +517,7 @@ Custom = "" +@@ -476,6 +494,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B Ctrl = xof:1 @@ -634,7 +594,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -509,6 +528,7 @@ Ctrl = xof:1 +@@ -486,6 +505,7 @@ Ctrl = xof:1 Title = KMAC long customisation string via ctrl (from NIST ACVP) @@ -642,7 +602,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -519,6 +539,7 @@ Ctrl = xof:1 +@@ -496,6 +516,7 @@ Ctrl = xof:1 Title = KMAC long customisation string negative test @@ -650,7 +610,7 @@ index e47023aae6..96a8febeef 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -527,6 +548,7 @@ Result = MAC_INIT_ERROR +@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR Title = KMAC output is too large @@ -659,7 +619,7 @@ index e47023aae6..96a8febeef 100644 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 6a9792128b..4e368c730b 100644 +index 40dd585c18..cbec426137 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( @@ -734,7 +694,7 @@ index 6a9792128b..4e368c730b 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( +@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( my @smime_cms_tests = ( @@ -743,7 +703,7 @@ index 6a9792128b..4e368c730b 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", "-signer", $smrsa1, -@@ -263,7 +263,7 @@ my @smime_cms_tests = ( +@@ -261,7 +261,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -752,7 +712,7 @@ index 6a9792128b..4e368c730b 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -373,7 +373,7 @@ my @smime_cms_tests = ( +@@ -371,7 +371,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -775,5 +735,58 @@ index 50b74a1e29..e2dcb68fb5 100644 } -- -2.44.0 +2.41.0 +diff -up openssl-3.2.0/test/recipes/30-test_evp.t.patch openssl-3.2.0/test/recipes/30-test_evp.t +--- openssl-3.2.0/test/recipes/30-test_evp.t.patch 2023-12-06 15:33:27.843751147 +0100 ++++ openssl-3.2.0/test/recipes/30-test_evp.t 2023-12-06 15:34:27.585351920 +0100 +@@ -70,15 +70,6 @@ push @files, qw( + evppkey_dh.txt + ) unless $no_dh; + push @files, qw( +- evpkdf_x942_des.txt +- evpmac_cmac_des.txt +- ) unless $no_des; +-push @files, qw(evppkey_dsa.txt) unless $no_dsa; +-push @files, qw( +- evppkey_ecx.txt +- evppkey_mismatch_ecx.txt +- ) unless $no_ecx; +-push @files, qw( + evppkey_ecc.txt + evppkey_ecdh.txt + evppkey_ecdsa.txt +diff -up openssl-3.2.0/providers/fips/fipsprov.c.patch-fips openssl-3.2.0/providers/fips/fipsprov.c +--- openssl-3.2.0/providers/fips/fipsprov.c.patch-fips 2023-12-06 15:49:08.711198219 +0100 ++++ openssl-3.2.0/providers/fips/fipsprov.c 2023-12-06 15:55:42.362078721 +0100 +@@ -426,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch + + static const OSSL_ALGORITHM fips_signature[] = { + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC + # ifndef OPENSSL_NO_ECX +- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/ + # endif + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif +diff -up openssl-3.2.0/test/recipes/30-test_evp.t.fips-min openssl-3.2.0/test/recipes/30-test_evp.t +--- openssl-3.2.0/test/recipes/30-test_evp.t.fips-min 2024-02-01 11:00:56.823687618 +0100 ++++ openssl-3.2.0/test/recipes/30-test_evp.t 2024-02-01 11:01:20.131934678 +0100 +@@ -124,7 +124,6 @@ push @defltfiles, qw( + ) unless $no_des; + push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; +-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; + push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; diff --git a/base/openssl3/0049-Allow-disabling-of-SHA1-signatures.patch b/base/openssl3/0049-Allow-disabling-of-SHA1-signatures.patch new file mode 100644 index 0000000..487d1d9 --- /dev/null +++ b/base/openssl3/0049-Allow-disabling-of-SHA1-signatures.patch @@ -0,0 +1,510 @@ +From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 13:07:07 +0200 +Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch + +Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch +Patch-id: 49 +Patch-status: | + # Selectively disallow SHA1 signatures rhbz#2070977 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/context.c | 14 ++++ + crypto/evp/evp_cnf.c | 13 +++ + crypto/evp/m_sigver.c | 79 +++++++++++++++++++ + crypto/evp/pmeth_lib.c | 15 ++++ + doc/man5/config.pod | 13 +++ + include/crypto/context.h | 3 + + include/internal/cryptlib.h | 3 +- + include/internal/sslconf.h | 4 + + providers/common/securitycheck.c | 20 +++++ + providers/common/securitycheck_default.c | 9 ++- + providers/implementations/signature/dsa_sig.c | 11 ++- + .../implementations/signature/ecdsa_sig.c | 4 + + providers/implementations/signature/rsa_sig.c | 20 ++++- + ssl/t1_lib.c | 8 ++ + util/libcrypto.num | 2 + + 15 files changed, 209 insertions(+), 9 deletions(-) + +diff --git a/crypto/context.c b/crypto/context.c +index 51002ba79a..e697974c9d 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st { + void *fips_prov; + #endif + ++ void *legacy_digest_signatures; ++ + unsigned int ischild:1; + }; + +@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx) + goto err; + #endif + ++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx); ++ if (ctx->legacy_digest_signatures == NULL) ++ goto err; ++ + /* Low priority. */ + #ifndef FIPS_MODULE + ctx->child_provider = ossl_child_prov_ctx_new(ctx); +@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) + } + #endif + ++ if (ctx->legacy_digest_signatures != NULL) { ++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures); ++ ctx->legacy_digest_signatures = NULL; ++ } ++ + /* Low priority. */ + #ifndef FIPS_MODULE + if (ctx->child_provider != NULL) { +@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) + return ctx->fips_prov; + #endif + ++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: ++ return ctx->legacy_digest_signatures; ++ + default: + return NULL; + } +diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c +index 0e7fe64cf9..b9d3b6d226 100644 +--- a/crypto/evp/evp_cnf.c ++++ b/crypto/evp/evp_cnf.c +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index 630d339c35..6e4e9f5ae7 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -15,6 +15,73 @@ + #include "internal/provider.h" + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" ++#include "crypto/context.h" ++ ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++ ++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ ldsigs->allowed = 0; ++ return ldsigs; ++} ++ ++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( ++ OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++#ifndef FIPS_MODULE ++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) ++ return NULL; ++#endif ++ ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX); ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ #ifndef FIPS_MODULE ++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) ++ /* used in tests */ ++ return 1; ++ #endif ++ ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ return ldsigs != NULL ? ldsigs->allowed : 0; ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ if (ldsigs == NULL) { ++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ldsigs->allowed = allow; ++ return 1; ++} + + #ifndef FIPS_MODULE + +@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + } + } + ++ if (ctx->reqdigest != NULL ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(ctx->reqdigest); ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) ++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } ++ } ++ + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index ce6e1a1ccb..003926247b 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -33,6 +33,7 @@ + #include "internal/ffc.h" + #include "internal/numbers.h" + #include "internal/provider.h" ++#include "internal/sslconf.h" + #include "evp_local.h" + + #ifndef FIPS_MODULE +@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, + return -2; + } + ++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) ++ && md != NULL ++ && ctx->pkey != NULL ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } ++ } ++ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index bd05736220..ed34ff4b9c 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning: + The value may be anything that is acceptable as a property query + string for EVP_set_default_properties(). + ++=item B ++ ++The value is a boolean that can be B or B. If the value is not set, ++it behaves as if it was set to B. ++ ++When set to B, any attempt to create or verify a signature with a SHA1 ++digest will fail. To test whether your software will work with future versions ++of OpenSSL, set this option to B. This setting also affects TLS, where ++signature algorithms that use SHA1 as digest will no longer be supported if ++this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as ++pseudorandom function (PRF) to derive key material, disabling ++B requires the use of TLS 1.2 or newer. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff --git a/include/crypto/context.h b/include/crypto/context.h +index cc06c71be8..e9f74a414d 100644 +--- a/include/crypto/context.h ++++ b/include/crypto/context.h +@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); + #if defined(OPENSSL_THREADS) + void ossl_threads_ctx_free(void *); + #endif ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); ++void ossl_ctx_legacy_digest_signatures_free(void *); +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index ac50eb3bbd..3b115cc7df 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { + # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 + # define OSSL_LIB_CTX_THREAD_INDEX 19 + # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 +-# define OSSL_LIB_CTX_MAX_INDEXES 20 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 21 ++# define OSSL_LIB_CTX_MAX_INDEXES 21 + + OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); +diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h +index fd7f7e3331..05464b0655 100644 +--- a/include/internal/sslconf.h ++++ b/include/internal/sslconf.h +@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); + void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + ++/* Methods to support disabling all signatures with legacy digests */ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig); + #endif +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index 699ada7c52..e534ad0a5f 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c +@@ -19,6 +19,7 @@ + #include + #include + #include "prov/securitycheck.h" ++#include "internal/sslconf.h" + + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, + mdnid = -1; /* disallowed by security checks */ + } + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = -1; ++#endif ++ + return mdnid; + } + +diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c +index 246323493e..2ca7a59f39 100644 +--- a/providers/common/securitycheck_default.c ++++ b/providers/common/securitycheck_default.c +@@ -15,6 +15,7 @@ + #include + #include "prov/securitycheck.h" + #include "internal/nelem.h" ++#include "internal/sslconf.h" + + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) + { + int mdnid; ++ int ldsigs_allowed; + + static const OSSL_ITEM name_to_nid[] = { + { NID_md5, OSSL_DIGEST_NAME_MD5 }, +@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, + { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, + }; + +- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); ++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) ++ mdnid = -1; + return mdnid; + } +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index 70d0ea5d24..3c482e0181 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index ebeb30e002..c874f87bd5 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 2a5504d104..5f3a029566 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -25,6 +25,7 @@ + #include "internal/cryptlib.h" + #include "internal/nelem.h" + #include "internal/sizes.h" ++#include "internal/sslconf.h" + #include "crypto/rsa.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -33,6 +34,7 @@ + #include "prov/securitycheck.h" + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 ++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + + OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; +@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 +@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->pad_mode = pad_mode; + + if (prsactx->md == NULL && pmdname == NULL +- && pad_mode == RSA_PKCS1_PSS_PADDING) ++ && pad_mode == RSA_PKCS1_PSS_PADDING) { + pmdname = RSA_DEFAULT_DIGEST_NAME; ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++ } ++#endif ++ } ++ + + if (pmgf1mdname != NULL + && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 9cb8a4dda2..feb660d030 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: + OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: + BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.41.0 + +diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c +--- openssl-3.2.0/ssl/t1_lib.c.patch-sha1 2023-12-08 13:01:44.752501257 +0100 ++++ openssl-3.2.0/ssl/t1_lib.c 2023-12-08 13:04:18.969899853 +0100 +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "internal/tlsgroups.h" +@@ -1506,6 +1507,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) + uint16_t *tls12_sigalgs_list = NULL; + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; ++ int ldsigs_allowed; + + if (ctx == NULL) + goto err; +@@ -1521,6 +1523,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) + goto err; + + ERR_set_mark(); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); + /* First fill cache and tls12_sigalgs list from legacy algorithm list */ + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { +@@ -1542,6 +1545,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) + cache[i].enabled = 0; + continue; + } ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && !ldsigs_allowed) { ++ cache[i].enabled = 0; ++ continue; ++ } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; diff --git a/base/openssl3/0058-FIPS-limit-rsa-encrypt.patch b/base/openssl3/0058-FIPS-limit-rsa-encrypt.patch index c4f952b..5d3ef9c 100644 --- a/base/openssl3/0058-FIPS-limit-rsa-encrypt.patch +++ b/base/openssl3/0058-FIPS-limit-rsa-encrypt.patch @@ -1,23 +1,23 @@ -From 012e319b3d5b936a9208b1c75c13d9c4a2d0cc04 Mon Sep 17 00:00:00 2001 +From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 24/49] 0058-FIPS-limit-rsa-encrypt.patch +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch Patch-name: 0058-FIPS-limit-rsa-encrypt.patch Patch-id: 58 Patch-status: | - # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce + # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- - providers/common/securitycheck.c | 1 + - .../implementations/asymciphers/rsa_enc.c | 35 +++++ - .../30-test_evp_data/evppkey_rsa_common.txt | 140 +++++++++++++----- - test/recipes/80-test_cms.t | 5 +- - test/recipes/80-test_ssl_old.t | 27 +++- - 5 files changed, 168 insertions(+), 40 deletions(-) + providers/common/securitycheck.c | 1 + + .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++ + .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++- + test/recipes/80-test_cms.t | 5 +- + test/recipes/80-test_ssl_old.t | 27 +++++++-- + 5 files changed, 118 insertions(+), 8 deletions(-) diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index fe694c4e96..f635b5aec8 100644 +index e534ad0a5f..c017c658e5 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -27,6 +27,7 @@ @@ -29,10 +29,10 @@ index fe694c4e96..f635b5aec8 100644 { int protect = 0; diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 71bfa344d4..d548560f1f 100644 +index d865968058..872967bcb3 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -135,6 +135,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, +@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); } @@ -50,7 +50,7 @@ index 71bfa344d4..d548560f1f 100644 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen) { -@@ -144,6 +155,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -69,7 +69,7 @@ index 71bfa344d4..d548560f1f 100644 if (out == NULL) { size_t len = RSA_size(prsactx->rsa); -@@ -206,6 +229,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -89,10 +89,471 @@ index 71bfa344d4..d548560f1f 100644 if (out == NULL) { *outlen = SSL_MAX_MASTER_KEY_LENGTH; diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -index 76ddc1ec60..62d55308b0 100644 +index 8680797b90..95d5d51102 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377 +@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index cbec426137..9ba7fbeed2 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -1022,6 +1022,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index e2dcb68fb5..0775112b40 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -493,6 +493,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -504,11 +516,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +-- +2.41.0 + +diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 2023-12-11 19:15:32.167790754 +0100 ++++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-12-11 21:16:08.390089120 +0100 +@@ -248,7 +248,7 @@ Input = 64b0e9f9892371110c40ba5739dc0974 Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # RSA decrypt @@ -101,23 +562,7 @@ index 76ddc1ec60..62d55308b0 100644 Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 Output = "Hello World" - - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # Note: disable the Bleichenbacher workaround to see if it passes - Decrypt = RSA-2048 - Ctrl = rsa_pkcs1_implicit_rejection:0 -@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 - Output = "Hello World" - - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # Corrupted ciphertext - # Note: output is generated synthethically by the Bleichenbacher workaround - Decrypt = RSA-2048 -@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 +@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff # The old FIPS provider doesn't include the workaround (#13817) @@ -126,13 +571,10 @@ index 76ddc1ec60..62d55308b0 100644 # Corrupted ciphertext # Note: disable the Bleichenbacher workaround to see if it fails Decrypt = RSA-2048 -@@ -345,82 +345,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC - # RSA decrypt - - # a random positive test case -+Availablein = default - Decrypt = RSA-2048-2 - Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 +diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:09:31.498568631 +0100 ++++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:14:45.858384004 +0100 +@@ -365,28 +365,28 @@ Input = 8bfe264e85d3bdeaa6b8851b8e3b956e Output = "lorem ipsum dolor sit amet" # The old FIPS provider doesn't include the workaround (#13817) @@ -165,48 +607,7 @@ index 76ddc1ec60..62d55308b0 100644 # invalid decrypting to message with length specified by third to last value from PRF Decrypt = RSA-2048-2 Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 - Output = 4f02 - - # positive test with 11 byte long value -+Availablein = default - Decrypt = RSA-2048-2 - Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 - Output = "lorem ipsum" - - # positive test with 11 byte long value and zero padded ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" - - # positive test with 11 byte long value and zero truncated ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" - - # positive test with 11 byte long value and double zero padded ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" - - # positive test with 11 byte long value and double zero truncated ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" - - # positive that generates a 0 byte long synthetic message internally -+Availablein = default - Decrypt = RSA-2048-2 - Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 - Output = "lorem ipsum" - - # positive that generates a 245 byte long synthetic message internally -+Availablein = default - Decrypt = RSA-2048-2 - Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 +@@ -428,14 +428,14 @@ Input = 1ea0b50ca65203d0a09280d39704b24f Output = "lorem ipsum" # The old FIPS provider doesn't include the workaround (#13817) @@ -223,7 +624,7 @@ index 76ddc1ec60..62d55308b0 100644 # an otherwise correct plaintext, but with wrong first byte # (0x01 instead of 0x00), generates a random 11 byte long plaintext Decrypt = RSA-2048-2 -@@ -428,7 +436,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc +@@ -443,7 +443,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be5 Output = a1f8c9255c35cfba403ccc # The old FIPS provider doesn't include the workaround (#13817) @@ -232,7 +633,7 @@ index 76ddc1ec60..62d55308b0 100644 # an otherwise correct plaintext, but with wrong second byte # (0x01 instead of 0x02), generates a random 11 byte long plaintext Decrypt = RSA-2048-2 -@@ -436,7 +444,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d +@@ -451,7 +451,7 @@ Input = 782c2b59a21a511243820acedd567c13 Output = e6d700309ca0ed62452254 # The old FIPS provider doesn't include the workaround (#13817) @@ -241,7 +642,7 @@ index 76ddc1ec60..62d55308b0 100644 # an invalid ciphertext, with a zero byte in first byte of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -445,7 +453,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a +@@ -460,7 +460,7 @@ Input = 0096136621faf36d5290b16bd26295de Output = ba27b1842e7c21c0e7ef6a # The old FIPS provider doesn't include the workaround (#13817) @@ -250,7 +651,7 @@ index 76ddc1ec60..62d55308b0 100644 # an invalid ciphertext, with a zero byte removed from first byte of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -454,7 +462,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3 +@@ -469,7 +469,7 @@ Input = 96136621faf36d5290b16bd26295de27 Output = ba27b1842e7c21c0e7ef6a # The old FIPS provider doesn't include the workaround (#13817) @@ -259,7 +660,7 @@ index 76ddc1ec60..62d55308b0 100644 # an invalid ciphertext, with two zero bytes in first bytes of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -463,7 +471,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f +@@ -478,7 +478,7 @@ Input = 0000587cccc6b264bdfe0dc2149a9880 Output = d5cf555b1d6151029a429a # The old FIPS provider doesn't include the workaround (#13817) @@ -268,7 +669,7 @@ index 76ddc1ec60..62d55308b0 100644 # an invalid ciphertext, with two zero bytes removed from first bytes of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -472,7 +480,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c +@@ -487,7 +487,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa Output = d5cf555b1d6151029a429a # The old FIPS provider doesn't include the workaround (#13817) @@ -277,7 +678,7 @@ index 76ddc1ec60..62d55308b0 100644 # and invalid ciphertext, otherwise valid but starting with 000002, decrypts # to random 11 byte long synthetic plaintext Decrypt = RSA-2048-2 -@@ -480,7 +488,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802 +@@ -495,7 +495,7 @@ Input = 1786550ce8d8433052e01ecba8b76d30 Output = 3d4a054d9358209e9cbbb9 # The old FIPS provider doesn't include the workaround (#13817) @@ -286,7 +687,7 @@ index 76ddc1ec60..62d55308b0 100644 # negative test with otherwise valid padding but a zero byte in first byte # of padding Decrypt = RSA-2048-2 -@@ -488,7 +496,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94 +@@ -503,7 +503,7 @@ Input = 179598823812d2c58a7eb50521150a48 Output = 1f037dd717b07d3e7f7359 # The old FIPS provider doesn't include the workaround (#13817) @@ -295,7 +696,7 @@ index 76ddc1ec60..62d55308b0 100644 # negative test with otherwise valid padding but a zero byte at the eighth # byte of padding Decrypt = RSA-2048-2 -@@ -496,7 +504,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646 +@@ -511,7 +511,7 @@ Input = a7a340675a82c30e22219a55bc07cdf3 Output = 63cb0bf65fc8255dd29e17 # The old FIPS provider doesn't include the workaround (#13817) @@ -304,7 +705,7 @@ index 76ddc1ec60..62d55308b0 100644 # negative test with an otherwise valid plaintext but with missing separator # byte Decrypt = RSA-2048-2 -@@ -551,53 +559,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC +@@ -566,53 +566,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLI # RSA decrypt # The old FIPS provider doesn't include the workaround (#13817) @@ -367,7 +768,80 @@ index 76ddc1ec60..62d55308b0 100644 # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) Decrypt = RSA-2049 Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 -@@ -661,14 +674,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= +diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:22:09.981463726 +0100 ++++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:28:41.789966051 +0100 +@@ -269,7 +269,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 + Output = "Hello World" + + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 ++Availablein = default + # Note: disable the Bleichenbacher workaround to see if it passes + Decrypt = RSA-2048 + Ctrl = rsa_pkcs1_implicit_rejection:0 +@@ -277,7 +277,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 + Output = "Hello World" + + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 ++Availablein = default + # Corrupted ciphertext + # Note: output is generated synthethically by the Bleichenbacher workaround + Decrypt = RSA-2048 +@@ -360,6 +360,7 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-P + # RSA decrypt + + # a random positive test case ++Availablein = default + Decrypt = RSA-2048-2 + Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 + Output = "lorem ipsum dolor sit amet" +@@ -393,36 +394,43 @@ Input = 1690ebcceece2ce024f382e467cf8510 + Output = 4f02 + + # positive test with 11 byte long value ++Availablein = default + Decrypt = RSA-2048-2 + Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 + Output = "lorem ipsum" + + # positive test with 11 byte long value and zero padded ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + + # positive test with 11 byte long value and zero truncated ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + + # positive test with 11 byte long value and double zero padded ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + + # positive test with 11 byte long value and double zero truncated ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + + # positive that generates a 0 byte long synthetic message internally ++Availablein = default + Decrypt = RSA-2048-2 + Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 + Output = "lorem ipsum" + + # positive that generates a 245 byte long synthetic message internally ++Availablein = default + Decrypt = RSA-2048-2 + Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 + Output = "lorem ipsum" +@@ -681,14 +690,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKu PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC # The old FIPS provider doesn't include the workaround (#13817) @@ -384,7 +858,7 @@ index 76ddc1ec60..62d55308b0 100644 # a random invalid that has PRF output with a length one byte too long # in the last value Decrypt = RSA-3072 -@@ -676,46 +689,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa +@@ -696,46 +705,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d8 Output = 56a3bea054e01338be9b7d7957539c # The old FIPS provider doesn't include the workaround (#13817) @@ -439,7 +913,7 @@ index 76ddc1ec60..62d55308b0 100644 # a random negative test case that generates a 9 byte long message based on # second to last value from PRF Decrypt = RSA-3072 -@@ -723,7 +741,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0 +@@ -743,7 +757,7 @@ Input = 758c215aa6acd61248062b88284bf43c Output = 043383c929060374ed # The old FIPS provider doesn't include the workaround (#13817) @@ -448,7 +922,7 @@ index 76ddc1ec60..62d55308b0 100644 # a random negative test that generates message based on 3rd last value from # PRF Decrypt = RSA-3072 -@@ -731,35 +749,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48 +@@ -751,35 +765,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4 Output = 70263fa6050534b9e0 # The old FIPS provider doesn't include the workaround (#13817) @@ -489,461 +963,3 @@ index 76ddc1ec60..62d55308b0 100644 # an otherwise valid plaintext, but with null separator missing Decrypt = RSA-3072 Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 -@@ -1106,36 +1124,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 - h90qjKHS9PvY4Q== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a - Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 - Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb - Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 - Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 - Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1160,36 +1184,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 - eG2e4XlBcKjI6A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e - Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 - Output=2d - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 - Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 - Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec - Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1214,36 +1244,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z - Ya4qnqZe1onjY5o= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 - Output=087820b569e8fa8d - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 - Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a - Output=d94cd0e08fa404ed89 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 - Output=6cc641b6b61e6f963974dad23a9013284ef1 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 - Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1268,36 +1304,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq - aD0x7TDrmEvkEro= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 - Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e - Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 - Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 - Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 - Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1322,36 +1364,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B - MSwGUGLx60i3nRyDyw== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 - Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad - Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 - Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf - Output=15c5b9ee1185 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 - Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1376,36 +1424,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC - Yejn5Ly8mU2q+jBcRQ== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 - Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f - Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 - Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 - Output=684e3038c5c041f7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab - Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1430,36 +1484,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS - FMlxv0gq65dqc3DC - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 - Output=47aae909 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 - Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b - Output=d976fc - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac - Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 - Output=bb47231ca5ea1d3ad46c99345d9a8a61 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1484,36 +1544,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM - 2MiPa249Z+lh3Luj0A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 - Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d - Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f - Output=8604ac56328c1ab5ad917861 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 - Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 - Output=4a5f4914bee25de3c69341de07 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1544,36 +1610,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo - tKo5Eb69iFQvBb4= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 - Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 - Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 - Output=fd326429df9b890e09b54b18b8f34f1e24 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 - Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e - Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 4e368c730b..879d5d76eb 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -235,7 +235,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", -+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, -@@ -1118,6 +1118,9 @@ sub check_availability { - return "$tnam: skipped, DSA disabled\n" - if ($no_dsa && $tnam =~ / DSA/); - -+ return "$tnam: skipped, Red Hat FIPS\n" -+ if ($tnam =~ /no Red Hat FIPS/); -+ - return ""; - } - -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index e2dcb68fb5..0775112b40 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t -@@ -493,6 +493,18 @@ sub testssl { - # the default choice if TLSv1.3 enabled - my $flag = $protocol eq "-tls1_3" ? "" : $protocol; - my $ciphersuites = ""; -+ my %redhat_skip_cipher = map {$_ => 1} qw( -+AES256-GCM-SHA384:@SECLEVEL=0 -+AES256-CCM8:@SECLEVEL=0 -+AES256-CCM:@SECLEVEL=0 -+AES128-GCM-SHA256:@SECLEVEL=0 -+AES128-CCM8:@SECLEVEL=0 -+AES128-CCM:@SECLEVEL=0 -+AES256-SHA256:@SECLEVEL=0 -+AES128-SHA256:@SECLEVEL=0 -+AES256-SHA:@SECLEVEL=0 -+AES128-SHA:@SECLEVEL=0 -+ ); - foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; -@@ -504,11 +516,16 @@ sub testssl { - } else { - $cipher = $cipher.':@SECLEVEL=0'; - } -- ok(run(test([@ssltest, @exkeys, "-cipher", -- $cipher, -- "-ciphersuites", $ciphersuites, -- $flag || ()])), -- "Testing $cipher"); -+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { -+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; -+ ok(1); -+ } else { -+ ok(run(test([@ssltest, @exkeys, "-cipher", -+ $cipher, -+ "-ciphersuites", $ciphersuites, -+ $flag || ()])), -+ "Testing $cipher"); -+ } - } - } - next if $protocol eq "-tls1_3"; --- -2.44.0 - diff --git a/base/openssl3/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/base/openssl3/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index 726d320..6f5fef2 100644 --- a/base/openssl3/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/base/openssl3/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -1,39 +1,22 @@ -From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 22 Jul 2022 13:59:37 +0200 -Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed +From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 29/35] + 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -Review by our lab for FIPS 140-3 certification expects the RSA -encryption and decryption tests to use a supported padding mode, not raw -RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. - -The FIPS 140-3 Implementation Guidance specifies in section 10.3.A -"Cryptographic Algorithm Self-Test Requirements" that a self-test may be -a known-answer test, a comparison test, or a fault-detection test. - -Comparison tests are not an option, because they would require -a separate implementation of RSA-OAEP, which we do not have. Fault -detection tests require implementing fault detection mechanisms into the -cryptographic algorithm implementation, we we also do not have. - -As a consequence, a known-answer test must be used to test RSA -encryption and decryption, but RSA encryption with OAEP padding is not -deterministic, and thus encryption will always yield different results -that could not be compared to known answers. For this reason, this -change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1), -which is the source of randomness for RSA-OAEP, to a fixed value. This -setting is only available during self-test execution, and the parameter -set using EVP_PKEY_CTX_set_params() will be ignored otherwise. - -Signed-off-by: Clemens Lang +Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +Patch-id: 73 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- crypto/rsa/rsa_local.h | 8 ++ crypto/rsa/rsa_oaep.c | 34 ++++++-- - providers/fips/self_test_data.inc | 83 +++++++++++-------- + include/openssl/core_names.h | 3 + + providers/fips/self_test_data.inc | 79 ++++++++++--------- providers/fips/self_test_kats.c | 7 ++ .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- - util/perl/OpenSSL/paramnames.pm | 1 + - 6 files changed, 126 insertions(+), 44 deletions(-) + 6 files changed, 128 insertions(+), 44 deletions(-) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index ea70da05ad..dde57a1a0e 100644 @@ -119,32 +102,26 @@ index d9be1a4f98..b2f7f7dc4b 100644 const unsigned char *from, int flen, const unsigned char *param, int plen, diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 4e30ec56dd..0103c87528 100644 +index e0fdc0daa4..aa2012c04a 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { - ST_KAT_PARAM_END() +@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { }; --/*- + /*- - * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the -- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient -- * HP/UX PA-RISC compilers. -- */ --static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; -- -+/*- + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the -+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient -+ * HP/UX PA-RISC compilers. -+ */ + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; +static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; +static const char oaep_fixed_seed[] = { + 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, + 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, + 0x2e, 0x4b, 0x2c, 0xe6 +}; -+ + static const ST_KAT_PARAM rsa_enc_params[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), @@ -153,7 +130,7 @@ index 4e30ec56dd..0103c87528 100644 ST_KAT_PARAM_END() }; -@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { +@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = { 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 }; @@ -231,10 +208,10 @@ index 4e30ec56dd..0103c87528 100644 #ifndef OPENSSL_NO_EC diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index 064794d9bf..b6d5e8e134 100644 +index 74ee25dcb6..a9bc8be7fa 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) return ret; } @@ -257,7 +234,7 @@ index 064794d9bf..b6d5e8e134 100644 } diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 00cf65fcd6..83be3d8ede 100644 +index 9cd8904131..40de5ce8fa 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -30,6 +30,9 @@ @@ -280,7 +257,7 @@ index 00cf65fcd6..83be3d8ede 100644 /* PKCS#1 v1.5 decryption mode */ unsigned int implicit_rejection; } PROV_RSA_CTX; -@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, } } ret = @@ -304,7 +281,7 @@ index 00cf65fcd6..83be3d8ede 100644 if (!ret) { OPENSSL_free(tbuf); -@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) +@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) EVP_MD_free(prsactx->oaep_md); EVP_MD_free(prsactx->mgf1_md); OPENSSL_free(prsactx->oaep_label); @@ -314,7 +291,7 @@ index 00cf65fcd6..83be3d8ede 100644 OPENSSL_free(prsactx); } -@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), @@ -324,7 +301,7 @@ index 00cf65fcd6..83be3d8ede 100644 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), OSSL_PARAM_END }; -@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, +@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, return known_gettable_ctx_params; } @@ -335,7 +312,7 @@ index 00cf65fcd6..83be3d8ede 100644 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->oaep_labellen = tmp_labellen; } @@ -354,10 +331,12 @@ index 00cf65fcd6..83be3d8ede 100644 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); if (p != NULL) { unsigned int client_version; -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index c37ed7815f..70f7c50fe4 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm +-- +2.41.0 + +diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2.0/util/perl/OpenSSL/paramnames.pm +--- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config 2023-12-14 13:48:23.398025507 +0100 ++++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2023-12-14 14:24:49.519488385 +0100 @@ -401,6 +401,7 @@ my %params = ( 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", @@ -366,6 +345,3 @@ index c37ed7815f..70f7c50fe4 100644 # Encoder / decoder parameters --- -2.37.1 - diff --git a/base/openssl3/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/base/openssl3/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch index 7751f05..e41fadd 100644 --- a/base/openssl3/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ b/base/openssl3/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -1,25 +1,32 @@ -From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 28/49] - 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 15 Jul 2022 17:45:40 +0200 +Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test -Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -Patch-id: 74 -Patch-status: | - # [PATCH 29/46] - # 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +In review for FIPS 140-3, the lack of a self-test for the digest_sign +and digest_verify provider functions was highlighted as a problem. NIST +no longer provides ACVP tests for the RSA SigVer primitive (see +https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 +recommends the use of functions that compute the digest and signature +within the module, we have been advised in our module review that the +self tests should also use the combined digest and signature APIs, i.e. +the digest_sign and digest_verify provider functions. + +Modify the signature self-test to use these instead by switching to +EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to +crypto/evp/m_sigver.c to make these functions usable in the FIPS module. + +Signed-off-by: Clemens Lang --- - crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++----- - providers/fips/self_test_kats.c | 43 +++++++++++++++----------- - 2 files changed, 73 insertions(+), 24 deletions(-) + crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ + providers/fips/self_test_kats.c | 37 +++++++++++++++------------- + 2 files changed, 56 insertions(+), 24 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index fd3a4b79df..3e9f33c26c 100644 +index db1a1d7bc3..c94c3c53bd 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c -@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); return 0; } @@ -27,7 +34,7 @@ index fd3a4b79df..3e9f33c26c 100644 /* * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, reinit = 0; if (e == NULL) ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); @@ -38,7 +45,7 @@ index fd3a4b79df..3e9f33c26c 100644 } if (ctx->pctx == NULL) return 0; -@@ -136,8 +139,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; ERR_set_mark(); @@ -49,7 +56,7 @@ index fd3a4b79df..3e9f33c26c 100644 /* do not reinitialize if pkey is set or operation is different */ if (reinit -@@ -222,8 +227,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, signature = evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, supported_sig, locpctx->propquery); @@ -60,7 +67,7 @@ index fd3a4b79df..3e9f33c26c 100644 break; } if (signature == NULL) -@@ -307,6 +314,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); if (ctx->fetched_digest != NULL) { ctx->digest = ctx->reqdigest = ctx->fetched_digest; @@ -68,7 +75,7 @@ index fd3a4b79df..3e9f33c26c 100644 } else { /* legacy engine support : remove the mark when this is deleted */ ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -315,11 +323,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } @@ -82,7 +89,7 @@ index fd3a4b79df..3e9f33c26c 100644 if (ctx->reqdigest != NULL && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -331,6 +341,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, goto err; } } @@ -90,7 +97,7 @@ index fd3a4b79df..3e9f33c26c 100644 if (ver) { if (signature->digest_verify_init == NULL) { -@@ -363,6 +374,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_KEYMGMT_free(tmp_keymgmt); return 0; @@ -98,7 +105,7 @@ index fd3a4b79df..3e9f33c26c 100644 legacy: /* * If we don't have the full support we need with provided methods, -@@ -434,6 +446,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->pctx->flag_call_digest_custom = 1; ret = 1; @@ -106,7 +113,7 @@ index fd3a4b79df..3e9f33c26c 100644 end: #ifndef FIPS_MODULE -@@ -476,7 +489,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, NULL); } @@ -114,57 +121,7 @@ index fd3a4b79df..3e9f33c26c 100644 int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) { -@@ -548,24 +560,31 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ - dctx = EVP_PKEY_CTX_dup(pctx); -@@ -580,7 +599,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - else - EVP_PKEY_CTX_free(dctx); - return r; -+#else -+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, -+ sigret, siglen, -+ sigret == NULL ? 0 : *siglen); -+ return r; -+#endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -653,6 +679,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, +@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, } } return 1; @@ -172,54 +129,7 @@ index fd3a4b79df..3e9f33c26c 100644 } int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -691,23 +718,30 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ - dctx = EVP_PKEY_CTX_dup(pctx); -@@ -721,7 +755,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - else - EVP_PKEY_CTX_free(dctx); - return r; -+#else -+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, -+ sig, siglen); -+ return r; -+#endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -762,6 +802,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, if (vctx || !r) return r; return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); @@ -227,16 +137,16 @@ index fd3a4b79df..3e9f33c26c 100644 } int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -794,4 +835,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); } -#endif /* FIPS_MODULE */ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index 4ea10670c0..5eb27c8ed2 100644 +index b6d5e8e134..77eec075e6 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, int ret = 0; OSSL_PARAM *params = NULL, *params_sig = NULL; OSSL_PARAM_BLD *bld = NULL; @@ -251,7 +161,7 @@ index 4ea10670c0..5eb27c8ed2 100644 size_t siglen = sizeof(sig); static const unsigned char dgst[] = { 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) goto err; @@ -292,7 +202,7 @@ index 4ea10670c0..5eb27c8ed2 100644 || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) goto err; -@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, goto err; OSSL_SELF_TEST_oncorrupt_byte(st, sig); @@ -313,5 +223,186 @@ index 4ea10670c0..5eb27c8ed2 100644 OSSL_PARAM_free(params_sig); OSSL_PARAM_BLD_free(bld); -- -2.44.0 +2.37.1 +diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c +--- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 11:44:18.761559765 +0100 ++++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 11:51:18.297195401 +0100 +@@ -560,26 +560,33 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx = NULL; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; ++ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; + } + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx != NULL) + pctx = dctx; +@@ -591,8 +598,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + else + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -704,25 +713,32 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx = NULL; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; ++ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; + } + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx != NULL) + pctx = dctx; +@@ -733,8 +749,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + else + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c +--- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:39:26.858137284 +0100 ++++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:40:28.201680446 +0100 +@@ -736,9 +736,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + goto legacy; + #endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ +-#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx != NULL) + pctx = dctx; +diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c +--- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:55:41.172653897 +0100 ++++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:56:23.562017396 +0100 +@@ -584,9 +584,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + goto legacy; + #endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ +-#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx != NULL) + pctx = dctx; +diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fips-new openssl-3.2.0/crypto/evp/m_sigver.c +--- openssl-3.2.0/crypto/evp/m_sigver.c.fips-new 2024-01-30 23:50:10.115710238 +0100 ++++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-31 00:04:31.448164500 +0100 +@@ -598,7 +598,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + else + EVP_PKEY_CTX_free(dctx); ++ return r; + #endif /* !defined(FIPS_MODULE) */ ++ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, ++ sigret, siglen, ++ sigret == NULL ? 0 : *siglen); + return r; + + #ifndef FIPS_MODULE +@@ -749,7 +753,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + else + EVP_PKEY_CTX_free(dctx); ++ return r; + #endif /* !defined(FIPS_MODULE) */ ++ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, ++ sig, siglen); + return r; + + #ifndef FIPS_MODULE +diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef openssl-3.2.0/crypto/evp/m_sigver.c +--- openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef 2024-02-01 09:23:07.877696442 +0100 ++++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-02-01 09:25:30.857169997 +0100 +@@ -599,11 +599,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + else + EVP_PKEY_CTX_free(dctx); + return r; +-#endif /* !defined(FIPS_MODULE) */ ++#else + r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + sigret == NULL ? 0 : *siglen); + return r; ++#endif /* !defined(FIPS_MODULE) */ + + #ifndef FIPS_MODULE + legacy: +@@ -754,10 +755,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + else + EVP_PKEY_CTX_free(dctx); + return r; +-#endif /* !defined(FIPS_MODULE) */ ++#else + r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); + return r; ++#endif /* !defined(FIPS_MODULE) */ + + #ifndef FIPS_MODULE + legacy: diff --git a/base/openssl3/0076-FIPS-140-3-DRBG.patch b/base/openssl3/0076-FIPS-140-3-DRBG.patch index 591b49c..23084f0 100644 --- a/base/openssl3/0076-FIPS-140-3-DRBG.patch +++ b/base/openssl3/0076-FIPS-140-3-DRBG.patch @@ -1,3 +1,22 @@ +From 0329eb6523363705946887d4f145dd77c741ae4a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 30/49] 0076-FIPS-140-3-DRBG.patch + +Patch-name: 0076-FIPS-140-3-DRBG.patch +Patch-id: 76 +Patch-status: | + # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/rand/prov_seed.c | 9 ++- + providers/implementations/rands/crngt.c | 6 +- + providers/implementations/rands/drbg.c | 11 ++- + providers/implementations/rands/drbg_local.h | 2 +- + .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- + 5 files changed, 28 insertions(+), 68 deletions(-) + diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c --- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 +++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 diff --git a/base/openssl3/0077-FIPS-140-3-zeroization.patch b/base/openssl3/0077-FIPS-140-3-zeroization.patch index f6ff517..692bebc 100644 --- a/base/openssl3/0077-FIPS-140-3-zeroization.patch +++ b/base/openssl3/0077-FIPS-140-3-zeroization.patch @@ -1,63 +1,26 @@ -diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c ---- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200 -+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200 -@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa - - void ossl_ffc_params_cleanup(FFC_PARAMS *params) - { -- BN_free(params->p); -- BN_free(params->q); -- BN_free(params->g); -- BN_free(params->j); -+ BN_clear_free(params->p); -+ BN_clear_free(params->q); -+ BN_clear_free(params->g); -+ BN_clear_free(params->j); - OPENSSL_free(params->seed); - ossl_ffc_params_init(params); - } -diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c ---- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200 -+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200 -@@ -155,8 +155,8 @@ void RSA_free(RSA *r) - CRYPTO_THREAD_lock_free(r->lock); - CRYPTO_FREE_REF(&r->references); - -- BN_free(r->n); -- BN_free(r->e); -+ BN_clear_free(r->n); -+ BN_clear_free(r->e); - BN_clear_free(r->d); - BN_clear_free(r->p); - BN_clear_free(r->q); -diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c ---- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200 -+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200 -@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx) - void *provctx = ctx->provctx; - - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_free(ctx->prefix); - OPENSSL_free(ctx->label); - OPENSSL_clear_free(ctx->data, ctx->data_len); -diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c ---- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200 -+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200 -@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct - static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) - { - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_clear_free(ctx->pass, ctx->pass_len); - memset(ctx, 0, sizeof(*ctx)); - } -diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c ---- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200 -+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200 -@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g +From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch + +Patch-name: 0077-FIPS-140-3-zeroization.patch +Patch-id: 77 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_lib.c | 4 ++++ + crypto/ffc/ffc_params.c | 8 ++++---- + crypto/rsa/rsa_lib.c | 4 ++-- + providers/implementations/kdfs/hkdf.c | 2 +- + providers/implementations/kdfs/pbkdf2.c | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 6c37bf78ae..cfbc3c3c1d 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) void EC_POINT_free(EC_POINT *point) { @@ -74,3 +37,66 @@ diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_li } void EC_POINT_clear_free(EC_POINT *point) +diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c +index 3536efd1ad..f3c164b8fc 100644 +--- a/crypto/ffc/ffc_params.c ++++ b/crypto/ffc/ffc_params.c +@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params) + + void ossl_ffc_params_cleanup(FFC_PARAMS *params) + { +- BN_free(params->p); +- BN_free(params->q); +- BN_free(params->g); +- BN_free(params->j); ++ BN_clear_free(params->p); ++ BN_clear_free(params->q); ++ BN_clear_free(params->g); ++ BN_clear_free(params->j); + OPENSSL_free(params->seed); + ossl_ffc_params_init(params); + } +diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c +index 9588a75964..76b4aac6fc 100644 +--- a/crypto/rsa/rsa_lib.c ++++ b/crypto/rsa/rsa_lib.c +@@ -155,8 +155,8 @@ void RSA_free(RSA *r) + CRYPTO_THREAD_lock_free(r->lock); + CRYPTO_FREE_REF(&r->references); + +- BN_free(r->n); +- BN_free(r->e); ++ BN_clear_free(r->n); ++ BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index daa619b8af..5304baa6c9 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx) + void *provctx = ctx->provctx; + + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx->label); + OPENSSL_clear_free(ctx->data, ctx->data_len); +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 5c3e7b95ce..349c3dd657 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx) + static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) + { + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + memset(ctx, 0, sizeof(*ctx)); + } +-- +2.41.0 + diff --git a/base/openssl3/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/base/openssl3/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch index 5903857..4308f5e 100644 --- a/base/openssl3/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +++ b/base/openssl3/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch @@ -1,26 +1,14 @@ -From 6aed6931cf50499e778a6d34502f9bf82f5a4c0d Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 16 Nov 2022 13:53:24 +0100 -Subject: [PATCH] rand: Forbid truncated hashes & SHA-3 in FIPS prov +From 936e081bd752ca0a883568aaf3b5752c9eaccb12 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:38:21 +0200 +Subject: [PATCH 36/48] + 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch -Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs" -of the Implementation Guidance for FIPS 140-3 [1] notes that there is no -efficiency improvement when using truncated hash functions (i.e. SHA-224 -rather than SHA-256 or SHA-384, SHA-512/224, or SHA512/256 rather than -SHA-512). Starting on 2023-05-16, all submissions to NIST's -Cryptographic Module Validation Program shall only use SHA-1, SHA-256, -or SHA-512. - -NIST further notes that the same will apply for the truncated versions -of SHA-3, i.e. SHA3-224 and SHA3-384, and that SHA-3 should currently -not be used. - -Adjust tests to only run Hash-DRBG and HMAC-DRBG tests with truncated -algorithms in the default provider. - -[1]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf - -Signed-off-by: Clemens Lang +Patch-name: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +Patch-id: 80 +Patch-status: | + # We believe that some changes present in CentOS are not necessary + # because ustream has a check for FIPS version --- providers/implementations/rands/drbg_hash.c | 12 ++ providers/implementations/rands/drbg_hmac.c | 12 ++ @@ -28,7 +16,7 @@ Signed-off-by: Clemens Lang 3 files changed, 153 insertions(+) diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c -index 12faa993d0..5f9602cf84 100644 +index fb824abfa6..b90fee6dec 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -51,7 +39,7 @@ index 12faa993d0..5f9602cf84 100644 hash->blocklen = EVP_MD_get_size(md); /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c -index ffeb70f8c3..79ed96a15a 100644 +index 664a074639..cbd4d0f519 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -367,6 +367,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -74,7 +62,7 @@ index ffeb70f8c3..79ed96a15a 100644 NULL, NULL, NULL, libctx)) return 0; diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt -index 8cb70247a0..8a0a2dea15 100644 +index 0e2ee82c58..7a17e7b3e1 100644 --- a/test/recipes/30-test_evp_data/evprand.txt +++ b/test/recipes/30-test_evp_data/evprand.txt @@ -7388,6 +7388,7 @@ Nonce.14 = 7239f92b63fb3dbe @@ -1110,5 +1098,5 @@ index 8cb70247a0..8a0a2dea15 100644 Digest = SHA-512 PredictionResistance = 1 -- -2.38.1 +2.41.0 diff --git a/base/openssl3/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/base/openssl3/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch index 83b5b0a..01fa935 100644 --- a/base/openssl3/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +++ b/base/openssl3/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch @@ -1,36 +1,21 @@ -From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 17 Nov 2022 13:53:31 +0100 -Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov +From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:43:57 +0200 +Subject: [PATCH 37/48] + 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -The current draft of FIPS 186-5 [1] no longer contains specifications -for X9.31 signature padding. Instead, it contains the following -information in Appendix E: - -> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from -> this standard. - -Since this situation is unlikely to change in future revisions of the -draft, and future FIPS 140-3 validations of the provider will require -X9.31 to be disabled or marked as not approved with an explicit -indicator, disallow this padding mode now. - -Remove the X9.31 tests from the acvp test, since they will always fail -now. - - [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf - -Signed-off-by: Clemens Lang +Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +Patch-id: 81 --- providers/implementations/signature/rsa_sig.c | 6 + test/acvp_test.inc | 214 ------------------ 2 files changed, 6 insertions(+), 214 deletions(-) diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 34f45175e8..49e7f9158a 100644 +index 63ee11e566..cfaa4841cb 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -1233,7 +1233,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1279,7 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) err_extra_text = "No padding not allowed with RSA-PSS"; goto cont; case RSA_X931_PADDING: @@ -284,5 +269,5 @@ index 73b24bdb0c..96a72073f9 100644 "pss", 4096, -- -2.38.1 +2.41.0 diff --git a/base/openssl3/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/base/openssl3/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch index b61bcb8..68953fb 100644 --- a/base/openssl3/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +++ b/base/openssl3/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch @@ -1,19 +1,11 @@ -From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 17 Nov 2022 18:08:24 +0100 -Subject: [PATCH] hmac: Add explicit FIPS indicator for key length +From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:46:40 +0200 +Subject: [PATCH 38/48] + 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms" -specifies key lengths < 112 bytes are disallowed for HMAC generation and -are legacy use for HMAC verification. - -Add an explicit indicator that will mark shorter key lengths as -unsupported. The indicator can be queries from the EVP_MAC_CTX object -using EVP_MAC_CTX_get_params() with the - OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR -parameter. - -Signed-off-by: Clemens Lang +Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +Patch-id: 83 --- include/crypto/evp.h | 7 +++++++ include/openssl/evp.h | 3 +++ @@ -21,7 +13,7 @@ Signed-off-by: Clemens Lang 4 files changed, 28 insertions(+) diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index 76fb990de4..1e2240516e 100644 +index aa07153441..a13127bd59 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); @@ -39,10 +31,10 @@ index 76fb990de4..1e2240516e 100644 OSSL_PROVIDER *prov; int name_id; diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 49e8e1df78..a5e78efd6e 100644 +index 86f4e22c70..615857caf5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, +@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, void *arg); /* MAC stuff */ @@ -63,7 +55,7 @@ index 52ebb08b8f..cf5c3ecbe7 100644 +#include "crypto/evp.h" + #include "internal/ssl3_cbc.h" - + #include "prov/implementations.h" @@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, static const OSSL_PARAM known_gettable_ctx_params[] = { @@ -94,10 +86,12 @@ index 52ebb08b8f..cf5c3ecbe7 100644 return 1; } -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index 6618122417..8b2d430f17 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm +-- +2.41.0 + +diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm +--- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch 2024-01-02 12:18:16.909596613 +0100 ++++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:20:18.465886160 +0100 @@ -137,12 +137,13 @@ my %params = ( # If "engine",or "properties",are specified, they should always be paired # with "cipher",or "digest". @@ -118,6 +112,3 @@ index 6618122417..8b2d430f17 100644 # KDF / PRF parameters 'KDF_PARAM_SECRET' => "secret", # octet string --- -2.38.1 - diff --git a/base/openssl3/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/base/openssl3/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch index 3eb6755..bf94740 100644 --- a/base/openssl3/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +++ b/base/openssl3/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch @@ -1,34 +1,17 @@ -From 754862899058cfb5f2341c81f9e04dd2f7b37056 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 17 Nov 2022 18:37:17 +0100 -Subject: [PATCH] pbkdf2: Set minimum password length of 8 bytes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:47:55 +0200 +Subject: [PATCH 39/48] + 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch -The Implementation Guidance for FIPS 140-3 says in section D.N -"Password-Based Key Derivation for Storage Applications" that "the -vendor shall document in the module’s Security Policy the length of -a password/passphrase used in key derivation and establish an upper -bound for the probability of having this parameter guessed at random. -This probability shall take into account not only the length of the -password/passphrase, but also the difficulty of guessing it. The -decision on the minimum length of a password used for key derivation is -the vendor’s, but the vendor shall at a minimum informally justify the -decision." - -We are choosing a minimum password length of 8 bytes, because NIST's -ACVP testing uses passwords as short as 8 bytes, and requiring longer -passwords combined with an implicit indicator (i.e., returning an error) -would cause the module to fail ACVP testing. - -Signed-off-by: Clemens Lang +Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +Patch-id: 84 --- providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index 2a0ae63acc..aa0adce5e6 100644 +index 349c3dd657..11820d1e69 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -35,6 +35,21 @@ @@ -53,7 +36,7 @@ index 2a0ae63acc..aa0adce5e6 100644 static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup; -@@ -186,9 +201,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ctx->lower_bound_checks = pkcs5 == 0; } @@ -70,7 +53,7 @@ index 2a0ae63acc..aa0adce5e6 100644 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { if (ctx->lower_bound_checks != 0 -@@ -297,6 +318,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen, +@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen, } if (lower_bound_checks) { @@ -82,5 +65,5 @@ index 2a0ae63acc..aa0adce5e6 100644 ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); return 0; -- -2.38.1 +2.41.0 diff --git a/base/openssl3/0085-FIPS-RSA-disable-shake.patch b/base/openssl3/0085-FIPS-RSA-disable-shake.patch index 8aa3d45..9ae7a99 100644 --- a/base/openssl3/0085-FIPS-RSA-disable-shake.patch +++ b/base/openssl3/0085-FIPS-RSA-disable-shake.patch @@ -1,32 +1,20 @@ -From 52b347703ba2b98a0efee86c1a483c2f0f9f73d6 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 11 Jan 2023 12:52:59 +0100 -Subject: [PATCH] rsa: Disallow SHAKE in OAEP and PSS in FIPS prov +From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:51:55 +0200 +Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch -According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms -must not be used in higher-level algorithms (such as RSA-OAEP and -RSASSA-PSS): - -"To be used in an approved mode of operation, the SHA-3 hash functions -may be implemented either as part of an approved higher-level algorithm, -for example, a digital signature algorithm, or as the standalone -functions. The SHAKE128 and SHAKE256 extendable-output functions may -only be used as the standalone algorithms." - -Add a check to prevent their use as message digest in PSS signatures and -as MGF1 hash function in both OAEP and PSS. - -Signed-off-by: Clemens Lang +Patch-name: 0085-FIPS-RSA-disable-shake.patch +Patch-id: 85 --- crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++ crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c -index d9be1a4f98..dfe9c9f0e8 100644 +index b2f7f7dc4b..af2b0b026c 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c -@@ -73,9 +73,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, return 0; #endif } @@ -50,7 +38,7 @@ index d9be1a4f98..dfe9c9f0e8 100644 mdlen = EVP_MD_get_size(md); if (mdlen <= 0) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); -@@ -181,9 +195,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, #endif } @@ -75,7 +63,7 @@ index d9be1a4f98..dfe9c9f0e8 100644 if (tlen <= 0 || flen <= 0) diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c -index 33874bfef8..e8681b0351 100644 +index bb46ec64c7..c0fdf232da 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, @@ -93,7 +81,7 @@ index 33874bfef8..e8681b0351 100644 hLen = EVP_MD_get_size(Hash); if (hLen < 0) goto err; -@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, +@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, if (mgf1Hash == NULL) mgf1Hash = Hash; @@ -109,5 +97,5 @@ index 33874bfef8..e8681b0351 100644 if (hLen < 0) goto err; -- -2.39.0 +2.41.0 diff --git a/base/openssl3/0088-signature-Add-indicator-for-PSS-salt-length.patch b/base/openssl3/0088-signature-Add-indicator-for-PSS-salt-length.patch index edfd0b8..9cef315 100644 --- a/base/openssl3/0088-signature-Add-indicator-for-PSS-salt-length.patch +++ b/base/openssl3/0088-signature-Add-indicator-for-PSS-salt-length.patch @@ -1,55 +1,20 @@ -From a325a23bc83f4efd60130001c417ca5b96bdbff1 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 17 Nov 2022 19:33:02 +0100 -Subject: [PATCH 1/3] signature: Add indicator for PSS salt length -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:58:07 +0200 +Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch -FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection -5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the -salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of -the hash function output block (in bytes)." - -It is not exactly clear from this text whether hLen refers to the -message digest or the hash function used for the mask generation -function MGF1. PKCS#1 v2.1 suggests it is the former: - -| Typical salt lengths in octets are hLen (the length of the output of -| the hash function Hash) and 0. In both cases the security of -| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1. -| Bellare and Rogaway [4] give a tight lower bound for the security of -| the original RSA-PSS scheme, which corresponds roughly to the former -| case, while Coron [12] gives a lower bound for the related Full Domain -| Hashing scheme, which corresponds roughly to the latter case. In [13] -| Coron provides a general treatment with various salt lengths ranging -| from 0 to hLen; see [27] for discussion. See also [31], which adapts -| the security proofs in [4][13] to address the differences between the -| original and the present version of RSA-PSS as listed in Note 1 above. - -Since OpenSSL defaults to creating signatures with the maximum salt -length, blocking the use of longer salts would probably lead to -significant problems in practice. Instead, introduce an explicit -indicator that can be obtained from the EVP_PKEY_CTX object using -EVP_PKEY_CTX_get_params() with the - OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR -parameter. - -We also add indicator for RSA_NO_PADDING here to avoid patch-over-patch. -Dmitry Belyavskiy - -Signed-off-by: Clemens Lang +Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch +Patch-id: 88 --- include/openssl/evp.h | 4 ++++ - providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++ - util/perl/OpenSSL/paramnames.pm | 23 ++++++++++--------- - 3 files changed, 37 insertions(+), 11 deletions(-) + providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++ + 3 files changed, 26 insertions(+) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index a5e78efd6e..f239200465 100644 +index 615857caf5..05f2d0f75a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -797,6 +797,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -61,10 +26,10 @@ index a5e78efd6e..f239200465 100644 EVP_PKEY *pkey); __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 49e7f9158a..0c45008a00 100644 +index cfaa4841cb..851671cfb1 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -1127,6 +1127,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) } } @@ -89,7 +54,7 @@ index 49e7f9158a..0c45008a00 100644 return 1; } -@@ -1136,6 +1151,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), @@ -99,10 +64,12 @@ index 49e7f9158a..0c45008a00 100644 OSSL_PARAM_END }; -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index 8b2d430f17..a109e44521 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm +-- +2.41.0 + +diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm +--- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch 2024-01-02 12:23:57.106998142 +0100 ++++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:26:29.687472015 +0100 @@ -377,17 +377,18 @@ my %params = ( 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", @@ -133,6 +100,3 @@ index 8b2d430f17..a109e44521 100644 # Asym cipher parameters 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', --- -2.38.1 - diff --git a/base/openssl3/0091-FIPS-RSA-encapsulate.patch b/base/openssl3/0091-FIPS-RSA-encapsulate.patch index 0e24cf8..69c8546 100644 --- a/base/openssl3/0091-FIPS-RSA-encapsulate.patch +++ b/base/openssl3/0091-FIPS-RSA-encapsulate.patch @@ -1,7 +1,19 @@ -diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c ---- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100 -+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100 -@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX +From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:01:48 +0200 +Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch + +Patch-name: 0091-FIPS-RSA-encapsulate.patch +Patch-id: 91 +--- + providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index 365ae3d7d6..8a6f585d0b 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, *secretlen = nlen; return 1; } @@ -16,7 +28,7 @@ diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0 /* * Step (2): Generate a random byte string z of nlen bytes where * 1 < z < n - 1 -@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX * +@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, return 1; } @@ -30,3 +42,6 @@ diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0 /* Step (2): check the input ciphertext 'inlen' matches the nlen */ if (inlen != nlen) { ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); +-- +2.41.0 + diff --git a/base/openssl3/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch b/base/openssl3/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch index 65bae6f..c92d417 100644 --- a/base/openssl3/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +++ b/base/openssl3/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch @@ -1,25 +1,11 @@ -From 8a2d1b22ede5eeca4d104bb027b84f3ecfc69549 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 11 May 2023 12:51:59 +0200 -Subject: [PATCH] DH: Disable FIPS 186-4 type parameters in FIPS mode +From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:07:18 +0200 +Subject: [PATCH 43/48] + 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch -For DH parameter and key pair generation/verification, the DSA -procedures specified in FIPS 186-4 are used. With the release of FIPS -186-5 and the removal of DSA, the approved status of these groups is in -peril. Once the transition for DSA ends (this transition will be 1 year -long and start once CMVP has published the guidance), no more -submissions claiming DSA will be allowed. Hence, FIPS 186-type -parameters will also be automatically non-approved. - -In the FIPS provider, disable validation of any DH parameters that are -not well-known groups, and remove DH parameter generation completely. - -Adjust tests to use well-known groups or larger DH groups where this -change would now cause failures, and skip tests that are expected to -fail due to this change. - -Related: rhbz#2169757, rhbz#2169757 -Signed-off-by: Clemens Lang +Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +Patch-id: 93 --- crypto/dh/dh_backend.c | 10 ++++ crypto/dh/dh_check.c | 12 ++-- @@ -82,10 +68,10 @@ index 0b391910d6..75581ca347 100644 #else int DH_check_params(const DH *dh, int *ret) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c -index aec6b85316..9c55121067 100644 +index 204662a81c..9961f21920 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c -@@ -38,18 +38,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, +@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, BN_GENCB *cb) { @@ -115,10 +101,10 @@ index aec6b85316..9c55121067 100644 dh->dirty_cnt++; return ret; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 4e9705beef..14c0b0b6b3 100644 +index 83773cceea..7e988368d3 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c -@@ -308,8 +308,12 @@ static int generate_key(DH *dh) +@@ -321,8 +321,12 @@ static int generate_key(DH *dh) goto err; } else { #ifdef FIPS_MODULE @@ -133,7 +119,7 @@ index 4e9705beef..14c0b0b6b3 100644 #else if (dh->params.q == NULL) { /* secret exponent length, must satisfy 2^(l-1) <= p */ -@@ -330,9 +334,7 @@ static int generate_key(DH *dh) +@@ -343,9 +347,7 @@ static int generate_key(DH *dh) if (!BN_clear_bit(priv_key, 0)) goto err; } @@ -144,7 +130,7 @@ index 4e9705beef..14c0b0b6b3 100644 /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, NULL)) -@@ -348,6 +350,7 @@ static int generate_key(DH *dh) +@@ -361,6 +363,7 @@ static int generate_key(DH *dh) priv_key)) goto err; } @@ -194,10 +180,10 @@ index 9a7dde7c66..b3e7bca5ac 100644 /* * Both of these functions check parameters. DH_check_params_ex() diff --git a/test/endecode_test.c b/test/endecode_test.c -index e3f7b81f69..1b63daaed5 100644 +index 53385028fc..169f3ccd73 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -80,10 +80,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) +@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) * for testing only. Use a minimum key size of 2048 for security purposes. */ if (strcmp(type, "DH") == 0) @@ -211,10 +197,10 @@ index e3f7b81f69..1b63daaed5 100644 /* diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index 2448c35a14..92d484fb12 100644 +index a7913cda4c..96a35ac1cc 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c -@@ -188,7 +188,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) +@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) @@ -309,7 +295,7 @@ index f0e8709062..2ff6d6e721 100644 EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index cabbe3ecdf..efe56c5665 100644 +index 2a459856f0..afac836fa3 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -627,10 +627,10 @@ my @smime_cms_param_tests = ( @@ -326,7 +312,7 @@ index cabbe3ecdf..efe56c5665 100644 \&final_compare ] diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 8c52b637fc..31ed54621b 100644 +index 527abcea6e..e1d38b1e62 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -390,6 +390,9 @@ sub testssl { @@ -340,5 +326,5 @@ index 8c52b637fc..31ed54621b 100644 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } -- -2.40.1 +2.41.0 diff --git a/base/openssl3/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/base/openssl3/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch index 4d80b9c..fcd53e6 100644 --- a/base/openssl3/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +++ b/base/openssl3/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch @@ -1,28 +1,22 @@ -From 589eb3898896c1ac916bc20069ecd5adb8534850 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 17 Feb 2023 15:31:08 +0100 -Subject: [PATCH] GCM: Implement explicit FIPS indicator for IV gen +From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:10:11 +0200 +Subject: [PATCH 45/48] + 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch -Implementation Guidance for FIPS 140-3 and the Cryptographic Module -Verification Program, Section C.H requires guarantees about the -uniqueness of key/iv pairs, and proposes a few approaches to ensure -this. Provide an indicator for option 2 "The IV may be generated -internally at its entirety randomly." - -Resolves: rhbz#2168289 -Signed-off-by: Clemens Lang +Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +Patch-id: 110 --- include/openssl/evp.h | 4 +++ .../implementations/ciphers/ciphercommon.c | 4 +++ .../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++ - util/perl/OpenSSL/paramnames.pm | 5 ++-- - 4 files changed, 36 insertions(+), 2 deletions(-) + 4 files changed, 34 insertions(+) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 49e8e1df78..ec2ba46fbd 100644 +index 05f2d0f75a..f1a33ff6f2 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -746,6 +746,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); @@ -52,7 +46,7 @@ diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/im index ed95c97ff4..db7910eb0e 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c -@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) +@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) break; } } @@ -84,10 +78,12 @@ index ed95c97ff4..db7910eb0e 100644 return 1; } -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index a109e44521..64e9809387 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm +-- +2.41.0 + +diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm +--- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch 2024-01-02 12:29:45.119433637 +0100 ++++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:33:09.146723045 +0100 @@ -101,8 +101,9 @@ my %params = ( 'CIPHER_PARAM_SPEED' => "speed", # uint 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string @@ -100,6 +96,3 @@ index a109e44521..64e9809387 100644 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t --- -2.39.1 - diff --git a/base/openssl3/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch b/base/openssl3/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch index 2e869e2..aec08c9 100644 --- a/base/openssl3/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +++ b/base/openssl3/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch @@ -1,25 +1,20 @@ -From fa96a2f493276e7a57512e8c3d535052586f1525 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Mon, 6 Mar 2023 12:32:04 +0100 -Subject: [PATCH 2/2] pbdkf2: Set indicator if pkcs5 param disabled checks +From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:12:33 +0200 +Subject: [PATCH 46/48] + 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch -The pbkdf2 implementation in the FIPS provider supports the checks -required by NIST, but allows disabling these checks by setting the -OSSL_KDF_PARAM_PKCS5 parameter to 1. The implementation must indicate -that the use of this configuration is not approved in FIPS mode. Add an -explicit indicator to provide this indication. - -Resolves: rhbz#2175145 -Signed-off-by: Clemens Lang +Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +Patch-id: 112 --- providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index aa0adce5e6..6df8c6d321 100644 +index 11820d1e69..bae2238ab5 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c -@@ -251,11 +251,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, +@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[]) { @@ -65,7 +60,7 @@ index aa0adce5e6..6df8c6d321 100644 } static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, -@@ -263,6 +294,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, +@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -76,5 +71,5 @@ index aa0adce5e6..6df8c6d321 100644 }; return known_gettable_ctx_params; -- -2.39.2 +2.41.0 diff --git a/base/openssl3/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/base/openssl3/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch index 2dc304c..7a2e1f3 100644 --- a/base/openssl3/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +++ b/base/openssl3/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch @@ -1,37 +1,22 @@ -From ee6e381e4140efd5365ddf27a12055859103cf59 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 17 Mar 2023 15:39:15 +0100 -Subject: [PATCH] asymciphers, kem: Add explicit FIPS indicator +From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:13:46 +0200 +Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key -confirmation (section 6.4.2.3.2), or assurance from a trusted third -party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme and key -agreement schemes, but explicit key confirmation is not implemented and -cannot be implemented without protocol changes, and the FIPS provider -does not implement trusted third party validation, since it relies on -its callers to do that. A request for guidance sent to NIST did clarify -that OpenSSL can claim KTS-OAEP and RSASVE as approved, but we did add -an indicator to mark them as unapproved previously and should thus keep -the indicator available. - -This does not affect RSA-OAEP decryption, because it is approved as -a component according to the FIPS 140-3 IG, section 2.4.G. - -Resolves: rhbz#2179331 -Resolves: RHEL-14083 -Signed-off-by: Clemens Lang +Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +Patch-id: 113 --- + include/openssl/core_names.h | 2 ++ include/openssl/evp.h | 4 +++ .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++ providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++- - util/perl/OpenSSL/paramnames.pm | 6 ++-- - 4 files changed, 59 insertions(+), 3 deletions(-) + 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index ec2ba46fbd..3803b03422 100644 +index f1a33ff6f2..dadbf46a5a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -1764,6 +1764,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); +@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); # endif @@ -43,10 +28,10 @@ index ec2ba46fbd..3803b03422 100644 const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 568452ec56..2e7ea632d7 100644 +index d169bfd396..bd4dcb4e27 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -462,6 +462,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) return 0; @@ -74,7 +59,7 @@ index 568452ec56..2e7ea632d7 100644 return 1; } -@@ -465,6 +483,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), #ifdef FIPS_MODULE OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), @@ -83,10 +68,10 @@ index 568452ec56..2e7ea632d7 100644 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), OSSL_PARAM_END diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 882cf16125..b4cc0f9237 100644 +index 8a6f585d0b..f4b7415074 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c -@@ -151,11 +151,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, +@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx; @@ -127,10 +112,12 @@ index 882cf16125..b4cc0f9237 100644 OSSL_PARAM_END }; -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index 64e9809387..45ab0c8dc4 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm +-- +2.41.0 + +diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm +--- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch 2024-01-02 12:49:04.598756268 +0100 ++++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:53:16.466464414 +0100 @@ -406,6 +406,7 @@ my %params = ( 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", @@ -151,6 +138,3 @@ index 64e9809387..45ab0c8dc4 100644 # Capabilities --- -2.39.2 - diff --git a/base/openssl3/0115-skip-quic-pairwise.patch b/base/openssl3/0115-skip-quic-pairwise.patch index 90f8cb8..98bfae5 100644 --- a/base/openssl3/0115-skip-quic-pairwise.patch +++ b/base/openssl3/0115-skip-quic-pairwise.patch @@ -1,17 +1,17 @@ -From ec8e4e25cc5e5c67313c5fd6af94fa248685c3d1 Mon Sep 17 00:00:00 2001 +From 42ed594a3a905830374fb65cced431748f8c639c Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy -Date: Thu, 7 Mar 2024 17:37:09 +0100 -Subject: [PATCH 45/49] 0115-skip-quic-pairwise.patch +Date: Thu, 4 Apr 2024 11:50:58 +0200 +Subject: [PATCH 45/50] 0115-skip-quic-pairwise.patch Patch-name: 0115-skip-quic-pairwise.patch Patch-id: 115 Patch-status: | - # skip quic and pairwise tests temporarily + # Amend tests according to Fedora/RHEL code --- test/quicapitest.c | 4 +++- test/recipes/01-test_symbol_presence.t | 1 + - test/recipes/30-test_pairwise_fail.t | 10 ++++++++-- - 3 files changed, 12 insertions(+), 3 deletions(-) + test/recipes/30-test_pairwise_fail.t | 13 +++++++++++-- + 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/test/quicapitest.c b/test/quicapitest.c index 41cf0fc7a8..0fb7492700 100644 @@ -29,7 +29,7 @@ index 41cf0fc7a8..0fb7492700 100644 ADD_TEST(test_quic_forbidden_apis_ctx); ADD_TEST(test_quic_forbidden_apis); diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t -index c837d48fb4..6291c08c49 100644 +index c837d48fb4..f06ef04b1a 100644 --- a/test/recipes/30-test_pairwise_fail.t +++ b/test/recipes/30-test_pairwise_fail.t @@ -9,7 +9,7 @@ @@ -41,7 +41,7 @@ index c837d48fb4..6291c08c49 100644 use OpenSSL::Test::Utils; BEGIN { -@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config" +@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), SKIP: { skip "Skip RSA test because of no rsa in this build", 1 if disabled("rsa"); diff --git a/base/openssl3/0124-PBMAC1-PKCS12-FIPS-support.patch b/base/openssl3/0124-PBMAC1-PKCS12-FIPS-support.patch new file mode 100644 index 0000000..1aa529e --- /dev/null +++ b/base/openssl3/0124-PBMAC1-PKCS12-FIPS-support.patch @@ -0,0 +1,1579 @@ +From d959252c47af0eb0dd55bc032606901fedaf029b Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 7 Jun 2024 14:37:57 +0200 +Subject: [PATCH 1/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12 + +--- + apps/pkcs12.c | 63 ++++++-- + crypto/asn1/p5_pbev2.c | 7 + + crypto/evp/digest.c | 54 +++++++ + crypto/pkcs12/p12_mutl.c | 296 ++++++++++++++++++++++++++++++++---- + include/crypto/evp.h | 3 + + include/openssl/pkcs12.h.in | 3 + + include/openssl/x509.h.in | 15 +- + 7 files changed, 394 insertions(+), 47 deletions(-) + +diff --git a/apps/pkcs12.c b/apps/pkcs12.c +index 54323a9713393..cbe133742a8be 100644 +--- a/apps/pkcs12.c ++++ b/apps/pkcs12.c +@@ -70,7 +70,7 @@ typedef enum OPTION_choice { + OPT_NAME, OPT_CSP, OPT_CANAME, + OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, + OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, +- OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, ++ OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, OPT_PBMAC1_PBKDF2, OPT_PBMAC1_PBKDF2_MD, + #ifndef OPENSSL_NO_DES + OPT_LEGACY_ALG + #endif +@@ -147,6 +147,8 @@ const OPTIONS pkcs12_options[] = { + #endif + {"macalg", OPT_MACALG, 's', + "Digest algorithm to use in MAC (default SHA256)"}, ++ {"pbmac1_pbkdf2", OPT_PBMAC1_PBKDF2, '-', "Use PBMAC1 with PBKDF2 instead of MAC"}, ++ {"pbmac1_pbkdf2_md", OPT_PBMAC1_PBKDF2_MD, 's', "Digest to use for PBMAC1 KDF (default SHA256)"}, + {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, + {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, + {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, +@@ -170,14 +172,14 @@ int pkcs12_main(int argc, char **argv) + int use_legacy = 0; + #endif + /* use library defaults for the iter, maciter, cert, and key PBE */ +- int iter = 0, maciter = 0; ++ int iter = 0, maciter = 0, pbmac1_pbkdf2 = 0; + int macsaltlen = PKCS12_SALT_LEN; + int cert_pbe = NID_undef; + int key_pbe = NID_undef; + int ret = 1, macver = 1, add_lmk = 0, private = 0; + int noprompt = 0; + char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; +- char *passin = NULL, *passout = NULL, *macalg = NULL; ++ char *passin = NULL, *passout = NULL, *macalg = NULL, *pbmac1_pbkdf2_md = NULL; + char *cpass = NULL, *mpass = NULL, *badpass = NULL; + const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog; + int noCApath = 0, noCAfile = 0, noCAstore = 0; +@@ -283,6 +285,12 @@ int pkcs12_main(int argc, char **argv) + case OPT_MACALG: + macalg = opt_arg(); + break; ++ case OPT_PBMAC1_PBKDF2: ++ pbmac1_pbkdf2 = 1; ++ break; ++ case OPT_PBMAC1_PBKDF2_MD: ++ pbmac1_pbkdf2_md = opt_arg(); ++ break; + case OPT_CERTPBE: + if (!set_pbe(&cert_pbe, opt_arg())) + goto opthelp; +@@ -700,10 +708,20 @@ int pkcs12_main(int argc, char **argv) + } + + if (maciter != -1) { +- if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) { +- BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); +- BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n"); +- goto export_end; ++ if (pbmac1_pbkdf2 == 1) { ++ if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, ++ macsaltlen, maciter, ++ macmd, pbmac1_pbkdf2_md)) { ++ BIO_printf(bio_err, "Error creating PBMAC1\n"); ++ goto export_end; ++ } ++ } else { ++ if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) { ++ BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); ++ BIO_printf(bio_err, ++ "Use -nomac or -pbmac1_pbkdf2 if PKCS12KDF support not available\n"); ++ goto export_end; ++ } + } + } + assert(private); +@@ -774,23 +792,60 @@ int pkcs12_main(int argc, char **argv) + X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); + BIO_puts(bio_err, "MAC: "); + i2a_ASN1_OBJECT(bio_err, macobj); +- BIO_printf(bio_err, ", Iteration %ld\n", +- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); +- BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", +- tmac != NULL ? ASN1_STRING_length(tmac) : 0L, +- tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); ++ if (OBJ_obj2nid(macobj) == NID_pbmac1) { ++ PBKDF2PARAM *pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalgid); ++ ++ if (pbkdf2_param == NULL) { ++ BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n"); ++ } else { ++ const ASN1_OBJECT *prfobj; ++ ++ BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n", ++ ASN1_INTEGER_get(pbkdf2_param->iter)); ++ BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n", ++ ASN1_INTEGER_get(pbkdf2_param->keylength), ++ ASN1_STRING_length(pbkdf2_param->salt->value.octet_string)); ++ X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf); ++ BIO_printf(bio_err, "PBKDF2 PRF: "); ++ i2a_ASN1_OBJECT(bio_err, prfobj); ++ BIO_printf(bio_err, "\n"); ++ } ++ PBKDF2PARAM_free(pbkdf2_param); ++ } else { ++ BIO_printf(bio_err, ", Iteration %ld\n", ++ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); ++ BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", ++ tmac != NULL ? ASN1_STRING_length(tmac) : 0L, ++ tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); ++ } + } ++ + if (macver) { +- EVP_KDF *pkcs12kdf; ++ const X509_ALGOR *macalgid; ++ const ASN1_OBJECT *macobj; + +- pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", +- app_get0_propq()); +- if (pkcs12kdf == NULL) { +- BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); +- BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); +- goto end; ++ PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12); ++ ++ if (macalgid == NULL) { ++ BIO_printf(bio_err, "Warning: MAC is absent!\n"); ++ goto dump; ++ } ++ ++ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); ++ ++ if (OBJ_obj2nid(macobj) != NID_pbmac1) { ++ EVP_KDF *pkcs12kdf; ++ ++ pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", ++ app_get0_propq()); ++ if (pkcs12kdf == NULL) { ++ BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); ++ BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); ++ goto end; ++ } ++ EVP_KDF_free(pkcs12kdf); + } +- EVP_KDF_free(pkcs12kdf); ++ + /* If we enter empty password try no password first */ + if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + /* If mac and crypto pass the same set it to NULL too */ +diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c +index 8575d05bf6d5a..c22cc6b77075d 100644 +--- a/crypto/asn1/p5_pbev2.c ++++ b/crypto/asn1/p5_pbev2.c +@@ -35,6 +35,13 @@ ASN1_SEQUENCE(PBKDF2PARAM) = { + + IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) + ++ASN1_SEQUENCE(PBMAC1PARAM) = { ++ ASN1_SIMPLE(PBMAC1PARAM, keyDerivationFunc, X509_ALGOR), ++ ASN1_SIMPLE(PBMAC1PARAM, messageAuthScheme, X509_ALGOR) ++} ASN1_SEQUENCE_END(PBMAC1PARAM) ++ ++IMPLEMENT_ASN1_FUNCTIONS(PBMAC1PARAM) ++ + /* + * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know + * this is horrible! Extended version to allow application supplied PRF NID +diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c +index 18a64329b7a35..a74e2fa42c5bb 100644 +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -20,6 +20,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/nelem.h" + #include "internal/provider.h" + #include "internal/core.h" + #include "crypto/evp.h" +@@ -1185,3 +1186,56 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, + (void (*)(void *, void *))fn, arg, + evp_md_from_algorithm, evp_md_up_ref, evp_md_free); + } ++ ++typedef struct { ++ int md_nid; ++ int hmac_nid; ++} ossl_hmacmd_pair; ++ ++static const ossl_hmacmd_pair ossl_hmacmd_pairs[] = { ++ {NID_sha1, NID_hmacWithSHA1}, ++ {NID_md5, NID_hmacWithMD5}, ++ {NID_sha224, NID_hmacWithSHA224}, ++ {NID_sha256, NID_hmacWithSHA256}, ++ {NID_sha384, NID_hmacWithSHA384}, ++ {NID_sha512, NID_hmacWithSHA512}, ++ {NID_id_GostR3411_94, NID_id_HMACGostR3411_94}, ++ {NID_id_GostR3411_2012_256, NID_id_tc26_hmac_gost_3411_2012_256}, ++ {NID_id_GostR3411_2012_512, NID_id_tc26_hmac_gost_3411_2012_512}, ++ {NID_sha3_224, NID_hmac_sha3_224}, ++ {NID_sha3_256, NID_hmac_sha3_256}, ++ {NID_sha3_384, NID_hmac_sha3_384}, ++ {NID_sha3_512, NID_hmac_sha3_512}, ++ {NID_sha512_224, NID_hmacWithSHA512_224}, ++ {NID_sha512_256, NID_hmacWithSHA512_256} ++}; ++ ++int ossl_hmac2mdnid(int hmac_nid) ++{ ++ int md_nid = NID_undef; ++ size_t i; ++ ++ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) { ++ if (ossl_hmacmd_pairs[i].hmac_nid == hmac_nid) { ++ md_nid = ossl_hmacmd_pairs[i].md_nid; ++ break; ++ } ++ } ++ ++ return md_nid; ++} ++ ++int ossl_md2hmacnid(int md_nid) ++{ ++ int hmac_nid = NID_undef; ++ size_t i; ++ ++ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) { ++ if (ossl_hmacmd_pairs[i].md_nid == md_nid) { ++ hmac_nid = ossl_hmacmd_pairs[i].hmac_nid; ++ break; ++ } ++ } ++ ++ return hmac_nid; ++} +diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c +index 4091e61d9dd06..d410978a49e1e 100644 +--- a/crypto/pkcs12/p12_mutl.c ++++ b/crypto/pkcs12/p12_mutl.c +@@ -15,12 +15,19 @@ + + #include + #include "internal/cryptlib.h" ++#include "crypto/evp.h" + #include + #include + #include + #include + #include "p12_local.h" + ++static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen, ++ unsigned char *salt, int saltlen, ++ int id, int iter, int keylen, ++ unsigned char *out, ++ const EVP_MD *md_type); ++ + int PKCS12_mac_present(const PKCS12 *p12) + { + return p12->mac ? 1 : 0; +@@ -72,9 +79,76 @@ static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, + return 1; + } + +-/* Generate a MAC */ ++PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg) ++{ ++ PBMAC1PARAM *param = NULL; ++ PBKDF2PARAM *pbkdf2_param = NULL; ++ const ASN1_OBJECT *kdf_oid; ++ ++ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter); ++ if (param == NULL) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT); ++ return NULL; ++ } ++ ++ X509_ALGOR_get0(&kdf_oid, NULL, NULL, param->keyDerivationFunc); ++ if (OBJ_obj2nid(kdf_oid) != NID_id_pbkdf2) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT); ++ PBMAC1PARAM_free(param); ++ return NULL; ++ } ++ ++ pbkdf2_param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), ++ param->keyDerivationFunc->parameter); ++ PBMAC1PARAM_free(param); ++ ++ return pbkdf2_param; ++} ++ ++static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq, ++ const char *pass, int passlen, ++ const X509_ALGOR *macalg, unsigned char *key) ++{ ++ PBKDF2PARAM *pbkdf2_param = NULL; ++ const ASN1_OBJECT *kdf_hmac_oid; ++ int ret = -1; ++ int keylen = 0; ++ EVP_MD *kdf_md = NULL; ++ const ASN1_OCTET_STRING *pbkdf2_salt = NULL; ++ ++ pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalg); ++ if (pbkdf2_param == NULL) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED); ++ goto err; ++ } ++ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength); ++ pbkdf2_salt = pbkdf2_param->salt->value.octet_string; ++ X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf); ++ ++ kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(OBJ_obj2nid(kdf_hmac_oid))), propq); ++ if (kdf_md == NULL) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_FETCH_FAILED); ++ goto err; ++ } ++ ++ if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length, ++ ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ret = keylen; ++ ++ err: ++ EVP_MD_free(kdf_md); ++ PBKDF2PARAM_free(pbkdf2_param); ++ ++ return ret; ++} ++ ++/* Generate a MAC, also used for verification */ + static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen, ++ int pbmac1_md_nid, int pbmac1_kdf_nid, + int (*pkcs12_key_gen)(const char *pass, int passlen, + unsigned char *salt, int slen, + int id, int iter, int n, +@@ -88,8 +162,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char key[EVP_MAX_MD_SIZE], *salt; + int saltlen, iter; + char md_name[80]; +- int md_size = 0; +- int md_nid; ++ int keylen = 0; ++ int md_nid = NID_undef; + const X509_ALGOR *macalg; + const ASN1_OBJECT *macoid; + +@@ -111,9 +185,13 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + iter = ASN1_INTEGER_get(p12->mac->iter); + X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); + X509_ALGOR_get0(&macoid, NULL, NULL, macalg); +- if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) +- return 0; +- ++ if (OBJ_obj2nid(macoid) == NID_pbmac1) { ++ if (OBJ_obj2txt(md_name, sizeof(md_name), OBJ_nid2obj(pbmac1_md_nid), 0) < 0) ++ return 0; ++ } else { ++ if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) ++ return 0; ++ } + (void)ERR_set_mark(); + md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name, + p12->authsafes->ctx.propq); +@@ -127,40 +205,61 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + } + (void)ERR_pop_to_mark(); + +- md_size = EVP_MD_get_size(md); ++ keylen = EVP_MD_get_size(md); + md_nid = EVP_MD_get_type(md); +- if (md_size < 0) ++ if (keylen < 0) + goto err; +- if ((md_nid == NID_id_GostR3411_94 +- || md_nid == NID_id_GostR3411_2012_256 +- || md_nid == NID_id_GostR3411_2012_512) +- && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { +- md_size = TK26_MAC_KEY_LEN; ++ ++ /* For PBMAC1 we use a special keygen callback if not provided (e.g. on verification) */ ++ if (pbmac1_md_nid != NID_undef && pkcs12_key_gen == NULL) { ++ keylen = PBMAC1_PBKDF2_HMAC(p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq, ++ pass, passlen, macalg, key); ++ if (keylen < 0) ++ goto err; ++ } else if ((md_nid == NID_id_GostR3411_94 ++ || md_nid == NID_id_GostR3411_2012_256 ++ || md_nid == NID_id_GostR3411_2012_512) ++ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { ++ keylen = TK26_MAC_KEY_LEN; + if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, +- md_size, key, md)) { ++ keylen, key, md)) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); + goto err; + } + } else { ++ EVP_MD *hmac_md = (EVP_MD *)md; ++ int fetched = 0; ++ ++ if (pbmac1_kdf_nid != NID_undef) { ++ char hmac_md_name[128]; ++ ++ if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0) ++ goto err; ++ hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL); ++ fetched = 1; ++ } + if (pkcs12_key_gen != NULL) { +- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, +- iter, md_size, key, md)) { ++ int res = (*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, ++ iter, keylen, key, hmac_md); ++ ++ if (fetched) ++ EVP_MD_free(hmac_md); ++ if (res != 1) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); + goto err; + } + } else { + /* Default to UTF-8 password */ + if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID, +- iter, md_size, key, md, +- p12->authsafes->ctx.libctx, +- p12->authsafes->ctx.propq)) { ++ iter, keylen, key, md, ++ p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq)) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); + goto err; + } + } + } + if ((hmac = HMAC_CTX_new()) == NULL +- || !HMAC_Init_ex(hmac, key, md_size, md, NULL) ++ || !HMAC_Init_ex(hmac, key, keylen, md, NULL) + || !HMAC_Update(hmac, p12->authsafes->d.data->data, + p12->authsafes->d.data->length) + || !HMAC_Final(hmac, mac, maclen)) { +@@ -178,7 +277,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen) + { +- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); ++ return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NID_undef, NID_undef, NULL); + } + + /* Verify the mac */ +@@ -187,14 +286,40 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; + const ASN1_OCTET_STRING *macoct; ++ const X509_ALGOR *macalg; ++ const ASN1_OBJECT *macoid; + + if (p12->mac == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT); + return 0; + } +- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { +- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); +- return 0; ++ ++ X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); ++ X509_ALGOR_get0(&macoid, NULL, NULL, macalg); ++ if (OBJ_obj2nid(macoid) == NID_pbmac1) { ++ PBMAC1PARAM *param = NULL; ++ const ASN1_OBJECT *hmac_oid; ++ int md_nid = NID_undef; ++ ++ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter); ++ if (param == NULL) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED); ++ return 0; ++ } ++ X509_ALGOR_get0(&hmac_oid, NULL, NULL, param->messageAuthScheme); ++ md_nid = ossl_hmac2mdnid(OBJ_obj2nid(hmac_oid)); ++ ++ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, md_nid, NID_undef, NULL)) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); ++ PBMAC1PARAM_free(param); ++ return 0; ++ } ++ PBMAC1PARAM_free(param); ++ } else { ++ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); ++ return 0; ++ } + } + X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); + if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) +@@ -205,7 +330,6 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) + } + + /* Set a mac */ +- + int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type) +@@ -226,7 +350,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + /* + * Note that output mac is forced to UTF-8... + */ +- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { ++ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); + return 0; + } +@@ -238,9 +362,18 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + return 1; + } + +-/* Set up a mac structure */ +-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, +- const EVP_MD *md_type) ++static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen, ++ unsigned char *salt, int saltlen, ++ int id, int iter, int keylen, ++ unsigned char *out, ++ const EVP_MD *md_type) ++{ ++ return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, ++ md_type, keylen, out); ++} ++ ++static int pkcs12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, ++ int nid) + { + X509_ALGOR *macalg; + +@@ -274,11 +407,112 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, + memcpy(p12->mac->salt->data, salt, saltlen); + } + X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); +- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), +- V_ASN1_NULL, NULL)) { ++ if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(nid), V_ASN1_NULL, NULL)) { + ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB); + return 0; + } + + return 1; + } ++ ++/* Set up a mac structure */ ++int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, ++ const EVP_MD *md_type) ++{ ++ return pkcs12_setup_mac(p12, iter, salt, saltlen, EVP_MD_get_type(md_type)); ++} ++ ++int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, ++ unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *md_type, const char *prf_md_name) ++{ ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int maclen; ++ ASN1_OCTET_STRING *macoct; ++ X509_ALGOR *alg = NULL; ++ int ret = 0; ++ int prf_md_nid = NID_undef, prf_nid = NID_undef, hmac_nid; ++ unsigned char *known_salt = NULL; ++ int keylen = 0; ++ PBMAC1PARAM *param = NULL; ++ X509_ALGOR *hmac_alg = NULL, *macalg = NULL; ++ ++ if (md_type == NULL) ++ /* No need to do a fetch as the md_type is used only to get a NID */ ++ md_type = EVP_sha256(); ++ ++ if (prf_md_name == NULL) ++ prf_md_nid = EVP_MD_get_type(md_type); ++ else ++ prf_md_nid = OBJ_txt2nid(prf_md_name); ++ ++ if (iter == 0) ++ iter = PKCS12_DEFAULT_ITER; ++ ++ keylen = EVP_MD_get_size(md_type); ++ ++ prf_nid = ossl_md2hmacnid(prf_md_nid); ++ hmac_nid = ossl_md2hmacnid(EVP_MD_get_type(md_type)); ++ ++ if (prf_nid == NID_undef || hmac_nid == NID_undef) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); ++ goto err; ++ } ++ ++ if (salt == NULL) { ++ known_salt = OPENSSL_malloc(saltlen); ++ if (known_salt == NULL) ++ goto err; ++ ++ if (RAND_bytes_ex(NULL, known_salt, saltlen, 0) <= 0) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_RAND_LIB); ++ goto err; ++ } ++ } ++ ++ param = PBMAC1PARAM_new(); ++ hmac_alg = X509_ALGOR_new(); ++ alg = PKCS5_pbkdf2_set(iter, salt ? salt : known_salt, saltlen, prf_nid, keylen); ++ if (param == NULL || hmac_alg == NULL || alg == NULL) ++ goto err; ++ ++ if (pkcs12_setup_mac(p12, iter, salt ? salt : known_salt, saltlen, ++ NID_pbmac1) == PKCS12_ERROR) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); ++ goto err; ++ } ++ ++ if (!X509_ALGOR_set0(hmac_alg, OBJ_nid2obj(hmac_nid), V_ASN1_NULL, NULL)) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); ++ goto err; ++ } ++ ++ X509_ALGOR_free(param->keyDerivationFunc); ++ X509_ALGOR_free(param->messageAuthScheme); ++ param->keyDerivationFunc = alg; ++ param->messageAuthScheme = hmac_alg; ++ ++ X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct); ++ if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter)) ++ goto err; ++ ++ /* ++ * Note that output mac is forced to UTF-8... ++ */ ++ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, ++ EVP_MD_get_type(md_type), prf_md_nid, ++ pkcs12_pbmac1_pbkdf2_key_gen)) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); ++ goto err; ++ } ++ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { ++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR); ++ goto err; ++ } ++ ret = 1; ++ ++ err: ++ PBMAC1PARAM_free(param); ++ OPENSSL_free(known_salt); ++ return ret; ++} +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index 32c60f223c78c..72d9995e8f0f4 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -964,4 +964,7 @@ int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, + size_t *outlenp, size_t expected_outlen, + const unsigned char *in, size_t inlen); + ++int ossl_md2hmacnid(int mdnid); ++int ossl_hmac2mdnid(int hmac_nid); ++ + #endif /* OSSL_CRYPTO_EVP_H */ +diff --git a/include/openssl/pkcs12.h.in b/include/openssl/pkcs12.h.in +index 35759d4deadc3..ab62207e49b55 100644 +--- a/include/openssl/pkcs12.h.in ++++ b/include/openssl/pkcs12.h.in +@@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); + int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); ++int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, ++ unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *md_type, const char *prf_md_name); + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); + unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, +diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in +index 99bc4aab29133..b7f080a5360db 100644 +--- a/include/openssl/x509.h.in ++++ b/include/openssl/x509.h.in +@@ -279,7 +279,12 @@ typedef struct PBKDF2PARAM_st { + X509_ALGOR *prf; + } PBKDF2PARAM; + +-#ifndef OPENSSL_NO_SCRYPT ++typedef struct { ++ X509_ALGOR *keyDerivationFunc; ++ X509_ALGOR *messageAuthScheme; ++} PBMAC1PARAM; ++ ++# ifndef OPENSSL_NO_SCRYPT + typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; +@@ -287,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st { + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; + } SCRYPT_PARAMS; +-#endif ++# endif + + #ifdef __cplusplus + } +@@ -1023,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); + DECLARE_ASN1_FUNCTIONS(PBEPARAM) + DECLARE_ASN1_FUNCTIONS(PBE2PARAM) + DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +-#ifndef OPENSSL_NO_SCRYPT ++DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM) ++# ifndef OPENSSL_NO_SCRYPT + DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +-#endif ++# endif + + int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); +@@ -1062,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx); + ++PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); + /* PKCS#8 utilities */ + + DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +From 29d98a8287d217b2232344056934d3cd2c6f44a3 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 7 Jun 2024 14:38:40 +0200 +Subject: [PATCH 2/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12 - + documentation + +--- + doc/man1/openssl-pkcs12.pod.in | 11 +++++++ + doc/man3/PBMAC1_get1_pbkdf2_param.pod | 46 +++++++++++++++++++++++++++ + doc/man3/PKCS12_gen_mac.pod | 37 ++++++++++++++++----- + doc/man3/X509_dup.pod | 3 ++ + doc/man3/d2i_X509.pod | 2 ++ + util/missingcrypto.txt | 1 - + util/missingcrypto111.txt | 1 - + 7 files changed, 91 insertions(+), 10 deletions(-) + create mode 100644 doc/man3/PBMAC1_get1_pbkdf2_param.pod + +diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in +index 665b22bb644ac..020543cd5c895 100644 +--- a/doc/man1/openssl-pkcs12.pod.in ++++ b/doc/man1/openssl-pkcs12.pod.in +@@ -62,6 +62,8 @@ PKCS#12 output (export) options: + [B<-certpbe> I] + [B<-descert>] + [B<-macalg> I] ++[B<-pbmac1_pbkdf2>] ++[B<-pbmac1_pbkdf2_md> I] + [B<-iter> I] + [B<-noiter>] + [B<-nomaciter>] +@@ -345,6 +347,15 @@ then both, the private key and the certificates are encrypted using triple DES. + + Specify the MAC digest algorithm. If not included SHA256 will be used. + ++=item B<-pbmac1_pbkdf2> ++ ++Use PBMAC1 with PBKDF2 for MAC protection of the PKCS#12 file. ++ ++=item B<-pbmac1_pbkdf2_md> I ++ ++Specify the PBKDF2 KDF digest algorithm. If not specified, SHA256 will be used. ++Unless C<-pbmac1_pbkdf2> is specified, this parameter is ignored. ++ + =item B<-iter> I + + This option specifies the iteration count for the encryption key and MAC. The +diff --git a/doc/man3/PBMAC1_get1_pbkdf2_param.pod b/doc/man3/PBMAC1_get1_pbkdf2_param.pod +new file mode 100644 +index 0000000000000..415c3cd214a2e +--- /dev/null ++++ b/doc/man3/PBMAC1_get1_pbkdf2_param.pod +@@ -0,0 +1,46 @@ ++=pod ++ ++=head1 NAME ++ ++PBMAC1_get1_pbkdf2_param - Function to manipulate a PBMAC1 ++MAC structure ++ ++=head1 SYNOPSIS ++ ++ #include ++ ++ PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); ++ ++=head1 DESCRIPTION ++ ++PBMAC1_get1_pbkdf2_param() retrieves a B structure from an ++I structure. ++ ++=head1 RETURN VALUES ++ ++PBMAC1_get1_pbkdf2_param() returns NULL in case when PBMAC1 uses an algorithm ++apart from B or when passed incorrect parameters and a pointer to ++B structure otherwise. ++ ++=head1 CONFORMING TO ++ ++IETF RFC 9579 (L) ++ ++=head1 SEE ALSO ++ ++L ++ ++=head1 HISTORY ++ ++The I function was added in OpenSSL 3.4. ++ ++=head1 COPYRIGHT ++ ++Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod +index a72df145fedd7..ebeee98f04e68 100644 +--- a/doc/man3/PKCS12_gen_mac.pod ++++ b/doc/man3/PKCS12_gen_mac.pod +@@ -3,7 +3,8 @@ + =head1 NAME + + PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, +-PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure ++PKCS12_set_pbmac1_pbkdf2, PKCS12_verify_mac, PKCS12_get0_mac - ++Functions to create and manipulate a PKCS#12 MAC structure + + =head1 SYNOPSIS + +@@ -15,9 +16,19 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure + int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); ++ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, ++ unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *md_type, ++ const char *prf_md_name); + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); + ++ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, ++ const X509_ALGOR **pmacalg, ++ const ASN1_OCTET_STRING **psalt, ++ const ASN1_INTEGER **piter, ++ const PKCS12 *p12); ++ + =head1 DESCRIPTION + + PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the +@@ -31,10 +42,15 @@ PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied + parameters. + + PKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object. ++PKCS12_set_pbmac1_pbkdf2() sets the MAC and MAC parameters into the PKCS#12 ++object when B with PBKDF2 is used for protection of the PKCS#12 object. + + I is the passphrase to use in the HMAC. I is the salt value to use, +-I is the iteration count and I is the message digest +-function to use. ++I is the iteration count and I is the message digest function to ++use. I specifies the digest used for the PBKDF2 in PBMAC1 KDF. ++ ++PKCS12_get0_mac() retrieves any included MAC value, B object, ++I, and I count from the PKCS12 object. + + =head1 NOTES + +@@ -43,17 +59,18 @@ If I is NULL then a suitable salt will be generated and used. + If I is 1 then an iteration count will be omitted from the PKCS#12 + structure. + +-PKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions +-regarding the encoding of the given passphrase. See L +-for more information. ++PKCS12_gen_mac(), PKCS12_verify_mac(), PKCS12_set_mac() and ++PKCS12_set_pbmac1_pbkdf2() make assumptions regarding the encoding of the ++given passphrase. See L for more information. + + =head1 RETURN VALUES + +-All functions return 1 on success and 0 if an error occurred. ++All functions returning an integer return 1 on success and 0 if an error occurred. + + =head1 CONFORMING TO + + IETF RFC 7292 (L) ++IETF RFC 9579 (L) + + =head1 SEE ALSO + +@@ -62,9 +79,13 @@ L, + L, + L + ++=head1 HISTORY ++ ++The I function was added in OpenSSL 3.4. ++ + =head1 COPYRIGHT + +-Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. ++Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy +diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod +index fc93494a76617..81ea2275d7414 100644 +--- a/doc/man3/X509_dup.pod ++++ b/doc/man3/X509_dup.pod +@@ -218,6 +218,9 @@ PBEPARAM_free, + PBEPARAM_new, + PBKDF2PARAM_free, + PBKDF2PARAM_new, ++PBMAC1PARAM_free, ++PBMAC1PARAM_it, ++PBMAC1PARAM_new, + PKCS12_BAGS_free, + PKCS12_BAGS_new, + PKCS12_MAC_DATA_free, +diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod +index 75b37e5544396..3615bcaafe7c0 100644 +--- a/doc/man3/d2i_X509.pod ++++ b/doc/man3/d2i_X509.pod +@@ -115,6 +115,7 @@ d2i_OTHERNAME, + d2i_PBE2PARAM, + d2i_PBEPARAM, + d2i_PBKDF2PARAM, ++d2i_PBMAC1PARAM, + d2i_PKCS12, + d2i_PKCS12_BAGS, + d2i_PKCS12_MAC_DATA, +@@ -300,6 +301,7 @@ i2d_OTHERNAME, + i2d_PBE2PARAM, + i2d_PBEPARAM, + i2d_PBKDF2PARAM, ++i2d_PBMAC1PARAM, + i2d_PKCS12, + i2d_PKCS12_BAGS, + i2d_PKCS12_MAC_DATA, +diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt +index b7d5091b31912..a56491d0f8b94 100644 +--- a/util/missingcrypto.txt ++++ b/util/missingcrypto.txt +@@ -749,7 +749,6 @@ PKCS12_MAC_DATA_it(3) + PKCS12_PBE_add(3) + PKCS12_SAFEBAGS_it(3) + PKCS12_SAFEBAG_it(3) +-PKCS12_get0_mac(3) + PKCS12_get_attr(3) + PKCS12_it(3) + PKCS12_item_pack_safebag(3) +diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt +index 0386701ad1e32..f3402ada7e60f 100644 +--- a/util/missingcrypto111.txt ++++ b/util/missingcrypto111.txt +@@ -1027,7 +1027,6 @@ PKCS12_add_safe(3) + PKCS12_add_safes(3) + PKCS12_decrypt_skey(3) + PKCS12_gen_mac(3) +-PKCS12_get0_mac(3) + PKCS12_get_attr(3) + PKCS12_get_attr_gen(3) + PKCS12_get_friendlyname(3) + +From 7257898633703d5841aefa7fb4f9d192430fdad8 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 6 Jun 2024 13:07:48 +0200 +Subject: [PATCH 3/4] Make update + +--- + doc/build.info | 6 ++++++ + util/libcrypto.num | 7 +++++++ + 2 files changed, 13 insertions(+) + +diff --git a/doc/build.info b/doc/build.info +index d47371e88aa9f..60a5d9b86bd5c 100644 +--- a/doc/build.info ++++ b/doc/build.info +@@ -1847,6 +1847,10 @@ DEPEND[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod + GENERATE[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod + DEPEND[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod + GENERATE[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod ++DEPEND[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod ++GENERATE[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod ++DEPEND[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod ++GENERATE[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod + DEPEND[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod + GENERATE[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod + DEPEND[man/man3/PEM_X509_INFO_read_bio_ex.3]=man3/PEM_X509_INFO_read_bio_ex.pod +@@ -3453,6 +3457,7 @@ html/man3/OSSL_trace_get_category_num.html \ + html/man3/OSSL_trace_set_channel.html \ + html/man3/OpenSSL_add_all_algorithms.html \ + html/man3/OpenSSL_version.html \ ++html/man3/PBMAC1_get1_pbkdf2_param.html \ + html/man3/PEM_X509_INFO_read_bio_ex.html \ + html/man3/PEM_bytes_read_bio.html \ + html/man3/PEM_read.html \ +@@ -4113,6 +4118,7 @@ man/man3/OSSL_trace_get_category_num.3 \ + man/man3/OSSL_trace_set_channel.3 \ + man/man3/OpenSSL_add_all_algorithms.3 \ + man/man3/OpenSSL_version.3 \ ++man/man3/PBMAC1_get1_pbkdf2_param.3 \ + man/man3/PEM_X509_INFO_read_bio_ex.3 \ + man/man3/PEM_bytes_read_bio.3 \ + man/man3/PEM_read.3 \ +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 7f958a4fa31db..ef11c0302e396 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5664,3 +5664,10 @@ OSSL_IETF_ATTR_SYNTAX_get_value_num ? 3_4_0 EXIST::FUNCTION: + OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: ++PKCS12_set_pbmac1_pbkdf2 ? 3_4_0 EXIST::FUNCTION: ++PBMAC1_get1_pbkdf2_param ? 3_4_0 EXIST::FUNCTION: ++d2i_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION: ++i2d_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION: ++PBMAC1PARAM_free ? 3_4_0 EXIST::FUNCTION: ++PBMAC1PARAM_new ? 3_4_0 EXIST::FUNCTION: ++PBMAC1PARAM_it ? 3_4_0 EXIST::FUNCTION: + +From 97fbb9437163fb5114da40250b7ace83748a2e81 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 6 Jun 2024 17:01:45 +0200 +Subject: [PATCH 4/4] Test vectors from rfc9579 and creation tests + +--- + test/recipes/80-test_pkcs12.t | 55 +++++++++++++++++- + .../pbmac1_256_256.bad-iter.p12 | Bin 0 -> 2703 bytes + .../pbmac1_256_256.bad-salt.p12 | Bin 0 -> 2702 bytes + .../pbmac1_256_256.good.p12 | Bin 0 -> 2702 bytes + .../pbmac1_256_256.no-len.p12 | Bin 0 -> 2700 bytes + .../pbmac1_512_256.good.p12 | Bin 0 -> 2702 bytes + .../pbmac1_512_512.good.p12 | Bin 0 -> 2736 bytes + 7 files changed, 54 insertions(+), 1 deletion(-) + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12 + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 + create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 + +diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t +index 999129a03074d..c14ef94998cde 100644 +--- a/test/recipes/80-test_pkcs12.t ++++ b/test/recipes/80-test_pkcs12.t +@@ -9,7 +9,7 @@ + use strict; + use warnings; + +-use OpenSSL::Test qw/:DEFAULT srctop_file with/; ++use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir with/; + use OpenSSL::Test::Utils; + + use Encode; +@@ -54,7 +54,9 @@ if (eval { require Win32::API; 1; }) { + } + $ENV{OPENSSL_WIN32_UTF8}=1; + +-plan tests => 31; ++my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++ ++plan tests => $no_fips ? 46 : 52; + + # Test different PKCS#12 formats + ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); +@@ -170,6 +170,80 @@ ok(grep(/Trusted key usage (Oracle)/, @pkcs12info) == 0, + ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr6_empty"); + } + ++my %pbmac1_tests = ( ++ pbmac1_defaults => {args => [], lookup => "hmacWithSHA256"}, ++ pbmac1_nondefaults => {args => ["-pbmac1_pbkdf2_md", "sha512", "-macalg", "sha384"], lookup => "hmacWithSHA512"}, ++); ++ ++for my $instance (sort keys %pbmac1_tests) { ++ my $extra_args = $pbmac1_tests{$instance}{args}; ++ my $lookup = $pbmac1_tests{$instance}{lookup}; ++ # Test export of PEM file with both cert and key, with password. ++ { ++ my $pbmac1_id = $instance; ++ ok(run(app(["openssl", "pkcs12", "-export", "-pbmac1_pbkdf2", ++ "-inkey", srctop_file(@path, "cert-key-cert.pem"), ++ "-in", srctop_file(@path, "cert-key-cert.pem"), ++ "-passout", "pass:1234", ++ @$extra_args, ++ "-out", "$pbmac1_id.p12"], stderr => "${pbmac1_id}_err.txt")), ++ "test_export_pkcs12_${pbmac1_id}"); ++ open DATA, "${pbmac1_id}_err.txt"; ++ my @match = grep /:error:/, ; ++ close DATA; ++ ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_${pbmac1_id}_err.empty"); ++ ++ ok(run(app(["openssl", "pkcs12", "-in", "$pbmac1_id.p12", "-info", "-noout", ++ "-passin", "pass:1234"], stderr => "${pbmac1_id}_info.txt")), ++ "test_export_pkcs12_${pbmac1_id}_info"); ++ open DATA, "${pbmac1_id}_info.txt"; ++ my @match = grep /$lookup/, ; ++ close DATA; ++ ok(scalar @match > 0 ? 1 : 0, "test_export_pkcs12_${pbmac1_id}_info"); ++ } ++} ++ ++# Test pbmac1 pkcs12 good files, RFC 9579 ++for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") ++{ ++ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); ++ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), ++ "test pbmac1 pkcs12 file $file"); ++} ++ ++unless ($no_fips) { ++ my $provpath = bldtop_dir("providers"); ++ my $provconf = srctop_file("test", "fips-and-base.cnf"); ++ my $provname = 'fips'; ++ my @prov = ("-provider-path", $provpath, ++ "-provider", $provname); ++ local $ENV{OPENSSL_CONF} = $provconf; ++ ++# Test pbmac1 pkcs12 good files, RFC 9579 ++ for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") ++ { ++ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); ++ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-password", "pass:1234", "-noenc"])), ++ "test pbmac1 pkcs12 file $file"); ++ ++ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-info", "-noout", ++ "-passin", "pass:1234"], stderr => "${file}_info.txt")), ++ "test_export_pkcs12_${file}_info"); ++ } ++} ++ ++# Test pbmac1 pkcs12 bad files, RFC 9579 ++for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12") ++{ ++ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); ++ with({ exit_checker => sub { return shift == 1; } }, ++ sub { ++ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), ++ "test pbmac1 pkcs12 bad file $file"); ++ } ++ ); ++} ++ + # Test some bad pkcs12 files + my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12"); + my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12"); +@@ -288,6 +288,13 @@ with({ exit_checker => sub { return shift == 1; } }, + "test bad pkcs12 file 3 (info)"); + }); + ++# Test that mac verification doesn't fail when mac is absent in the file ++{ ++ my $nomac = srctop_file("test", "recipes", "80-test_pkcs12_data", "nomac_parse.p12"); ++ ok(run(app(["openssl", "pkcs12", "-in", $nomac, "-passin", "pass:testpassword"])), ++ "test pkcs12 file without MAC"); ++} ++ + # Test with Oracle Trusted Key Usage specified in openssl.cnf + { + ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7, +diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..9957d473c433bc9fb9572ecf51332a7f325fe36f +GIT binary patch +literal 2703 +zcmai$c{J1u8^_I<8ABNB4Pk6UgnstR*kkNVmbleK_MOQV5{B$bZuZ@TE(Q%DI~6Sy +za_>;K?Awg&gK)d&eNUbD{pbGioacPM-{+j?zt8ysc%~FEh#tT*L1Bzi@rLpHEFcC@ +z37&Bef@j+hBY7)1Ad8U9Q_fZY!PWdV!<$)A!L;D^99D!DhE +zeQE;1U^pGX41@pY8<-JF2ME9z9peo_uJjO)6ojpI>t?AXtBj{Jv>|^u>h6bVJpBw; +z+#a^-mWMrkMYg}Jfxic~-vQC^Kt6wiU3a5|Vneevb2UJ$z)2qnB(3bX+ki6$-vZY@ +z_jNXQZTo6cC8;EgG@yE-_xV79ZGQJ%I{69AF&s=P;{7m`BV^eD>hi8QDGbWW=k(N~ +z?rwAx=6c3#F>pv2L4VOaP$r$r8H)wPkN!jmp#f9wlbG_*(`oK#@rheWABcv-oOfog +zZYz%aTa??GYAh^>vo?%Ytn1k}?VQgy3?$BA43ITPmqN=#z7%|ZuMyYTsb!MrPNefm +zZqFRZBncUQLYTJFRO5#Vm}Abxr(6e>cmXMQ`{e6;(W1HbvJy+6ch6Ew4a%-^T)$S! +zZ-KnuFs_#(<>qmAQHUMRgA=lor{8J5+lgi3=XMhrn{rQ)Q8o{i>As;dbVXX%-pF_* +zZzgS@b5K1fKeg-SDJdp=IfDL64sDgQcs97g>-}r5xM&}z?CAJ5DfWlrG{Vclzf>dn +zo{V*Ewz$6%Lf?^0e0Q>3DIInhuW#>Yl@qx8n7!wUPXuV11Kb@ccR{%DDS;0qHY>mu +zu-vr2t#J+HN=T``{Vnn9R#VlV+Ii{wMEM1hhXQ^ve5Zr$o3Kq}n^%2LkRM1kp&yyN +zAIuV?4KWFhmGbLG$uK=egKjkyGTp!b68!4=amq-$qDri1b;qV9YFJH~WOizc9I_%J +z44_J>+hGh!f}QMW!}Tr^@1zS%n5t6Ov;=QmkAqZ|PFXjGT~H>*Zg3m@=;#5|xjVXa +z=7!*1ZMuW{7jRvPZEBWku= +z>pX3o*5O*R8WWG=%h|0czJp%Kpab&Azs(Zn5^hkb3c)52sAW^j`(JBf2EO(u;};5! +zJ78c=pipR;Q`}}oNj`E?>xmo1c;h+*jm-F +zvGHxT@3QKop@A(X%GI?VH>66GGkfm!BX8F_RG=h|*OTP)9Z`1b7<0OAi@nQHs^*85 +zy*k?D(T_YY`YGM_^c@Sl@gz6Yg;Gw|Vky;(_%~Rln$h^CvdyVE;n0ScW(%D_2ZaT( +z<3JvG*k_Ou-4q$NEa0%}?T(4#q1{(hydmIOYF_cub5Cw@>J!^KG*=9kyF|@s=|27Q +zk5EesrnuH`ef-b#>n}vJP!(M)-5U9(H%wuaT-Hq#?`FZSaO8=JSxam?LFa7UX-&BK +zIDm)7{outv0D=ZX@KD@$+xPo;!p{7cP0UOn@b^&eyD9T;z_IRE*SwPN?f9?2sdG23 +zR1)>R-S`UQdvhgZ6oQ8g4M@YO8nkG!jk}taE%TK@@R2z0qnt?s#hH5~A7!4`E7*MW!m9T778sjy_p@|)v(>Z)=gcJcZLp?ECAhRQ*>te0UgO>T +z2!WGkqg5>=c`{xYLI9e=7GvIPcLnpC&fKx}N>j5dT@r0A!A+m^|pCwV%3}UgTlK*(`F{ +zPE_J;HRlt|ru*VW!Bh<_#<*>;Jv5N5(AdP?(m~9_6tWxOYfDd`22P^04U&R2Zr$>- +z+S}&in23Z+TUPeaSFchSdhOE0HWRA57_5a4k<9K1n4QJ6@Ttyv(<|-^FIfAs){oKH +zqoB1uud(vU?4o(Mh)@Yne2`GvO5mxWbYq0!lNT2Fo9>2DjQiZ4nM|rNda1}rV7|GK^jbT#JYRA%BE6nLJBS9BEd(yLu>AqCaWH~S=o;Yl +zic31awmQ +z51!~>BfRljLJY^Qp!I#PjtaOIPDWYp+$&mbuVGcU)QqmMx@9N@lGwtF9@~Xn-;x*U +zRR}CmP}b3UWSLQx=yn#R!-^im4P0K}(>&NwVZrb@W~U1o6fNJ0i`^IUgM;lg5T9HE +zUp?nq!(DFHFFOZ^v`yg@3Tp0oG-OAq7r%L2@%9|U=R!)c$gbRS?~&Uuhq2aMJ4bF) +zf9njx1D3ZECBTEZrI0V={tmq_rW~!5r`TA@z92xfYOR#%H)xcyAYVzqvpW-~s7ggZ +zV|Wf(Fi+sk3X;)Gv!LJ@2C>OTp;CMfZI^QGP_q1}y?ib7d!@%IEYg|Tz27j)$Y$y3 +z`4@4b-II|shmwgiM~Bgiiypp>)Nf4n-UjRgh-0>@+qtPVBd)8s%)CyCu8_8O6#0mT +zf%CXFZHEb(A-2~HXCGkoY3Frim&%;~856h40r_N$o~%%u3OU(#^nHpCJf&869MoR0 +zqP7On(hy;EhPkfH46;KSkjHL35~I4ooaATVlj8K4mFeX(d6hS_vW^&Q1gR$l#1FOJ +zP3WkyRW%X8xE`;1+p8FC`VJL(1*uzfeD%;{Gp$p1BKOFmMcJo#Y&Mx?ruFQNH{1^7 +zOHZfkTqNCL8+mP1emzme1_TNP`D>}n-%12coa(BwP0IT9FXEZ1t{DyZoYPX;)PLp^dR +zK=cP-8M) +zf3265`=`i(z#yUj>vI3o>>xtn<-Ye+$zWwI^q_2ul78QG*>lf;C9Y5z5p$iWB-kVb +QZf;>CWNWRj_YbE31}omyrT_o{ + +literal 0 +HcmV?d00001 + +diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..fef1e51f71c94240b8d5e375b3e5273a7cb54be5 +GIT binary patch +literal 2702 +zcmai$cQo4z8^xrY#+` +zsC%QWRa;5aj(vO2`=0i^??3mC=RD{8{XXYB|9#FEz%!(PL9_s#0Scp+OfXE?X9CfI +zO7Zl25Ip@BfTyPbc!Q@&82E%CpMi~4*-@x=x8h{^0@0?%=a;JrWBq6NzTQ|xqnPt3Pp-qLOF?ZhM@U*k% +z8S;f2Y&sjIWE-ljnY#hYDxCPff~cAMW*cxt}-Y;CpLL2`8~mKlp|`+ +zVO#NIfJLR9srurg7<1Ej)w-T-%g)6@!yv*e+5k~^q#IT){H5sgJN5YPZcURUPXdi! +zN@w;^Hc`;<6N_m(RV87hh%xp;Lh5x;sSl8PXF$HOA0?7+FDt$bdiyl3%%I$X{ra_f +zJ`2RXrjL55k{(`MOM+~0Zmgi4Jnc^Foo);RAE$@##I$FsjIw!{Ot0hRk*m@=_D065 +z1+(e<9K&kCg=sx6&WN!QE0MHc@~B@qO6EeUeBQnCiO2c5Fw!CwRHFuyuQ7&RbJ5UBeuS)evzOVc5rXBoRm=UlL}s>=o~+5 +z;7ZH>w)!=YdqryP?c=0xTP-zzY87Pe6XX|(UJCf7h@CFhVn7Q`eZPV#0iQikCX3UsTbnBm^N7vPuIPg2J^6)(qm*LH1MB1ct~iDqZEh!HCS +zivd(AZ9AM!NuZkzWw_oW?3*mbfUYTXPfzsK@j6Jm+%4-tw+qTf+YN7{9vo#rU3+n5 +zvyK9Hv}g`0NA_53jmR_9k;_gERIxH8D-D?j$#GKkq575igo26mtuVg~ +zGDsY2l^9*E^X2>0K>0{pzxF_tt9z$axmMf^J6RHZ(xN+Bw%mTH@ym<=bJ%nxmQOGw +z{(z1#kxZs$Pji|XCHu)qt|x7j;Efv~^oce)=aynrS{KfxKLOty_<)g}W>R~>&)Tkv +ziA(6PeVfxD4Gn5DQLe4`a+EAp&hEQAh`3$vRD~2jSx=TPbVk~#q0MP}E%vU&sF)vG +z_G@dA#y@aBA0+qQ)psuP#S=Y{Qe_;>C6X#x39m5>b>j&w<(t#cf0>fi)_eBn +zA7Pdj4Ds#91AI^Q8>Mhe6h${nk7nMP4O197pLr9>vstt&6n$!9))v=Uq0QBBRu^IZ +z5x_&^fAHcT06{|_cqsO}?f-qeVdwtKCPoGj_L8EU{nVCi;PV<2bp?&S?k(E@@7*8Hki{T6W!VwY`WM~uJLSs +zfWV1!I28*C?yOf&q;ef)*q>6*lozg4rs>VMY-wLJ>nPM6xF}#_)8C&%VxR4zHplY7 +z&g4k?J9OzW$4XKG6wbv6o}**G7S@V&J$r}HfH})RM4pJKJm`bM)Nz}^}vK#1cOG}#$PNuO9mV`BL-SV;8 +z+va7TjD|~FR`=1?ekIfO+og+cCf4@QSqmK^7(ElwJ4@*i)7_1xS3MV>GY{mfpP(>D +z!D|CP6O~iB4;MTl!^FMu!GayDL1zNe&5?$WpIhK>cpApg?{j{1Z%B9`i$^O~`h2A7 +zFc!~-gk(m4b+Ns~QBKNW4!}#U6&Nne}zu +zVCmmIHHD4zx=e0W6gNCRT}`>)yw~CT=@+pIzGn)jH|qxU^6pFqE}rL8c2$i|t`3;} +zBX(lwi}BcaxlEcdYWblN|3Ygq@s(CsWue4oWM(6sRxlMTTMX#7vHk(EaWaBU>KNel +zN=m!FwL4RvX%O~MxS$fx3(h=xfw95%Q|04?@q@*z(%-RiHWk~c_k}_;c{_;43BNbK +zs!;%!ypwQcYS1Vv>u8aCwo5lhvu5n)jNN<_=-haJgX|{epA>}Ly4r>qeI-%l9zuo<(Q$-*MMz^<%G57c79sjnEO|3c0spzPiV(mvV3II +z&_!&AmeVBF5YumlwGXuVwDYRE=kk2OITMfSA^8-GzML@ZWm1a&_`6g;cxt`SM^IynL8BdRfNvN6Nf{u&Gc@a$^0XWHf6t(iMbS}*>*0+*PKoy +z-6t~*ZW5lbje-sepPq_JHyvuU>)D(vp +zmZFk4%`!FtN#jzg-76#o5in2U9)&z)xzS*!j>cZUTI%tJeG=nm-4jj4+gh9GjP%JN +z0g)eorRS9U1#-U6^%--@hOGy5lJh|xqas0@H(eZv0{j7^ABRw8Kn;-oDH#C-1a59& +zBWP=_ulEmE!63o^>vI3o>>z>>mHu~CNML16)Ua%ulK#L<`7`gp9+tpJq5r+oPI{IQar@!yJZdr(R^P9KNApO`$IsP03$%+r(^{9AaFGT*QT>i +zZ2%YyrvVsY@c(=R(?e+hei*%DyaC9S76L*+SnIZKmRT@MdpbiK3r3>uzK_P!&Tz)< +zVXJR@*wI$y_{r$|d0+<|SQ^vi3O3lZH%iy7sWzsr`YbDO()$XMM$VgUz!`&Yg==2; +zHXFOTZJ$ISm4=cAl}~j)AIP)L@4n3-KZZGmfl0+Y?}u{*EjmHn-c_eXf!PHdo*I!4CEAmwhqTtgpPB+pJpd@SOz{WH{tOq_Y`R*vk>W?8<&T#N@?2}8m;8d +zr0sJIsRkCLcE30y#e^+~(|*aNe&r~c4XW~b_sT0S+Q%s;I=&sn_CSnU@nYyNFn +z5V)&Jb5J?F$6{l+K206I>`+e?D^s*om##;RkqL)tSLWjL$J4e>vjkfdM|$ds>K#^E +zPnxE+IF~HP#iDp~cdJSw&m(cJp(*V>rDZ@td1qXDM@ +z(rAms$V#m@-=})YN7}m8hbrg0c3PBb#7%J%C4nc+IwNIEZI>FpObalFOjY9e1cTxZ +z=ok~$*Qr@kT&9LeKC-B_#ElZXQ9Xn{!CL#=Vw7^r{JFFz;9LD4urgCjsxSCi+f=Zz +z@$EKmv+Jdx0jpl1M91FeiBsZjF83%I-N;xzBHI|`vEWWvXb81c~r16F6LKo1v&cw3g +zKpuS1ub&d#92vUI@9@>z9TUe*y|18fgWt2vtm=j5p6ue(C)PD+o+vDDiIUmcbN1&S +zAr|Hgac#%_d{6ZnB%_%q3N99IO}x_^Cb0E9=1nBeX5p?-KzE1OGjXTEwOnR7#${VDZKY5q!Os_tC#mew`X_5z*$ivrfxeSO(v_L)vQWe#WJPbddO%C0O +zO1z`ue2Uq0U%Vucs)ofFwGVZK1h5tv8M|9Jh_?NVt>*p_jJi>pESZZJOw2LQOZFmCzxA(LDjPvzQh()zx5f)qUYPbAR^Q2^xD8 +zxZ3YEUOAalJnt4BBJPO~6l`A!I1`X+3O9KC+#G+?-5`p7pX;M*ef&ciJVv3?>mya0 +zv1leJC?oQ#lg%ZLa&kIz=tbe-BUzW{PL4zSL=}H6^{bCpA+J<9wezMHx*0O3*Vc3b +zrG9tU5H{59G`?L?RR8#NCHXjIqk&E{kP4P50(4qg|A1IK7{VsB_3^qT +zrJdi}9I4OLiF@eifD-o$jy$^lF@biI +zvEH?c*SD5fMq*dcdcO8!{H{flQC2(miobT$GOJpsM^{}~5$u(1;Tfq+Q$Y8k_C&?qGV-ctXk5ff)ff&!p6 +zGKVOfui(iJlvYnOU&ql6VUrC*P`nQ9I(fE889wA*fd=}W;-eHMsjQs7W6Uz5MQVEf +zd7MbkWaP}DMB>cRVf5mnhi?<*n4!U2pKXxkgthukUTW>A>sMS>ewTQ6aQoYJx$wrp +zi@0`8hY6|yw$Bu2=WqFG=M|y*@|@o}V>iN}T(Ws@b_nh=IoWsYU5XDprB3K0sH1R2 +zWfh{KCQR=Pb6uGkVuLgyPTaV~$Fzeu$WOtiB^fa*)63`b2{*H|kLYU!D5r(Q_jTUQ +z=&16qD#8MBycVynG#2dDFkA(R2=q5e$<~_y + +literal 0 +HcmV?d00001 + +diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..35ebe05d177f7d745251e2fce3ebb4f23e0ebd09 +GIT binary patch +literal 2700 +zcmai$cQ71^7RK$`T}$+Gm0-0cYF59jURE#BuVfLuv(bVGmgqv<=$){+SY-*KlY|r! +z#Jx+RMXxLRB6xZ8-X!nMdo%ZsGiT2CojK>f-+TxxO%f15iNMl;A=F|C`U%H$04hKk +zmih>UrQSnesYwVd$oZ!QDZ_#+ze{F70LAyF|I+~=Y<~=3I)ouY^yf&6;08feacsLT +zzI8!BAd~_@3xWRY8;}}If#88qJ0<7?+$cc+F%V<@-tBU8dPy%AaC6~U^!*PpSju_U +z_#<@99Zx&T>f8V+y#P=2kRwBLhD_lOlh#hzwiVgh#7&Q39ZL96Nl?#yyN_@|VcVe^ +zSHCXAZSLDA;|OKpgkhx%ozEw-j7x{_GKo(iP7y#t3Fn8=JU;VoK(9~rMR9OWA&Zwf +z>2RmJINvLFkBV8u0Q`&Ei2~tj-eep?`0P&xJ|x1J?IN}+>~fARMtJ&8@&~;B7|Xo{ +z`+d2o0JADvW7XwlVfyBY>Mb4X)`M$>`a$@4lpd_^OgpSX;7ifx_p0$dJ?chD9(W4h +zl&y;$ytw7Nd?m|$vy|gQ5y*@I|IY@ +zg8B4gmJyZU!nEF(mxS1ewMfb@dE^b2(uI&}@At30<70fCb7K-Z#h4xmlPh12{G}Ad +z^>ng#x836vAM&1P(z}Z_oJ9BytgfAtMPAV16Q+I}-$=k5Gq5j8TAaVQsgesWw7|m{ +zxYl~SuX+>UR+(CR_gm7}z1EsPH3~A1@iNN4`pCo+oLFJyPyehk$I9?Z`gz@mU7gr7xy@ +z-hubN2E|F$=n;dp!S)<^RMD}4EL<*cp(fcNHbKOls@_;kD40y&yU6BilOOAAz^ipx +zYBsgZX|k?bObSPHHyO?E8D=X1TZA(|un}Ggz(MUs3bpl~4q{~r+5HcOV0Y^stKlN&TgftoPH?g)8aJ~>Ef0dNg-go)u +zA7SQZH1QqZ2DzWp&>-CMZkc8nq0`SiPR&fTIz{-_HhllHi-N=^2L%en~D +zDFhZA|AQC*1Q0j`gau>1%YNU>3v%V(Y@($B0Kc2k-$lv41CHg8ikeNKkJH}*r@_Mz +zCokx8x8)Ve@Ai7=1PBWn9hQKSRLL86c}HDJ_Z +z_Tkz%l(qWkjaC{OC^9r=8=~v=VXW&2$(v6Z+@VhwOLXm^vFc`0y2-iw +z5d{ +z(LNXRbQDy=9M?}-yRl6*V4E(qn^@aRWyyaEqxDEc9jv5B%=R=I+juO$pdZZHI!B_< +zf;R`fC#z<1OP1Ut!$iEW!F-+TL6^J|Es^?9UzlNUd+0|~AG1xlH6%Qi!lLA=yr;-o +zw8irwA(>Gd&eqpiDu@~M;nxI4&!k;nI6I9T +zOZ@JkE?}V3ZFHxyxZ&x=ddj1gqfVbszX(@yKbO7muN&0KyFVSc%*w6cq8ycs3z+{S +zc5?WO;rK*_WSSvzwZwpDsjZmsS|hBgP;@skvyn<8m<*IEMrgM){sFRbG=NNN>0xzB +z%eudIIFX;L;g66pL8Ts7oj7#@V}tExDkks~C(Bu7zhk7WD)&<#@rPz|brK8{es6qT +zBMU5jFX}?qpjKYq*(&|~kZOTq)6mxmv->vCsqxXywyUsT(mfb|DK9v{lR?x~SZs)6 +zT}mz)4+B7U^o}`M5(!m_9OB`j*NLBFZa?EW&gZU#Igj8XtWMT?02Tp@)nQT@LKGPp +zPjzorzVTmW7>ip+>iXGF@VFJvL|Yy_DB0+$qgOFki>bD_qb~*!*~1E++lJoSlMxt@ +z4JwmW&{ThHo>h_L&JNe4M^0jfZ!B}Eog66Ap}3rKGx_vN*6zi}9rO7^fp)44pIn1p +zJ!jp-+-TFSxC#Yz&SGSX>K=GD=SHiPzIjsp_A1rq;_Xs_L+Q1FGxsrOL-n_|PHe^j +zmRb5IbZc&2pOGz|ji4TxEgJ?oD69adHUN +zu|-(XQYB|ju%ueL**1o11f60KCdTF1shw{Nm*R#W6{;iO%Rfn_lgQ2;_=Z}8wMon^ +zy@(g=n~9n~6-}ByJB?Xc@$_pUeWPjg(PJ8BIA^T6o1a!U?zVx+F6a^I4efllEfd*1 +zd=1m7;W$m!M-P}_>;f%59lXZ%DlP_GF>=QZ%cPj~=Y(Mti79>)?^AuDsrCF*fUcr- +z`@I{j?NR8=0}|KH*m)=p=FL2+B1xz~P|3Rx1K51d#aI-Wu!VoL~RKU#aPxSA{M*ucpt;un1#F +zN{O=! +wg4}<_IuKt(mEQv;B2YmcIU?0AuRAzb@!TtLl{HLKz*I9j88QQc{^zZK0K6{N*8l(j + +literal 0 +HcmV?d00001 + +diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..e8d4899691bfec94614bf1614c0e9d45b902cf24 +GIT binary patch +literal 2702 +zcmai$XHXM}7KKSjLJPg9krp5dtO*HCK!hMlfKXgfI#LZaQi2reL5lP$MT%7EC6I^; +zC`DLA7DP4z(iA~@4~T#+JMWFY_iKOLxpU6BGxy&&2Tf*=0|J=QWOguwO*UFLdXE#p +z0(eAb+Xa!?w$Nm@H8dII@GF8mB7;nhEn^^n>3He>N&slHp90K@)wmrh*}zO_5eS=Iv@YNlGYB9H;<3c(p-6ScN9EXskqoP5qi{0w +z47G^^7Gd+bc<}~Fgv7UOY||$9Vx7GWFqBwZz(2@Li=v*KZ6RzFhbL%5y>@HX*g|fK +zCFqY*(F=sh(a;N)GHI#~25yMcT_{*a)IDT;VNko2^?scCxtKjyLprQ(YXAh}L#%n( +zTQrhNI76$_g!lGcpUJy)#$0n;G6ZQ#gO>#8w>!LU{(S-z=WV6_Pg +zU*q$mxw1C5Ex$SI=B3N?jdOchd{4fgVv=pT4ZoVk9Z8}FNHUvYc4BhvoTUsI8L^sL +zopiZ;y2XdHfUO!V-Ar5BROQO(-K1jGZ7ZwQ!@L!*8;l#mKUQ?Yzp@bGbDg|ELDX}Q&X!Y4%3b*7*VHf%9yZv!SWi>t>qm6DRrsYEr;&BPo!3}4V@ +zk?AMeU*?oAW{xGA$SE*L7`tfRwiT#@v9gqOtDkqwN;#{ly0J}Nt?hZV1xAlN*4&`O +zo9da~^}MoxyT7Vk-92 +z`Y3n;E-oE~9xR#>@)u0sn#CVfstkUtzoh@2+a05kV*_uuuYEzSeI1hbS)7*QO!P~C +zUpz75Z=$s3)O#=QnbMzDER&L`hq$60tR+pC63&E_?TS#3G2b&kyp{F7S&&35;>&M5 +zoi(MtRe^Tbu7XhXI68w9sOH1As}p-duSoG*Qkw>vkUeG2mDftlHA~m$ge}onp(n8m +zjgL*GaTIZ6RA)2QALINZPma#jy)Ibw&1Y%$yleTJY&G+3C7q8dc)f9RLJ&!BHfys` +zaK2_A6@J2!er@{0=ws8BH6wK-N)Zh+u50iiFvMOD3ykZI*xk+il9(tg0csxxoP57w +znjV%tW3PLyr +zEqvBZD*alJHx#UUSUudi^LW71U$8h1Dw(>yN;V%GV;T|#h&eWq{{|fGcn3K57F4v8+{vgq3Oh~ZrmcEST-O8z4%K1s}M;tPIc +zvuMYpV5W+0Rp}Q}bxD!pJEs=sD=OV!n^Ee3qTtk`$Aw(zo%z>QnV?T|U!r)o;7w81 +zU8CuN( +zJMm~CzxWw161M$eue=Jp=M_L1i0#Y2MGA8K()rh?vW>%30k;T}1? +z73pvY=|4vmbzqOSv-E$-F!*{oNrwn~$f41DUk0TThvqA(==BjI2KmgHnSx1=#&OijuHpX8vmIu1PgNf;+T-W%LX3WP +z&{M@dfCZ%)WLtc}A*y(c^jYJ2tcE(uY+ewf71epylo^X+N#8rQb|Ue`>HI&+qd)mi +zId1=z#p>EI>l<)+iMA|za=3;zliQfPg_;_ezGxi5rM!wx@zl36fR6R;pK9|{zggX* +zI6Wwgv1upQj4OReh2&+=-Pn==w3ffs-CqWjKex5G188Rqb`XY6^RUk$`=4$`8sPh}=d +zv}X!M)}HY<>H3J5M?xOCT|9W&eD}BTmWQhLCqxa48DSh-kzZRxQ+j6ECqPlX{Qmc^GC9chTwY@c+_gztryy>w&dM=$U8i>Kpbf+D} +z?Vt}#Da&gwKZZJZ)>~u*r}KQ-=}o7F^3P&hdJSmW%72t?l7+Ayu%T4Lc{nj}7&S;y +zz22p-cu4Wo2I^8oDFG?Hj(rdN$71iy?jf1LKBnw%CeB1cCTX{@H=Qu31p;5@G-X&J +z1vYRNT{O^EkvCH4zO*k_)-C*YZk?&YXgTvRv&{EHw)K<0LYMb)dxsMdr7y};se-ZX +zj`eRLC6ZHm$aFaJ&TF0w;}^q&d-N7Xu0&R=9n)a$X>W)J+jk6IL8~=YwI;Vo$o%nPP#DS +zOsjaY(w>~gaR7Bor+MVily= +VW!Nl&SdEOYi{CK0av2B!{0(@<()a)X + +literal 0 +HcmV?d00001 + +diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..64e14341a10d04e7e98cf83dbb2b6409ae1fd72f +GIT binary patch +literal 2736 +zcmai$c{J3I8pdbF48|5&vqjlrhOaf*e~6LnON7GM*TRf3A}0Gbexk{eEm_A}b`r8> +zuMmwr#kJMgD&qQ`dr#f}?jP@Y&+|O*Iq!d;^8f?}G6YNm5Ex*zaLE`{%mFi)4xCSb +z??VZ2DnNj50R*V?pNKY}0JS)^Odw#;=|cTUz`%{)0>%tn11|lMOaMQWo?KOURPZ9w +z69S?|M>=i!$5!lE!;5%1$L!@f+eA>5>rmGyl-<5gfLWQhjpo01c7G3*uvx%W?sgue{9RT|s4#R>C6J%Edk<=-uq-d@r!ROUg)X-ILGkK7})ZpGl# +z6-*+R=UWkb{1Uk*#E0!_e;YnW&+pQ^eq4sI$Ww|Hv(}0#a +zKlQ^+B%Z=t5EUDbniPw$^O<*tICAC6KObyy_!1pUMJP=_w3MQ_L}_KLa~I$j`nTT} +zHKwJ_EiYl2+#BDc^{A=46L)q=)y5g6&!p^&Vq?l?HW_g0&*yWG8)~BcGLmG2_zkpD +zuJoXL67oBKU=FvPnif~prLZ59aGj)q&F+Tb8c-j#f&RP0OKAu!zYnC!R&k()qJN1D +zH)n{YHF**!la_j>+`ZaK*3+)|hY9ao;2E{SU;60toCXNT@qDh`ml?gc_3=eV{?51F +z=U0+nWJ9&68P5wsaB~Oh{Ml7-lZyT?nz7-@3_Pa$cFyfOH{VqUHj`A%$91}J$gqD1T>EH^|xG)1&ISL#*ZFlj`&Q|`X@`eO}%)v57KM?!MyKQ +zXc{9i<$mE}VxakYPTQpB%tY3V*Dl{DW5lfc_V}%EtVn1p7nY~{N*8NuoyQ_$)ws86do%hBVb(F1bVEvsA9>F&O +zRQs=KLrclFky%8f;cM0HkAnqrG!8bmFh0|w6SSh^JAOInR!2Krmr4GHh^F&q&BF29 +z*|eckw27|l!`5RThgUd3i2XeIHB||T+HmQF1 +zPDP#z=8kjer&j+4rM{T~`6CS-p+%{%^hoip*Obdm#BNa17XnqR4f#}AZEEru&#GzO +zS(|OatP(Y7WaOUxEG~h6fN5pGvEXc-|1Te>L%`F|$k|~yrON}$Q~GV(GItZZR5rtq +zx@@Va4Xu+B1WTkJN6(5zi^HOIP318BM~CGBgDH4 +zLaK$Ks@QD9D>chzYe`t>NjjE`cuObjo}66SL50g8p9$Sm^^tns +z;0_RAQNMZd4}f48C;@i&)b>3cPg=(RvWbZS3^@&DPfg_i15SP5i)Nv}TDSi%aONt8 +z`B0c7FBPnYhe9LB8cKkUDN;BJQl}W&QaCv2Pc-)0f6CFEbAOdK&Ob3`Zm!y`U3A_z +zODU+hSBxYWL41$n&+28lD!q0TwRAFBNsli%CnzuIPE_J$DjM&>bE7k^auH?~miFK) +zIqaBwg7QmEwp)ZSN6kj5jefLN-FgZBcH76~>AGKHJauJBXEOUCn_uh{(n3he>JRLQ +zR|B-g%xs4l(>}LpgECD!Tqrr!Vx|{2qiD6Sg)V5%4}U+mVekZjH08N`i}}Fy*3^0# +zKz&<(b0knfLr)75aA8X|3pbq_oeCq8e7yiN*S+Qd)>ig&jMwh9R+b7e+Im__SSes+ +zMDA};&vN=jlrY*Ehga$F@lBOSQ_Yyhk>Pz>=S5R8vmJc)scR +z=#Y@?kRW+Jndd2|TkldK}))zdux@RmaSl_TDG0?o5 +zMMh%2IT4G9~=#_+fE&WM@d6`gnk`K +z4ZAPu-T)R`7#!}|D~Z^i8YP*nzuQ&$t^)ex^SI)5bkOl@$Ch5et(hmU_H$6{=rd(= +zH*9Taf@8>5lz@Cc`s0rbN|)&x9;{@sX6g>J>@7D0-tggLsaChE +zzWcuCVOajxbVG+ly{x;j!jR)mBkL?no4>)=YitX8aX)SOTr(yPVoxrI*RR#up7#Q5 +z!0saXlgee#J^Ms>kaU^#^Pe+9Tw>CWyg)zG{L3(N9jlQ$s~q?b%j!`e#kFy^z8iAp +zQ|IfPf8O6EM%?ua$)DxW{I#W1QaAd&_M^8%JCiVwCzS=o!;k(}DaOl#W09 +zSk4>aZ7zFHy<|Igb>#!~?A4PQWj>6QxLJ@Kj1CZPTN_dw)mu~-BUvZrsoc9C#w#ld +zT>K4KIHxQZl%o^f%#yHeHs^H6%z +z8T%F9D?MlaAu9x|^*?Qn@wCnT>2{|Isuci|f7PzcNM|bXivb;s8AAv{)-jC$Rb~R?lGFsEHIm`3Psh-q4iM{;+CGg!1m8_f06hv5BRSmBm$E2pIft +D?Q7k< + +literal 0 +HcmV?d00001 + +diff --git a/test/recipes/80-test_pkcs12_data/nomac_parse.p12 b/test/recipes/80-test_pkcs12_data/nomac_parse.p12 +new file mode 100644 +index 0000000000000000000000000000000000000000..d1a025e8bd7ba388106c9b0b69917bcf0d75c981 +GIT binary patch +literal 1191 +zcmV;Y1X%kpf&`-i0Ru3C1e^v5Duzgg_YDCD0ic2ejRb-Oi7q@ +zm`Z3Oq*FzpEwAUgTK!>P0tmf$!rKkJRCN*BGpSYjYzgM!Gc-6XRWeVUUAAN|1nJIT +z`n?9lMQ%vyvf8&JttHg_Q>ZosE +zp_Y3ncv1g>L6*c(uu;OihCtB}=sr@F0RrQbczHighw} +zCHVS#fOk?yDXd&IOQpas5z?eq&{!NIgiVN}QU%q0atzm2pm+t@wbLmMrBxz+v-ftM +zEmW?FTMT-Ji?<-sRocHjA=27rWx(rhRzf%h!jjjWhJ2rs;eAO5ls!`EK8qty##9%P +zs)&B83B+B&hJKktvV71Bq%nV+4=gW69hpiJ+D7;njk2wm)7C(f)UzuwVTiJyokgjc +z*yD)Xpu?U|OyC>0I`OSjoWc|oAoTIiUB_f+!^WWqg&Q3vxFi}l +zW$JtEHd}hpcl63D&2=RD367hZq<-C;kzlr#V6J}dqwIz3h=rqkxlqW<{<*3iXO+Yi +z6h_uyWZ8KSD0kkq-YFa%co5Qbe)OAm47ey6)lo8^c3T{!Z8r;&_vDPpnSkDv&*(f) +z0tQx-e;R~JWoMWB0$+PY(-MY!`asK`F3}w%sy*g)Gn#BPkcvk3t$&6DS&3T&6nnQ< +z=nKV)-MvN}FRLcX>3fL=q4aN3C!Iu^#V4(6mx{i_exS!lUV#^G_zqY&y;m;;7VuV8 +zlz+2g1U42cY)DPdjA)rW3)#aZYn%>Ot4ZRw+p6chfWw3F&^CR083G3^i{TvQh%PuL +zI@YS2C2~)e2v!x{5Ll_p1*s@h%^Sc(2?v;@cT&{(#>rWyew_n93d3zt{Ey+9jn7kc +zQ$n&dI(Sw&tA;g=OoTyro}FfEooxJ((fpLliunP1?Q0E(o^QB$Dd7u$4)13nakv(f +zn#_CEaVG5=Qi)oGa8dq|Y@C+9c~*zzJB+EQ`rxJ1dthRxy0$m)y?e)2Q(8lN;ZcFg +zyDMf8IvKYsj=I0O##^~wrSsWEF+>f(#9*eG#!CPO)cQ46{8u*V))|)ggdre% + #include + #include ++#include + #include + #include + #include +@@ -708,6 +709,9 @@ int pkcs12_main(int argc, char **argv) + } + + if (maciter != -1) { ++ if (EVP_default_properties_is_fips_enabled(NULL)) ++ pbmac1_pbkdf2 = 1; ++ + if (pbmac1_pbkdf2 == 1) { + if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, + macsaltlen, maciter, diff --git a/base/openssl3/0126-pkeyutl-encap.patch b/base/openssl3/0126-pkeyutl-encap.patch new file mode 100644 index 0000000..8f82cce --- /dev/null +++ b/base/openssl3/0126-pkeyutl-encap.patch @@ -0,0 +1,430 @@ +From 77a0eabe15b9c8c0fb5fde27f6ce1c593c278e20 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Wed, 7 Aug 2024 17:17:18 +0200 +Subject: [PATCH 1/3] Support of en/decapsulation in the pkeyutl command + +--- + apps/pkeyutl.c | 83 +++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 69 insertions(+), 14 deletions(-) + +diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c +index b5390c64c2a81..a14ad88217823 100644 +--- a/apps/pkeyutl.c ++++ b/apps/pkeyutl.c +@@ -24,7 +24,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, + const char *keyfile, int keyform, int key_type, + char *passinarg, int pkey_op, ENGINE *e, + const int impl, int rawin, EVP_PKEY **ppkey, +- EVP_MD_CTX *mctx, const char *digestname, ++ EVP_MD_CTX *mctx, const char *digestname, const char *kemop, + OSSL_LIB_CTX *libctx, const char *propq); + + static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, +@@ -32,7 +32,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, + + static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, + unsigned char *out, size_t *poutlen, +- const unsigned char *in, size_t inlen); ++ const unsigned char *in, size_t inlen, ++ unsigned char *secret, size_t *psecretlen); + + static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, + EVP_PKEY *pkey, BIO *in, +@@ -47,6 +48,7 @@ typedef enum OPTION_choice { + OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, + OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, + OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, ++ OPT_DECAP, OPT_ENCAP, OPT_SECOUT, OPT_KEMOP, + OPT_CONFIG, + OPT_RAWIN, OPT_DIGEST + } OPTION_CHOICE; +@@ -64,6 +66,8 @@ const OPTIONS pkeyutl_options[] = { + {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, + {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, + {"derive", OPT_DERIVE, '-', "Derive shared secret"}, ++ {"decap", OPT_DECAP, '-', "Decapsulate shared secret"}, ++ {"encap", OPT_ENCAP, '-', "Encapsulate shared secret"}, + OPT_CONFIG_OPTION, + + OPT_SECTION("Input"), +@@ -81,12 +85,13 @@ const OPTIONS pkeyutl_options[] = { + + OPT_SECTION("Output"), + {"out", OPT_OUT, '>', "Output file - default stdout"}, ++ {"secret", OPT_SECOUT, '>', "File to store secret on encapsulation"}, + {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, + {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, + {"verifyrecover", OPT_VERIFYRECOVER, '-', + "Verify with public key, recover original data"}, + +- OPT_SECTION("Signing/Derivation"), ++ OPT_SECTION("Signing/Derivation/Encapsulation"), + {"digest", OPT_DIGEST, 's', + "Specify the digest algorithm when signing the raw input data"}, + {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, +@@ -94,6 +99,7 @@ const OPTIONS pkeyutl_options[] = { + "Public key option that is read as a passphrase argument opt:passphrase"}, + {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, + {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, ++ {"kemop", OPT_KEMOP, 's', "KEM operation specific to the key algorithm"}, + + OPT_R_OPTIONS, + OPT_PROV_OPTIONS, +@@ -103,23 +109,23 @@ const OPTIONS pkeyutl_options[] = { + int pkeyutl_main(int argc, char **argv) + { + CONF *conf = NULL; +- BIO *in = NULL, *out = NULL; ++ BIO *in = NULL, *out = NULL, *secout = NULL; + ENGINE *e = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; +- char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL; ++ char *infile = NULL, *outfile = NULL, *secoutfile = NULL, *sigfile = NULL, *passinarg = NULL; + char hexdump = 0, asn1parse = 0, rev = 0, *prog; +- unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; ++ unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL; + OPTION_CHOICE o; + int buf_inlen = 0, siglen = -1; + int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF; + int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; + int engine_impl = 0; + int ret = 1, rv = -1; +- size_t buf_outlen; ++ size_t buf_outlen = 0, secretlen = 0; + const char *inkey = NULL; + const char *peerkey = NULL; +- const char *kdfalg = NULL, *digestname = NULL; ++ const char *kdfalg = NULL, *digestname = NULL, *kemop = NULL; + int kdflen = 0; + STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; + STACK_OF(OPENSSL_STRING) *pkeyopts_passin = NULL; +@@ -147,6 +153,9 @@ int pkeyutl_main(int argc, char **argv) + case OPT_OUT: + outfile = opt_arg(); + break; ++ case OPT_SECOUT: ++ secoutfile = opt_arg(); ++ break; + case OPT_SIGFILE: + sigfile = opt_arg(); + break; +@@ -216,6 +225,15 @@ int pkeyutl_main(int argc, char **argv) + case OPT_DERIVE: + pkey_op = EVP_PKEY_OP_DERIVE; + break; ++ case OPT_DECAP: ++ pkey_op = EVP_PKEY_OP_DECAPSULATE; ++ break; ++ case OPT_ENCAP: ++ pkey_op = EVP_PKEY_OP_ENCAPSULATE; ++ break; ++ case OPT_KEMOP: ++ kemop = opt_arg(); ++ break; + case OPT_KDF: + pkey_op = EVP_PKEY_OP_DERIVE; + key_type = KEY_NONE; +@@ -303,7 +321,7 @@ int pkeyutl_main(int argc, char **argv) + } + ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, + passinarg, pkey_op, e, engine_impl, rawin, &pkey, +- mctx, digestname, libctx, app_get0_propq()); ++ mctx, digestname, kemop, libctx, app_get0_propq()); + if (ctx == NULL) { + BIO_printf(bio_err, "%s: Error initializing context\n", prog); + goto end; +@@ -387,7 +405,7 @@ int pkeyutl_main(int argc, char **argv) + goto end; + } + +- if (pkey_op != EVP_PKEY_OP_DERIVE) { ++ if (pkey_op != EVP_PKEY_OP_DERIVE && pkey_op != EVP_PKEY_OP_ENCAPSULATE) { + in = bio_open_default(infile, 'r', FORMAT_BINARY); + if (infile != NULL) { + struct stat st; +@@ -402,6 +420,16 @@ int pkeyutl_main(int argc, char **argv) + if (out == NULL) + goto end; + ++ if (pkey_op == EVP_PKEY_OP_ENCAPSULATE) { ++ if (secoutfile == NULL) { ++ BIO_printf(bio_err, "Encapsulation requires '-secret' argument\n"); ++ goto end; ++ } ++ secout = bio_open_default(secoutfile, 'w', FORMAT_BINARY); ++ if (secout == NULL) ++ goto end; ++ } ++ + if (sigfile != NULL) { + BIO *sigbio = BIO_new_file(sigfile, "rb"); + +@@ -473,13 +501,15 @@ int pkeyutl_main(int argc, char **argv) + rv = 1; + } else { + rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, +- buf_in, (size_t)buf_inlen); ++ buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen); + } + if (rv > 0 && buf_outlen != 0) { + buf_out = app_malloc(buf_outlen, "buffer output"); ++ if (secretlen > 0) ++ secret = app_malloc(secretlen, "secret output"); + rv = do_keyop(ctx, pkey_op, + buf_out, (size_t *)&buf_outlen, +- buf_in, (size_t)buf_inlen); ++ buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen); + } + } + if (rv <= 0) { +@@ -500,6 +530,8 @@ int pkeyutl_main(int argc, char **argv) + } else { + BIO_write(out, buf_out, buf_outlen); + } ++ if (secretlen > 0) ++ BIO_write(secout, secret, secretlen); + + end: + if (ret != 0) +@@ -510,9 +542,11 @@ int pkeyutl_main(int argc, char **argv) + release_engine(e); + BIO_free(in); + BIO_free_all(out); ++ BIO_free_all(secout); + OPENSSL_free(buf_in); + OPENSSL_free(buf_out); + OPENSSL_free(sig); ++ OPENSSL_free(secret); + sk_OPENSSL_STRING_free(pkeyopts); + sk_OPENSSL_STRING_free(pkeyopts_passin); + NCONF_free(conf); +@@ -524,7 +558,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, + char *passinarg, int pkey_op, ENGINE *e, + const int engine_impl, int rawin, + EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname, +- OSSL_LIB_CTX *libctx, const char *propq) ++ const char *kemop, OSSL_LIB_CTX *libctx, const char *propq) + { + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; +@@ -642,6 +676,18 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, + case EVP_PKEY_OP_DERIVE: + rv = EVP_PKEY_derive_init(ctx); + break; ++ ++ case EVP_PKEY_OP_ENCAPSULATE: ++ rv = EVP_PKEY_encapsulate_init(ctx, NULL); ++ if (rv > 0 && kemop != NULL) ++ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop); ++ break; ++ ++ case EVP_PKEY_OP_DECAPSULATE: ++ rv = EVP_PKEY_decapsulate_init(ctx, NULL); ++ if (rv > 0 && kemop != NULL) ++ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop); ++ break; + } + } + +@@ -679,7 +725,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, + + static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, + unsigned char *out, size_t *poutlen, +- const unsigned char *in, size_t inlen) ++ const unsigned char *in, size_t inlen, ++ unsigned char *secret, size_t *pseclen) + { + int rv = 0; + switch (pkey_op) { +@@ -703,6 +750,14 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, + rv = EVP_PKEY_derive(ctx, out, poutlen); + break; + ++ case EVP_PKEY_OP_ENCAPSULATE: ++ rv = EVP_PKEY_encapsulate(ctx, out, poutlen, secret, pseclen); ++ break; ++ ++ case EVP_PKEY_OP_DECAPSULATE: ++ rv = EVP_PKEY_decapsulate(ctx, out, poutlen, in, inlen); ++ break; ++ + } + return rv; + } + +From 1598da873df55887c2d878549f74b7aaed6d5fde Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Wed, 7 Aug 2024 17:50:51 +0200 +Subject: [PATCH 2/3] Encap/decap in pkeyutl - documentation + +--- + doc/man1/openssl-pkeyutl.pod.in | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in +index 50c2030aa353c..9de50dd6cee8f 100644 +--- a/doc/man1/openssl-pkeyutl.pod.in ++++ b/doc/man1/openssl-pkeyutl.pod.in +@@ -13,6 +13,7 @@ B B + [B<-rawin>] + [B<-digest> I] + [B<-out> I] ++[B<-secret> I] + [B<-sigfile> I] + [B<-inkey> I|I] + [B<-keyform> B|B|B|B] +@@ -28,8 +29,11 @@ B B + [B<-encrypt>] + [B<-decrypt>] + [B<-derive>] ++[B<-encap>] ++[B<-decap>] + [B<-kdf> I] + [B<-kdflen> I] ++[B<-kemop> I] + [B<-pkeyopt> I:I] + [B<-pkeyopt_passin> I[:I]] + [B<-hexdump>] +@@ -79,6 +83,10 @@ then the B<-rawin> option must be also specified. + Specifies the output filename to write to or standard output by + default. + ++=item B<-secret> I ++ ++Specifies the output filename to write the secret to on I<-encap>. ++ + =item B<-sigfile> I + + Signature file, required for B<-verify> operations only +@@ -147,6 +155,31 @@ Decrypt the input data using a private key. + + Derive a shared secret using the peer key. + ++=item B<-encap> ++ ++Encapsulate a generated secret using a private key. ++The encapsulated result (binary data) is written to standard output by default, ++or else to the file specified with I<-out>. ++The I<-secret> option must also be provided to specify the output file for the ++secret value generated in the encapsulation process. ++ ++=item B<-decap> ++ ++Decapsulate the secret using a private key. ++The result (binary data) is written to standard output by default, or else to ++the file specified with I<-out>. ++ ++=item B<-kemop> I ++ ++This option is used for I<-encap>/I<-decap> commands and specifies the KEM ++operation specific for the key algorithm when there is no default KEM ++operation. ++If the algorithm has the default KEM operation, this option can be omitted. ++ ++See L and algorithm-specific KEM documentation e.g. ++L, L, L, and ++L. ++ + =item B<-kdf> I + + Use key derivation function I. The supported algorithms are + +From 1fe7d5b3d96e2ce1e822a4e6e042959af55b0145 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 8 Aug 2024 13:45:19 +0200 +Subject: [PATCH 3/3] Encap/decap in pkeyutl - tests + +--- + test/decap_out.bin | 3 +++ + test/encap_out.bin | 4 ++++ + test/encap_secret.bin | 3 +++ + test/recipes/20-test_pkeyutl.t | 34 ++++++++++++++++++++++++++++++++-- + 4 files changed, 42 insertions(+), 2 deletions(-) + create mode 100644 test/decap_out.bin + create mode 100644 test/encap_out.bin + create mode 100644 test/encap_secret.bin + +diff --git a/test/decap_out.bin b/test/decap_out.bin +new file mode 100644 +index 0000000000000..b94441ed1c002 +--- /dev/null ++++ b/test/decap_out.bin +@@ -0,0 +1,3 @@ ++6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ] :\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË ÊýJÝ)ïþÜì {ªHm‚\P ú+¸PÞ¸%èÄ/jÏ™%ç؆È<_æ~– ++K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê ×È-g,AYœ‹4 ++lÚtÚN­)~\HU4y០}qJŸ€ ”t# ¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£® +\ No newline at end of file +diff --git a/test/encap_out.bin b/test/encap_out.bin +new file mode 100644 +index 0000000000000..024fc40550f15 +--- /dev/null ++++ b/test/encap_out.bin +@@ -0,0 +1,4 @@ ++¼:÷Ùy‚ĉ5°ã ÿÙ[Û2ê<¾ê?«î±qÕª1·µŒ¸ºæÝ>YÎM寬3PÝ ++ìÛO’2rÈÙŠíùAd" Gç„m‡2mÏÄ7x•Ñhú7-ÿ@:?NµÇrSê‹œKÁ¡žè`«t¥ÉŸªÓxié头' Mhøñ‘˜3rÞÚƒ–Sd¦ðO±£ãHT„F§þ ++®‹kZ'xšFÛKùx”q"ÐÒúl@04E‰†ÌûŽ;c¾iA}U÷ÆŒ P6ýk0–‰ó%DôòLÄ.U– aO¨(LIý®QÇç¢ÏA ++Œ[´uÔžØ4s$¨†Ò%tÕB +\ No newline at end of file +diff --git a/test/encap_secret.bin b/test/encap_secret.bin +new file mode 100644 +index 0000000000000..b94441ed1c002 +--- /dev/null ++++ b/test/encap_secret.bin +@@ -0,0 +1,3 @@ ++6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ] :\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË ÊýJÝ)ïþÜì {ªHm‚\P ú+¸PÞ¸%èÄ/jÏ™%ç؆È<_æ~– ++K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê ×È-g,AYœ‹4 ++lÚtÚN­)~\HU4y០}qJŸ€ ”t# ¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£® +\ No newline at end of file +diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t +index 76e4f0a869459..e9472a21352e2 100644 +--- a/test/recipes/20-test_pkeyutl.t ++++ b/test/recipes/20-test_pkeyutl.t +@@ -13,11 +13,11 @@ use File::Spec; + use File::Basename; + use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; + use OpenSSL::Test::Utils; +-use File::Compare qw/compare_text/; ++use File::Compare qw/compare_text compare/; + + setup("test_pkeyutl"); + +-plan tests => 14; ++plan tests => 19; + + # For the tests below we use the cert itself as the TBS file + +@@ -200,3 +200,33 @@ SKIP: { + "-rawin"); + }; + } ++ ++#Encap/decap tests ++# openssl pkeyutl -encap -pubin -inkey rsa_pub.pem -secret secret.bin -out encap_out.bin ++# openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin ++# decap_out is equal to secret ++SKIP: { ++ skip "RSA is not supported by this OpenSSL build", 3 ++ if disabled("rsa"); ++ ++ # Self-compat ++ ok(run(app(([ 'openssl', 'pkeyutl', '-encap', '-pubin', '-kemop', 'RSASVE', ++ '-inkey', srctop_file('test', 'testrsa2048pub.pem'), ++ '-out', 'encap_out.bin', '-secret', 'secret.bin']))), ++ "RSA pubkey encapsulation"); ++ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', ++ '-inkey', srctop_file('test', 'testrsa2048.pem'), ++ '-in', 'encap_out.bin', '-out', 'decap_out.bin']))), ++ "RSA pubkey decapsulation"); ++ is(compare("secret.bin", "decap_out.bin"), 0, "Secret is correctly decapsulated"); ++ ++ # Pregenerated ++ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', ++ '-inkey', srctop_file('test', 'testrsa2048.pem'), ++ '-in', srctop_file('test', 'encap_out.bin'), '-out', 'decap_out_etl.bin']))), ++ "RSA pubkey decapsulation - pregenerated"); ++ ++ is(compare(srctop_file('test', 'encap_secret.bin'), "decap_out_etl.bin"), 0, ++ "Secret is correctly decapsulated - pregenerated"); ++} ++ diff --git a/base/openssl3/0127-speedup-SSL_add_cert_subjects_to_stack.patch b/base/openssl3/0127-speedup-SSL_add_cert_subjects_to_stack.patch new file mode 100644 index 0000000..a6bd503 --- /dev/null +++ b/base/openssl3/0127-speedup-SSL_add_cert_subjects_to_stack.patch @@ -0,0 +1,201 @@ +From e2e469593a15681983d16e36d856bf8fb7de8589 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 31 Jul 2024 12:45:11 +0200 +Subject: [PATCH] Speed up SSL_add_{file,dir}_cert_subjects_to_stack +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The X509_NAME comparison function converts its arguments to DER using +i2d_X509_NAME before comparing the results using memcmp(). For every +invocation of the comparison function (of which there are many when +loading many certificates), it allocates two buffers of the appropriate +size for the DER encoding. + +Switching to static buffers (possibly of X509_NAME_MAX size as defined +in crypto/x509/x_name.c) would not work with multithreaded use, e.g., +when two threads sort two separate STACK_OF(X509_NAME)s at the same +time. A suitable re-usable buffer could have been added to the +STACK_OF(X509_NAME) if sk_X509_NAME_compfunc did have a void* argument, +or a pointer to the STACK_OF(X509_NAME) – but it does not. + +Instead, copy the solution chosen in SSL_load_client_CA_file() by +filling an LHASH_OF(X509_NAME) with all existing names in the stack and +using that to deduplicate, rather than relying on sk_X509_NAME_find(), +which ends up being very slow. + +Adjust SSL_add_dir_cert_subjects_to_stack() to keep a local +LHASH_OF(X509_NAME)s over the complete directory it is processing. + +In a small benchmark that calls SSL_add_dir_cert_subjects_to_stack() +twice, once on a directory with one entry, and once with a directory +with 1000 certificates, and repeats this in a loop 10 times, this change +yields a speed-up of 5.32: + +| Benchmark 1: ./bench 10 dir-1 dir-1000 +| Time (mean ± σ): 6.685 s ± 0.017 s [User: 6.402 s, System: 0.231 s] +| Range (min … max): 6.658 s … 6.711 s 10 runs +| +| Benchmark 2: LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 +| Time (mean ± σ): 1.256 s ± 0.013 s [User: 1.034 s, System: 0.212 s] +| Range (min … max): 1.244 s … 1.286 s 10 runs +| +| Summary +| LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 ran +| 5.32 ± 0.06 times faster than ./bench 10 dir-1 dir-1000 + +In the worst case scenario where many entries are added to a stack that +is then repeatedly used to add more certificates, and with a larger test +size, the speedup is still very significant. With 15000 certificates, +a single pass to load them, followed by attempting to load a subset of +1000 of these 15000 certificates, followed by a single certificate, the +new approach is ~85 times faster: + +| Benchmark 1: ./bench 1 dir-15000 dir-1000 dir-1 +| Time (mean ± σ): 176.295 s ± 4.147 s [User: 174.593 s, System: 0.448 s] +| Range (min … max): 173.774 s … 185.594 s 10 runs +| +| Benchmark 2: LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 +| Time (mean ± σ): 2.087 s ± 0.034 s [User: 1.679 s, System: 0.393 s] +| Range (min … max): 2.057 s … 2.167 s 10 runs +| +| Summary +| LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 ran +| 84.48 ± 2.42 times faster than ./bench 1 dir-15000 dir-1000 dir-1 + +Signed-off-by: Clemens Lang +--- + ssl/ssl_cert.c | 74 ++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 65 insertions(+), 9 deletions(-) + +diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c +index 0ff407bf55edc..5e5ffe39d0655 100644 +--- a/ssl/ssl_cert.c ++++ b/ssl/ssl_cert.c +@@ -813,16 +813,14 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) + return SSL_load_client_CA_file_ex(file, NULL, NULL); + } + +-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +- const char *file) ++static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ++ const char *file, ++ LHASH_OF(X509_NAME) *name_hash) + { + BIO *in; + X509 *x = NULL; + X509_NAME *xn = NULL; + int ret = 1; +- int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); +- +- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); + + in = BIO_new(BIO_s_file()); + +@@ -842,12 +840,15 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + xn = X509_NAME_dup(xn); + if (xn == NULL) + goto err; +- if (sk_X509_NAME_find(stack, xn) >= 0) { ++ if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) { + /* Duplicate. */ + X509_NAME_free(xn); + } else if (!sk_X509_NAME_push(stack, xn)) { + X509_NAME_free(xn); + goto err; ++ } else { ++ /* Successful insert, add to hash table */ ++ lh_X509_NAME_insert(name_hash, xn); + } + } + +@@ -859,7 +860,42 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + done: + BIO_free(in); + X509_free(x); +- (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); ++ return ret; ++} ++ ++int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ++ const char *file) ++{ ++ X509_NAME *xn = NULL; ++ int ret = 1; ++ int idx = 0; ++ int num = 0; ++ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); ++ ++ if (name_hash == NULL) { ++ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); ++ goto err; ++ } ++ ++ /* ++ * Pre-populate the lhash with the existing entries of the stack, since ++ * using the LHASH_OF is much faster for duplicate checking. That's because ++ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation ++ * for every single invocation of the comparison function. ++ */ ++ num = sk_X509_NAME_num(stack); ++ for (idx = 0; idx < num; idx++) { ++ xn = sk_X509_NAME_value(stack, idx); ++ lh_X509_NAME_insert(name_hash, xn); ++ } ++ ++ ret = add_file_cert_subjects_to_stack(stack, file, name_hash); ++ goto done; ++ ++ err: ++ ret = 0; ++ done: ++ lh_X509_NAME_free(name_hash); + return ret; + } + +@@ -869,8 +905,27 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + OPENSSL_DIR_CTX *d = NULL; + const char *filename; + int ret = 0; ++ X509_NAME *xn = NULL; ++ int idx = 0; ++ int num = 0; ++ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); ++ ++ if (name_hash == NULL) { ++ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); ++ goto err; ++ } + +- /* Note that a side effect is that the CAs will be sorted by name */ ++ /* ++ * Pre-populate the lhash with the existing entries of the stack, since ++ * using the LHASH_OF is much faster for duplicate checking. That's because ++ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation ++ * for every single invocation of the comparison function. ++ */ ++ num = sk_X509_NAME_num(stack); ++ for (idx = 0; idx < num; idx++) { ++ xn = sk_X509_NAME_value(stack, idx); ++ lh_X509_NAME_insert(name_hash, xn); ++ } + + while ((filename = OPENSSL_DIR_read(&d, dir))) { + char buf[1024]; +@@ -899,7 +954,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + #endif + if (r <= 0 || r >= (int)sizeof(buf)) + goto err; +- if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) ++ if (!add_file_cert_subjects_to_stack(stack, buf, name_hash)) + goto err; + } + +@@ -915,6 +970,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + err: + if (d) + OPENSSL_DIR_end(&d); ++ lh_X509_NAME_free(name_hash); + + return ret; + } diff --git a/base/openssl3/0128-SAST-findings.patch b/base/openssl3/0128-SAST-findings.patch new file mode 100644 index 0000000..77cb8e9 --- /dev/null +++ b/base/openssl3/0128-SAST-findings.patch @@ -0,0 +1,24 @@ +diff -up openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx openssl-3.2.2/crypto/rsa/rsa_oaep.c +--- openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx 2024-08-14 14:22:48.733407808 +0200 ++++ openssl-3.2.2/crypto/rsa/rsa_oaep.c 2024-08-14 14:23:32.994483135 +0200 +@@ -233,7 +233,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(un + + mdlen = EVP_MD_get_size(md); + +- if (tlen <= 0 || flen <= 0) ++ if (tlen <= 0 || flen <= 0 || mdlen <= 0) + return -1; + /* + * |num| is the length of the modulus; |flen| is the length of the +diff -up openssl-3.2.2/crypto/x509/pcy_tree.c.xxx openssl-3.2.2/crypto/x509/pcy_tree.c +--- openssl-3.2.2/crypto/x509/pcy_tree.c.xxx 2024-08-14 14:14:13.144850097 +0200 ++++ openssl-3.2.2/crypto/x509/pcy_tree.c 2024-08-14 14:14:53.213826481 +0200 +@@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + + *ptree = NULL; + ++ if (n < 0) ++ return X509_PCY_TREE_INTERNAL; + /* Can't do anything with just a trust anchor */ + if (n == 0) + return X509_PCY_TREE_EMPTY; diff --git a/base/openssl3/0129-Fix-SSL_select_next_proto.patch b/base/openssl3/0129-Fix-SSL_select_next_proto.patch new file mode 100644 index 0000000..6458067 --- /dev/null +++ b/base/openssl3/0129-Fix-SSL_select_next_proto.patch @@ -0,0 +1,109 @@ +From 99fb785a5f85315b95288921a321a935ea29a51e Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 11:14:33 +0100 +Subject: [PATCH 01/10] Fix SSL_select_next_proto + +Ensure that the provided client list is non-NULL and starts with a valid +entry. When called from the ALPN callback the client list should already +have been validated by OpenSSL so this should not cause a problem. When +called from the NPN callback the client list is locally configured and +will not have already been validated. Therefore SSL_select_next_proto +should not assume that it is correctly formatted. + +We implement stricter checking of the client protocol list. We also do the +same for the server list while we are about it. + +CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++------------------- + 1 file changed, 40 insertions(+), 23 deletions(-) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 016135fe18..cf52b317cf 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3518,37 +3518,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) + { +- unsigned int i, j; +- const unsigned char *result; +- int status = OPENSSL_NPN_UNSUPPORTED; ++ PACKET cpkt, csubpkt, spkt, ssubpkt; ++ ++ if (!PACKET_buf_init(&cpkt, client, client_len) ++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) ++ || PACKET_remaining(&csubpkt) == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return OPENSSL_NPN_NO_OVERLAP; ++ } ++ ++ /* ++ * Set the default opportunistic protocol. Will be overwritten if we find ++ * a match. ++ */ ++ *out = (unsigned char *)PACKET_data(&csubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&csubpkt); + + /* + * For each protocol in server preference order, see if we support it. + */ +- for (i = 0; i < server_len;) { +- for (j = 0; j < client_len;) { +- if (server[i] == client[j] && +- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { +- /* We found a match */ +- result = &server[i]; +- status = OPENSSL_NPN_NEGOTIATED; +- goto found; ++ if (PACKET_buf_init(&spkt, server, server_len)) { ++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { ++ if (PACKET_remaining(&ssubpkt) == 0) ++ continue; /* Invalid - ignore it */ ++ if (PACKET_buf_init(&cpkt, client, client_len)) { ++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { ++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), ++ PACKET_remaining(&ssubpkt))) { ++ /* We found a match */ ++ *out = (unsigned char *)PACKET_data(&ssubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); ++ return OPENSSL_NPN_NEGOTIATED; ++ } ++ } ++ /* Ignore spurious trailing bytes in the client list */ ++ } else { ++ /* This should never happen */ ++ return OPENSSL_NPN_NO_OVERLAP; + } +- j += client[j]; +- j++; + } +- i += server[i]; +- i++; ++ /* Ignore spurious trailing bytes in the server list */ + } + +- /* There's no overlap between our protocols and the server's list. */ +- result = client; +- status = OPENSSL_NPN_NO_OVERLAP; +- +- found: +- *out = (unsigned char *)result + 1; +- *outlen = result[0]; +- return status; ++ /* ++ * There's no overlap between our protocols and the server's list. We use ++ * the default opportunistic protocol selected earlier ++ */ ++ return OPENSSL_NPN_NO_OVERLAP; + } + + #ifndef OPENSSL_NO_NEXTPROTONEG +-- +2.46.0 + diff --git a/base/openssl3/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch b/base/openssl3/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch new file mode 100644 index 0000000..29d22c6 --- /dev/null +++ b/base/openssl3/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch @@ -0,0 +1,39 @@ +From 015255851371757d54c2560643eb3b3a88123cf1 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 11:18:27 +0100 +Subject: [PATCH 02/10] More correctly handle a selected_len of 0 when + processing NPN + +In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but +the selected_len is 0 we should fail. Previously this would fail with an +internal_error alert because calling OPENSSL_malloc(selected_len) will +return NULL when selected_len is 0. We make this error detection more +explicit and return a handshake failure alert. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + ssl/statem/extensions_clnt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c +index 381a6c9d7b..1ab3c13d57 100644 +--- a/ssl/statem/extensions_clnt.c ++++ b/ssl/statem/extensions_clnt.c +@@ -1560,8 +1560,8 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), + &selected, &selected_len, + PACKET_data(pkt), PACKET_remaining(pkt), +- sctx->ext.npn_select_cb_arg) != +- SSL_TLSEXT_ERR_OK) { ++ sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK ++ || selected_len == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); + return 0; + } +-- +2.46.0 + diff --git a/base/openssl3/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch b/base/openssl3/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch new file mode 100644 index 0000000..028732f --- /dev/null +++ b/base/openssl3/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch @@ -0,0 +1,34 @@ +From 6cc511826f09e513b4ec066d9b95acaf4f86d991 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 11:22:13 +0100 +Subject: [PATCH 03/10] Use correctly formatted ALPN data in tserver + +The QUIC test server was using incorrectly formatted ALPN data. With the +previous implementation of SSL_select_next_proto this went unnoticed. With +the new stricter implemenation it was failing. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + ssl/quic/quic_tserver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c +index 86187d06ff..15694e723f 100644 +--- a/ssl/quic/quic_tserver.c ++++ b/ssl/quic/quic_tserver.c +@@ -58,7 +58,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out, + + if (srv->args.alpn == NULL) { + alpn = alpndeflt; +- alpnlen = sizeof(alpn); ++ alpnlen = sizeof(alpndeflt); + } else { + alpn = srv->args.alpn; + alpnlen = srv->args.alpnlen; +-- +2.46.0 + diff --git a/base/openssl3/0132-Clarify-the-SSL_select_next_proto-documentation.patch b/base/openssl3/0132-Clarify-the-SSL_select_next_proto-documentation.patch new file mode 100644 index 0000000..34e6261 --- /dev/null +++ b/base/openssl3/0132-Clarify-the-SSL_select_next_proto-documentation.patch @@ -0,0 +1,78 @@ +From 8e81c57adbbf703dfb63955f65599765fdacc741 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 11:46:38 +0100 +Subject: [PATCH 04/10] Clarify the SSL_select_next_proto() documentation + +We clarify the input preconditions and the expected behaviour in the event +of no overlap. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod +index 05fee2fbec..79e1a252f6 100644 +--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod ++++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod +@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated + SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to + set the list of protocols available to be negotiated. The B must be in + protocol-list format, described below. The length of B is specified in +-B. ++B. Setting B to 0 clears any existing list of ALPN ++protocols and no ALPN extension will be sent to the server. + + SSL_CTX_set_alpn_select_cb() sets the application callback B used by a + server to select which protocol to use for the incoming connection. When B +@@ -73,9 +74,16 @@ B and B, B must be in the protocol-list format + described below. The first item in the B, B list that + matches an item in the B, B list is selected, and returned + in B, B. The B value will point into either B or +-B, so it should be copied immediately. If no match is found, the first +-item in B, B is returned in B, B. This +-function can also be used in the NPN callback. ++B, so it should be copied immediately. The client list must include at ++least one valid (nonempty) protocol entry in the list. ++ ++The SSL_select_next_proto() helper function can be useful from either the ALPN ++callback or the NPN callback (described below). If no match is found, the first ++item in B, B is returned in B, B and ++B is returned. This can be useful when implementating ++the NPN callback. In the ALPN case, the value returned in B and B ++must be ignored if B has been returned from ++SSL_select_next_proto(). + + SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a + client needs to select a protocol from the server's provided list, and a +@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B). + The length of the protocol name must be written into B. The + server's advertised protocols are provided in B and B. The + callback can assume that B is syntactically valid. The client must +-select a protocol. It is fatal to the connection if this callback returns +-a value other than B. The B parameter is the pointer +-set via SSL_CTX_set_next_proto_select_cb(). ++select a protocol (although it may be an empty, zero length protocol). It is ++fatal to the connection if this callback returns a value other than ++B or if the zero length protocol is selected. The B ++parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). + + SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called + when a TLS server needs a list of supported protocols for Next Protocol +@@ -154,7 +163,8 @@ A match was found and is returned in B, B. + =item OPENSSL_NPN_NO_OVERLAP + + No match was found. The first item in B, B is returned in +-B, B. ++B, B (or B and 0 in the case where the first entry in ++B is invalid). + + =back + +-- +2.46.0 + diff --git a/base/openssl3/0133-Add-a-test-for-SSL_select_next_proto.patch b/base/openssl3/0133-Add-a-test-for-SSL_select_next_proto.patch new file mode 100644 index 0000000..ccf1577 --- /dev/null +++ b/base/openssl3/0133-Add-a-test-for-SSL_select_next_proto.patch @@ -0,0 +1,172 @@ +From add5c52a25c549cec4a730cdf96e2252f0a1862d Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 16:35:16 +0100 +Subject: [PATCH 05/10] Add a test for SSL_select_next_proto + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + test/sslapitest.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 137 insertions(+) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index ce163322cd..15cb9060cb 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -11741,6 +11741,142 @@ static int test_multi_resume(int idx) + return testresult; + } + ++static struct next_proto_st { ++ int serverlen; ++ unsigned char server[40]; ++ int clientlen; ++ unsigned char client[40]; ++ int expected_ret; ++ size_t selectedlen; ++ unsigned char selected[40]; ++} next_proto_tests[] = { ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, ++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, ++ OPENSSL_NPN_NEGOTIATED, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'b', 'c', 'd' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 0, { 0 }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ -1, { 0 }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 0, { 0 }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ -1, { 0 }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ }, ++ { ++ 3, { 3, 'a', 'b', 'c' }, ++ 4, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 3, { 'a', 'b', 'c' } ++ }, ++ { ++ 4, { 3, 'a', 'b', 'c' }, ++ 3, { 3, 'a', 'b', 'c' }, ++ OPENSSL_NPN_NO_OVERLAP, ++ 0, { 0 } ++ } ++}; ++ ++static int test_select_next_proto(int idx) ++{ ++ struct next_proto_st *np = &next_proto_tests[idx]; ++ int ret = 0; ++ unsigned char *out, *client, *server; ++ unsigned char outlen; ++ unsigned int clientlen, serverlen; ++ ++ if (np->clientlen == -1) { ++ client = NULL; ++ clientlen = 0; ++ } else { ++ client = np->client; ++ clientlen = (unsigned int)np->clientlen; ++ } ++ if (np->serverlen == -1) { ++ server = NULL; ++ serverlen = 0; ++ } else { ++ server = np->server; ++ serverlen = (unsigned int)np->serverlen; ++ } ++ ++ if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, ++ client, clientlen), ++ np->expected_ret)) ++ goto err; ++ ++ if (np->selectedlen == 0) { ++ if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0)) ++ goto err; ++ } else { ++ if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) ++ goto err; ++ } ++ ++ ret = 1; ++ err: ++ return ret; ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") + + int setup_tests(void) +@@ -12053,6 +12189,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_handshake_retry, 16); + ADD_TEST(test_data_retry); + ADD_ALL_TESTS(test_multi_resume, 5); ++ ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); + return 1; + + err: +-- +2.46.0 + diff --git a/base/openssl3/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch b/base/openssl3/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch new file mode 100644 index 0000000..ae383c8 --- /dev/null +++ b/base/openssl3/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch @@ -0,0 +1,1169 @@ +From 7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 4 Jun 2024 15:47:32 +0100 +Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests + +Allow ourselves to configure an empty NPN/ALPN protocol list and test what +happens if we do. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + test/helpers/handshake.c | 6 + + test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++--------------- + test/ssl-tests/08-npn.cnf.in | 35 +++ + test/ssl-tests/09-alpn.cnf | 66 +++- + test/ssl-tests/09-alpn.cnf.in | 33 ++ + 5 files changed, 449 insertions(+), 244 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index e0422469e4..6b1629b942 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -348,6 +348,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) + + len = strlen(protos); + ++ if (len == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return 1; ++ } ++ + /* Should never have reuse. */ + if (!TEST_ptr_null(*out) + /* Test values are small, so we omit length limit checks. */ +diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf +index f38b3f6975..1931d02de4 100644 +--- a/test/ssl-tests/08-npn.cnf ++++ b/test/ssl-tests/08-npn.cnf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 20 ++num_tests = 22 + + test-0 = 0-npn-simple + test-1 = 1-npn-client-finds-match +@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref + test-3 = 3-npn-client-first-pref-on-mismatch + test-4 = 4-npn-no-server-support + test-5 = 5-npn-no-client-support +-test-6 = 6-npn-with-sni-no-context-switch +-test-7 = 7-npn-with-sni-context-switch +-test-8 = 8-npn-selected-sni-server-supports-npn +-test-9 = 9-npn-selected-sni-server-does-not-support-npn +-test-10 = 10-alpn-preferred-over-npn +-test-11 = 11-sni-npn-preferred-over-alpn +-test-12 = 12-npn-simple-resumption +-test-13 = 13-npn-server-switch-resumption +-test-14 = 14-npn-client-switch-resumption +-test-15 = 15-npn-client-first-pref-on-mismatch-resumption +-test-16 = 16-npn-no-server-support-resumption +-test-17 = 17-npn-no-client-support-resumption +-test-18 = 18-alpn-preferred-over-npn-resumption +-test-19 = 19-npn-used-if-alpn-not-supported-resumption ++test-6 = 6-npn-empty-client-list ++test-7 = 7-npn-empty-server-list ++test-8 = 8-npn-with-sni-no-context-switch ++test-9 = 9-npn-with-sni-context-switch ++test-10 = 10-npn-selected-sni-server-supports-npn ++test-11 = 11-npn-selected-sni-server-does-not-support-npn ++test-12 = 12-alpn-preferred-over-npn ++test-13 = 13-sni-npn-preferred-over-alpn ++test-14 = 14-npn-simple-resumption ++test-15 = 15-npn-server-switch-resumption ++test-16 = 16-npn-client-switch-resumption ++test-17 = 17-npn-client-first-pref-on-mismatch-resumption ++test-18 = 18-npn-no-server-support-resumption ++test-19 = 19-npn-no-client-support-resumption ++test-20 = 20-alpn-preferred-over-npn-resumption ++test-21 = 21-npn-used-if-alpn-not-supported-resumption + # =========================================================== + + [0-npn-simple] +@@ -206,253 +208,318 @@ NPNProtocols = foo + + # =========================================================== + +-[6-npn-with-sni-no-context-switch] +-ssl_conf = 6-npn-with-sni-no-context-switch-ssl ++[6-npn-empty-client-list] ++ssl_conf = 6-npn-empty-client-list-ssl + +-[6-npn-with-sni-no-context-switch-ssl] +-server = 6-npn-with-sni-no-context-switch-server +-client = 6-npn-with-sni-no-context-switch-client +-server2 = 6-npn-with-sni-no-context-switch-server2 ++[6-npn-empty-client-list-ssl] ++server = 6-npn-empty-client-list-server ++client = 6-npn-empty-client-list-client + +-[6-npn-with-sni-no-context-switch-server] ++[6-npn-empty-client-list-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[6-npn-with-sni-no-context-switch-server2] ++[6-npn-empty-client-list-client] ++CipherString = DEFAULT ++MaxProtocol = TLSv1.2 ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-6] ++ExpectedClientAlert = HandshakeFailure ++ExpectedResult = ClientFail ++server = 6-npn-empty-client-list-server-extra ++client = 6-npn-empty-client-list-client-extra ++ ++[6-npn-empty-client-list-server-extra] ++NPNProtocols = foo ++ ++[6-npn-empty-client-list-client-extra] ++NPNProtocols = ++ ++ ++# =========================================================== ++ ++[7-npn-empty-server-list] ++ssl_conf = 7-npn-empty-server-list-ssl ++ ++[7-npn-empty-server-list-ssl] ++server = 7-npn-empty-server-list-server ++client = 7-npn-empty-server-list-client ++ ++[7-npn-empty-server-list-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[6-npn-with-sni-no-context-switch-client] ++[7-npn-empty-server-list-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-6] ++[test-7] ++ExpectedNPNProtocol = foo ++server = 7-npn-empty-server-list-server-extra ++client = 7-npn-empty-server-list-client-extra ++ ++[7-npn-empty-server-list-server-extra] ++NPNProtocols = ++ ++[7-npn-empty-server-list-client-extra] ++NPNProtocols = foo ++ ++ ++# =========================================================== ++ ++[8-npn-with-sni-no-context-switch] ++ssl_conf = 8-npn-with-sni-no-context-switch-ssl ++ ++[8-npn-with-sni-no-context-switch-ssl] ++server = 8-npn-with-sni-no-context-switch-server ++client = 8-npn-with-sni-no-context-switch-client ++server2 = 8-npn-with-sni-no-context-switch-server2 ++ ++[8-npn-with-sni-no-context-switch-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[8-npn-with-sni-no-context-switch-server2] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[8-npn-with-sni-no-context-switch-client] ++CipherString = DEFAULT ++MaxProtocol = TLSv1.2 ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-8] + ExpectedNPNProtocol = foo + ExpectedServerName = server1 +-server = 6-npn-with-sni-no-context-switch-server-extra +-server2 = 6-npn-with-sni-no-context-switch-server2-extra +-client = 6-npn-with-sni-no-context-switch-client-extra ++server = 8-npn-with-sni-no-context-switch-server-extra ++server2 = 8-npn-with-sni-no-context-switch-server2-extra ++client = 8-npn-with-sni-no-context-switch-client-extra + +-[6-npn-with-sni-no-context-switch-server-extra] ++[8-npn-with-sni-no-context-switch-server-extra] + NPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[6-npn-with-sni-no-context-switch-server2-extra] ++[8-npn-with-sni-no-context-switch-server2-extra] + NPNProtocols = bar + +-[6-npn-with-sni-no-context-switch-client-extra] ++[8-npn-with-sni-no-context-switch-client-extra] + NPNProtocols = foo,bar + ServerName = server1 + + + # =========================================================== + +-[7-npn-with-sni-context-switch] +-ssl_conf = 7-npn-with-sni-context-switch-ssl ++[9-npn-with-sni-context-switch] ++ssl_conf = 9-npn-with-sni-context-switch-ssl + +-[7-npn-with-sni-context-switch-ssl] +-server = 7-npn-with-sni-context-switch-server +-client = 7-npn-with-sni-context-switch-client +-server2 = 7-npn-with-sni-context-switch-server2 ++[9-npn-with-sni-context-switch-ssl] ++server = 9-npn-with-sni-context-switch-server ++client = 9-npn-with-sni-context-switch-client ++server2 = 9-npn-with-sni-context-switch-server2 + +-[7-npn-with-sni-context-switch-server] ++[9-npn-with-sni-context-switch-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[7-npn-with-sni-context-switch-server2] ++[9-npn-with-sni-context-switch-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[7-npn-with-sni-context-switch-client] ++[9-npn-with-sni-context-switch-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-7] ++[test-9] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 7-npn-with-sni-context-switch-server-extra +-server2 = 7-npn-with-sni-context-switch-server2-extra +-client = 7-npn-with-sni-context-switch-client-extra ++server = 9-npn-with-sni-context-switch-server-extra ++server2 = 9-npn-with-sni-context-switch-server2-extra ++client = 9-npn-with-sni-context-switch-client-extra + +-[7-npn-with-sni-context-switch-server-extra] ++[9-npn-with-sni-context-switch-server-extra] + NPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[7-npn-with-sni-context-switch-server2-extra] ++[9-npn-with-sni-context-switch-server2-extra] + NPNProtocols = bar + +-[7-npn-with-sni-context-switch-client-extra] ++[9-npn-with-sni-context-switch-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[8-npn-selected-sni-server-supports-npn] +-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl ++[10-npn-selected-sni-server-supports-npn] ++ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl + +-[8-npn-selected-sni-server-supports-npn-ssl] +-server = 8-npn-selected-sni-server-supports-npn-server +-client = 8-npn-selected-sni-server-supports-npn-client +-server2 = 8-npn-selected-sni-server-supports-npn-server2 ++[10-npn-selected-sni-server-supports-npn-ssl] ++server = 10-npn-selected-sni-server-supports-npn-server ++client = 10-npn-selected-sni-server-supports-npn-client ++server2 = 10-npn-selected-sni-server-supports-npn-server2 + +-[8-npn-selected-sni-server-supports-npn-server] ++[10-npn-selected-sni-server-supports-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[8-npn-selected-sni-server-supports-npn-server2] ++[10-npn-selected-sni-server-supports-npn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[8-npn-selected-sni-server-supports-npn-client] ++[10-npn-selected-sni-server-supports-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-8] ++[test-10] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 8-npn-selected-sni-server-supports-npn-server-extra +-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +-client = 8-npn-selected-sni-server-supports-npn-client-extra ++server = 10-npn-selected-sni-server-supports-npn-server-extra ++server2 = 10-npn-selected-sni-server-supports-npn-server2-extra ++client = 10-npn-selected-sni-server-supports-npn-client-extra + +-[8-npn-selected-sni-server-supports-npn-server-extra] ++[10-npn-selected-sni-server-supports-npn-server-extra] + ServerNameCallback = IgnoreMismatch + +-[8-npn-selected-sni-server-supports-npn-server2-extra] ++[10-npn-selected-sni-server-supports-npn-server2-extra] + NPNProtocols = bar + +-[8-npn-selected-sni-server-supports-npn-client-extra] ++[10-npn-selected-sni-server-supports-npn-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[9-npn-selected-sni-server-does-not-support-npn] +-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl ++[11-npn-selected-sni-server-does-not-support-npn] ++ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl + +-[9-npn-selected-sni-server-does-not-support-npn-ssl] +-server = 9-npn-selected-sni-server-does-not-support-npn-server +-client = 9-npn-selected-sni-server-does-not-support-npn-client +-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 ++[11-npn-selected-sni-server-does-not-support-npn-ssl] ++server = 11-npn-selected-sni-server-does-not-support-npn-server ++client = 11-npn-selected-sni-server-does-not-support-npn-client ++server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 + +-[9-npn-selected-sni-server-does-not-support-npn-server] ++[11-npn-selected-sni-server-does-not-support-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[9-npn-selected-sni-server-does-not-support-npn-server2] ++[11-npn-selected-sni-server-does-not-support-npn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[9-npn-selected-sni-server-does-not-support-npn-client] ++[11-npn-selected-sni-server-does-not-support-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-9] ++[test-11] + ExpectedServerName = server2 +-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra ++server = 11-npn-selected-sni-server-does-not-support-npn-server-extra ++client = 11-npn-selected-sni-server-does-not-support-npn-client-extra + +-[9-npn-selected-sni-server-does-not-support-npn-server-extra] ++[11-npn-selected-sni-server-does-not-support-npn-server-extra] + NPNProtocols = bar + ServerNameCallback = IgnoreMismatch + +-[9-npn-selected-sni-server-does-not-support-npn-client-extra] ++[11-npn-selected-sni-server-does-not-support-npn-client-extra] + NPNProtocols = foo,bar + ServerName = server2 + + + # =========================================================== + +-[10-alpn-preferred-over-npn] +-ssl_conf = 10-alpn-preferred-over-npn-ssl ++[12-alpn-preferred-over-npn] ++ssl_conf = 12-alpn-preferred-over-npn-ssl + +-[10-alpn-preferred-over-npn-ssl] +-server = 10-alpn-preferred-over-npn-server +-client = 10-alpn-preferred-over-npn-client ++[12-alpn-preferred-over-npn-ssl] ++server = 12-alpn-preferred-over-npn-server ++client = 12-alpn-preferred-over-npn-client + +-[10-alpn-preferred-over-npn-server] ++[12-alpn-preferred-over-npn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[10-alpn-preferred-over-npn-client] ++[12-alpn-preferred-over-npn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-10] ++[test-12] + ExpectedALPNProtocol = foo +-server = 10-alpn-preferred-over-npn-server-extra +-client = 10-alpn-preferred-over-npn-client-extra ++server = 12-alpn-preferred-over-npn-server-extra ++client = 12-alpn-preferred-over-npn-client-extra + +-[10-alpn-preferred-over-npn-server-extra] ++[12-alpn-preferred-over-npn-server-extra] + ALPNProtocols = foo + NPNProtocols = bar + +-[10-alpn-preferred-over-npn-client-extra] ++[12-alpn-preferred-over-npn-client-extra] + ALPNProtocols = foo + NPNProtocols = bar + + + # =========================================================== + +-[11-sni-npn-preferred-over-alpn] +-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl ++[13-sni-npn-preferred-over-alpn] ++ssl_conf = 13-sni-npn-preferred-over-alpn-ssl + +-[11-sni-npn-preferred-over-alpn-ssl] +-server = 11-sni-npn-preferred-over-alpn-server +-client = 11-sni-npn-preferred-over-alpn-client +-server2 = 11-sni-npn-preferred-over-alpn-server2 ++[13-sni-npn-preferred-over-alpn-ssl] ++server = 13-sni-npn-preferred-over-alpn-server ++client = 13-sni-npn-preferred-over-alpn-client ++server2 = 13-sni-npn-preferred-over-alpn-server2 + +-[11-sni-npn-preferred-over-alpn-server] ++[13-sni-npn-preferred-over-alpn-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[11-sni-npn-preferred-over-alpn-server2] ++[13-sni-npn-preferred-over-alpn-server2] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[11-sni-npn-preferred-over-alpn-client] ++[13-sni-npn-preferred-over-alpn-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-11] ++[test-13] + ExpectedNPNProtocol = bar + ExpectedServerName = server2 +-server = 11-sni-npn-preferred-over-alpn-server-extra +-server2 = 11-sni-npn-preferred-over-alpn-server2-extra +-client = 11-sni-npn-preferred-over-alpn-client-extra ++server = 13-sni-npn-preferred-over-alpn-server-extra ++server2 = 13-sni-npn-preferred-over-alpn-server2-extra ++client = 13-sni-npn-preferred-over-alpn-client-extra + +-[11-sni-npn-preferred-over-alpn-server-extra] ++[13-sni-npn-preferred-over-alpn-server-extra] + ALPNProtocols = foo + ServerNameCallback = IgnoreMismatch + +-[11-sni-npn-preferred-over-alpn-server2-extra] ++[13-sni-npn-preferred-over-alpn-server2-extra] + NPNProtocols = bar + +-[11-sni-npn-preferred-over-alpn-client-extra] ++[13-sni-npn-preferred-over-alpn-client-extra] + ALPNProtocols = foo + NPNProtocols = bar + ServerName = server2 +@@ -460,356 +527,356 @@ ServerName = server2 + + # =========================================================== + +-[12-npn-simple-resumption] +-ssl_conf = 12-npn-simple-resumption-ssl ++[14-npn-simple-resumption] ++ssl_conf = 14-npn-simple-resumption-ssl + +-[12-npn-simple-resumption-ssl] +-server = 12-npn-simple-resumption-server +-client = 12-npn-simple-resumption-client +-resume-server = 12-npn-simple-resumption-server +-resume-client = 12-npn-simple-resumption-client ++[14-npn-simple-resumption-ssl] ++server = 14-npn-simple-resumption-server ++client = 14-npn-simple-resumption-client ++resume-server = 14-npn-simple-resumption-server ++resume-client = 14-npn-simple-resumption-client + +-[12-npn-simple-resumption-server] ++[14-npn-simple-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[12-npn-simple-resumption-client] ++[14-npn-simple-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-12] ++[test-14] + ExpectedNPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 12-npn-simple-resumption-server-extra +-resume-server = 12-npn-simple-resumption-server-extra +-client = 12-npn-simple-resumption-client-extra +-resume-client = 12-npn-simple-resumption-client-extra ++server = 14-npn-simple-resumption-server-extra ++resume-server = 14-npn-simple-resumption-server-extra ++client = 14-npn-simple-resumption-client-extra ++resume-client = 14-npn-simple-resumption-client-extra + +-[12-npn-simple-resumption-server-extra] ++[14-npn-simple-resumption-server-extra] + NPNProtocols = foo + +-[12-npn-simple-resumption-client-extra] ++[14-npn-simple-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[13-npn-server-switch-resumption] +-ssl_conf = 13-npn-server-switch-resumption-ssl ++[15-npn-server-switch-resumption] ++ssl_conf = 15-npn-server-switch-resumption-ssl + +-[13-npn-server-switch-resumption-ssl] +-server = 13-npn-server-switch-resumption-server +-client = 13-npn-server-switch-resumption-client +-resume-server = 13-npn-server-switch-resumption-resume-server +-resume-client = 13-npn-server-switch-resumption-client ++[15-npn-server-switch-resumption-ssl] ++server = 15-npn-server-switch-resumption-server ++client = 15-npn-server-switch-resumption-client ++resume-server = 15-npn-server-switch-resumption-resume-server ++resume-client = 15-npn-server-switch-resumption-client + +-[13-npn-server-switch-resumption-server] ++[15-npn-server-switch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[13-npn-server-switch-resumption-resume-server] ++[15-npn-server-switch-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[13-npn-server-switch-resumption-client] ++[15-npn-server-switch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-13] ++[test-15] + ExpectedNPNProtocol = baz + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 13-npn-server-switch-resumption-server-extra +-resume-server = 13-npn-server-switch-resumption-resume-server-extra +-client = 13-npn-server-switch-resumption-client-extra +-resume-client = 13-npn-server-switch-resumption-client-extra ++server = 15-npn-server-switch-resumption-server-extra ++resume-server = 15-npn-server-switch-resumption-resume-server-extra ++client = 15-npn-server-switch-resumption-client-extra ++resume-client = 15-npn-server-switch-resumption-client-extra + +-[13-npn-server-switch-resumption-server-extra] ++[15-npn-server-switch-resumption-server-extra] + NPNProtocols = bar,foo + +-[13-npn-server-switch-resumption-resume-server-extra] ++[15-npn-server-switch-resumption-resume-server-extra] + NPNProtocols = baz,foo + +-[13-npn-server-switch-resumption-client-extra] ++[15-npn-server-switch-resumption-client-extra] + NPNProtocols = foo,bar,baz + + + # =========================================================== + +-[14-npn-client-switch-resumption] +-ssl_conf = 14-npn-client-switch-resumption-ssl ++[16-npn-client-switch-resumption] ++ssl_conf = 16-npn-client-switch-resumption-ssl + +-[14-npn-client-switch-resumption-ssl] +-server = 14-npn-client-switch-resumption-server +-client = 14-npn-client-switch-resumption-client +-resume-server = 14-npn-client-switch-resumption-server +-resume-client = 14-npn-client-switch-resumption-resume-client ++[16-npn-client-switch-resumption-ssl] ++server = 16-npn-client-switch-resumption-server ++client = 16-npn-client-switch-resumption-client ++resume-server = 16-npn-client-switch-resumption-server ++resume-client = 16-npn-client-switch-resumption-resume-client + +-[14-npn-client-switch-resumption-server] ++[16-npn-client-switch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[14-npn-client-switch-resumption-client] ++[16-npn-client-switch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[14-npn-client-switch-resumption-resume-client] ++[16-npn-client-switch-resumption-resume-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-14] ++[test-16] + ExpectedNPNProtocol = bar + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 14-npn-client-switch-resumption-server-extra +-resume-server = 14-npn-client-switch-resumption-server-extra +-client = 14-npn-client-switch-resumption-client-extra +-resume-client = 14-npn-client-switch-resumption-resume-client-extra ++server = 16-npn-client-switch-resumption-server-extra ++resume-server = 16-npn-client-switch-resumption-server-extra ++client = 16-npn-client-switch-resumption-client-extra ++resume-client = 16-npn-client-switch-resumption-resume-client-extra + +-[14-npn-client-switch-resumption-server-extra] ++[16-npn-client-switch-resumption-server-extra] + NPNProtocols = foo,bar,baz + +-[14-npn-client-switch-resumption-client-extra] ++[16-npn-client-switch-resumption-client-extra] + NPNProtocols = foo,baz + +-[14-npn-client-switch-resumption-resume-client-extra] ++[16-npn-client-switch-resumption-resume-client-extra] + NPNProtocols = bar,baz + + + # =========================================================== + +-[15-npn-client-first-pref-on-mismatch-resumption] +-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl ++[17-npn-client-first-pref-on-mismatch-resumption] ++ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl + +-[15-npn-client-first-pref-on-mismatch-resumption-ssl] +-server = 15-npn-client-first-pref-on-mismatch-resumption-server +-client = 15-npn-client-first-pref-on-mismatch-resumption-client +-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client ++[17-npn-client-first-pref-on-mismatch-resumption-ssl] ++server = 17-npn-client-first-pref-on-mismatch-resumption-server ++client = 17-npn-client-first-pref-on-mismatch-resumption-client ++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server ++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client + +-[15-npn-client-first-pref-on-mismatch-resumption-server] ++[17-npn-client-first-pref-on-mismatch-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[15-npn-client-first-pref-on-mismatch-resumption-resume-server] ++[17-npn-client-first-pref-on-mismatch-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[15-npn-client-first-pref-on-mismatch-resumption-client] ++[17-npn-client-first-pref-on-mismatch-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-15] ++[test-17] + ExpectedNPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra ++server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra ++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra ++client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra ++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra + +-[15-npn-client-first-pref-on-mismatch-resumption-server-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-server-extra] + NPNProtocols = bar + +-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] + NPNProtocols = baz + +-[15-npn-client-first-pref-on-mismatch-resumption-client-extra] ++[17-npn-client-first-pref-on-mismatch-resumption-client-extra] + NPNProtocols = foo,bar + + + # =========================================================== + +-[16-npn-no-server-support-resumption] +-ssl_conf = 16-npn-no-server-support-resumption-ssl ++[18-npn-no-server-support-resumption] ++ssl_conf = 18-npn-no-server-support-resumption-ssl + +-[16-npn-no-server-support-resumption-ssl] +-server = 16-npn-no-server-support-resumption-server +-client = 16-npn-no-server-support-resumption-client +-resume-server = 16-npn-no-server-support-resumption-resume-server +-resume-client = 16-npn-no-server-support-resumption-client ++[18-npn-no-server-support-resumption-ssl] ++server = 18-npn-no-server-support-resumption-server ++client = 18-npn-no-server-support-resumption-client ++resume-server = 18-npn-no-server-support-resumption-resume-server ++resume-client = 18-npn-no-server-support-resumption-client + +-[16-npn-no-server-support-resumption-server] ++[18-npn-no-server-support-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[16-npn-no-server-support-resumption-resume-server] ++[18-npn-no-server-support-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[16-npn-no-server-support-resumption-client] ++[18-npn-no-server-support-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-16] ++[test-18] + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 16-npn-no-server-support-resumption-server-extra +-client = 16-npn-no-server-support-resumption-client-extra +-resume-client = 16-npn-no-server-support-resumption-client-extra ++server = 18-npn-no-server-support-resumption-server-extra ++client = 18-npn-no-server-support-resumption-client-extra ++resume-client = 18-npn-no-server-support-resumption-client-extra + +-[16-npn-no-server-support-resumption-server-extra] ++[18-npn-no-server-support-resumption-server-extra] + NPNProtocols = foo + +-[16-npn-no-server-support-resumption-client-extra] ++[18-npn-no-server-support-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[17-npn-no-client-support-resumption] +-ssl_conf = 17-npn-no-client-support-resumption-ssl ++[19-npn-no-client-support-resumption] ++ssl_conf = 19-npn-no-client-support-resumption-ssl + +-[17-npn-no-client-support-resumption-ssl] +-server = 17-npn-no-client-support-resumption-server +-client = 17-npn-no-client-support-resumption-client +-resume-server = 17-npn-no-client-support-resumption-server +-resume-client = 17-npn-no-client-support-resumption-resume-client ++[19-npn-no-client-support-resumption-ssl] ++server = 19-npn-no-client-support-resumption-server ++client = 19-npn-no-client-support-resumption-client ++resume-server = 19-npn-no-client-support-resumption-server ++resume-client = 19-npn-no-client-support-resumption-resume-client + +-[17-npn-no-client-support-resumption-server] ++[19-npn-no-client-support-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[17-npn-no-client-support-resumption-client] ++[19-npn-no-client-support-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[17-npn-no-client-support-resumption-resume-client] ++[19-npn-no-client-support-resumption-resume-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-17] ++[test-19] + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 17-npn-no-client-support-resumption-server-extra +-resume-server = 17-npn-no-client-support-resumption-server-extra +-client = 17-npn-no-client-support-resumption-client-extra ++server = 19-npn-no-client-support-resumption-server-extra ++resume-server = 19-npn-no-client-support-resumption-server-extra ++client = 19-npn-no-client-support-resumption-client-extra + +-[17-npn-no-client-support-resumption-server-extra] ++[19-npn-no-client-support-resumption-server-extra] + NPNProtocols = foo + +-[17-npn-no-client-support-resumption-client-extra] ++[19-npn-no-client-support-resumption-client-extra] + NPNProtocols = foo + + + # =========================================================== + +-[18-alpn-preferred-over-npn-resumption] +-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl ++[20-alpn-preferred-over-npn-resumption] ++ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl + +-[18-alpn-preferred-over-npn-resumption-ssl] +-server = 18-alpn-preferred-over-npn-resumption-server +-client = 18-alpn-preferred-over-npn-resumption-client +-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +-resume-client = 18-alpn-preferred-over-npn-resumption-client ++[20-alpn-preferred-over-npn-resumption-ssl] ++server = 20-alpn-preferred-over-npn-resumption-server ++client = 20-alpn-preferred-over-npn-resumption-client ++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server ++resume-client = 20-alpn-preferred-over-npn-resumption-client + +-[18-alpn-preferred-over-npn-resumption-server] ++[20-alpn-preferred-over-npn-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[18-alpn-preferred-over-npn-resumption-resume-server] ++[20-alpn-preferred-over-npn-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[18-alpn-preferred-over-npn-resumption-client] ++[20-alpn-preferred-over-npn-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-18] ++[test-20] + ExpectedALPNProtocol = foo + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 18-alpn-preferred-over-npn-resumption-server-extra +-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +-client = 18-alpn-preferred-over-npn-resumption-client-extra +-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra ++server = 20-alpn-preferred-over-npn-resumption-server-extra ++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra ++client = 20-alpn-preferred-over-npn-resumption-client-extra ++resume-client = 20-alpn-preferred-over-npn-resumption-client-extra + +-[18-alpn-preferred-over-npn-resumption-server-extra] ++[20-alpn-preferred-over-npn-resumption-server-extra] + NPNProtocols = bar + +-[18-alpn-preferred-over-npn-resumption-resume-server-extra] ++[20-alpn-preferred-over-npn-resumption-resume-server-extra] + ALPNProtocols = foo + NPNProtocols = baz + +-[18-alpn-preferred-over-npn-resumption-client-extra] ++[20-alpn-preferred-over-npn-resumption-client-extra] + ALPNProtocols = foo + NPNProtocols = bar,baz + + + # =========================================================== + +-[19-npn-used-if-alpn-not-supported-resumption] +-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl ++[21-npn-used-if-alpn-not-supported-resumption] ++ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl + +-[19-npn-used-if-alpn-not-supported-resumption-ssl] +-server = 19-npn-used-if-alpn-not-supported-resumption-server +-client = 19-npn-used-if-alpn-not-supported-resumption-client +-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client ++[21-npn-used-if-alpn-not-supported-resumption-ssl] ++server = 21-npn-used-if-alpn-not-supported-resumption-server ++client = 21-npn-used-if-alpn-not-supported-resumption-client ++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server ++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client + +-[19-npn-used-if-alpn-not-supported-resumption-server] ++[21-npn-used-if-alpn-not-supported-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[19-npn-used-if-alpn-not-supported-resumption-resume-server] ++[21-npn-used-if-alpn-not-supported-resumption-resume-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem + CipherString = DEFAULT + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +-[19-npn-used-if-alpn-not-supported-resumption-client] ++[21-npn-used-if-alpn-not-supported-resumption-client] + CipherString = DEFAULT + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +-[test-19] ++[test-21] + ExpectedNPNProtocol = baz + HandshakeMode = Resume + ResumptionExpected = Yes +-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra ++server = 21-npn-used-if-alpn-not-supported-resumption-server-extra ++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra ++client = 21-npn-used-if-alpn-not-supported-resumption-client-extra ++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra + +-[19-npn-used-if-alpn-not-supported-resumption-server-extra] ++[21-npn-used-if-alpn-not-supported-resumption-server-extra] + ALPNProtocols = foo + NPNProtocols = bar + +-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] ++[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] + NPNProtocols = baz + +-[19-npn-used-if-alpn-not-supported-resumption-client-extra] ++[21-npn-used-if-alpn-not-supported-resumption-client-extra] + ALPNProtocols = foo + NPNProtocols = bar,baz + +diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in +index 30783e45eb..1dc2704bdb 100644 +--- a/test/ssl-tests/08-npn.cnf.in ++++ b/test/ssl-tests/08-npn.cnf.in +@@ -110,6 +110,41 @@ our @tests = ( + "ExpectedNPNProtocol" => undef, + }, + }, ++ { ++ name => "npn-empty-client-list", ++ server => { ++ extra => { ++ "NPNProtocols" => "foo", ++ }, ++ }, ++ client => { ++ extra => { ++ "NPNProtocols" => "", ++ }, ++ "MaxProtocol" => "TLSv1.2" ++ }, ++ test => { ++ "ExpectedResult" => "ClientFail", ++ "ExpectedClientAlert" => "HandshakeFailure" ++ }, ++ }, ++ { ++ name => "npn-empty-server-list", ++ server => { ++ extra => { ++ "NPNProtocols" => "", ++ }, ++ }, ++ client => { ++ extra => { ++ "NPNProtocols" => "foo", ++ }, ++ "MaxProtocol" => "TLSv1.2" ++ }, ++ test => { ++ "ExpectedNPNProtocol" => "foo" ++ }, ++ }, + { + name => "npn-with-sni-no-context-switch", + server => { +diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf +index e7e6cb9534..dd668739ab 100644 +--- a/test/ssl-tests/09-alpn.cnf ++++ b/test/ssl-tests/09-alpn.cnf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 16 ++num_tests = 18 + + test-0 = 0-alpn-simple + test-1 = 1-alpn-server-finds-match +@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption + test-13 = 13-alpn-alert-on-mismatch-resumption + test-14 = 14-alpn-no-server-support-resumption + test-15 = 15-alpn-no-client-support-resumption ++test-16 = 16-alpn-empty-client-list ++test-17 = 17-alpn-empty-server-list + # =========================================================== + + [0-alpn-simple] +@@ -617,3 +619,65 @@ ALPNProtocols = foo + ALPNProtocols = foo + + ++# =========================================================== ++ ++[16-alpn-empty-client-list] ++ssl_conf = 16-alpn-empty-client-list-ssl ++ ++[16-alpn-empty-client-list-ssl] ++server = 16-alpn-empty-client-list-server ++client = 16-alpn-empty-client-list-client ++ ++[16-alpn-empty-client-list-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[16-alpn-empty-client-list-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-16] ++server = 16-alpn-empty-client-list-server-extra ++client = 16-alpn-empty-client-list-client-extra ++ ++[16-alpn-empty-client-list-server-extra] ++ALPNProtocols = foo ++ ++[16-alpn-empty-client-list-client-extra] ++ALPNProtocols = ++ ++ ++# =========================================================== ++ ++[17-alpn-empty-server-list] ++ssl_conf = 17-alpn-empty-server-list-ssl ++ ++[17-alpn-empty-server-list-ssl] ++server = 17-alpn-empty-server-list-server ++client = 17-alpn-empty-server-list-client ++ ++[17-alpn-empty-server-list-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[17-alpn-empty-server-list-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-17] ++ExpectedResult = ServerFail ++ExpectedServerAlert = NoApplicationProtocol ++server = 17-alpn-empty-server-list-server-extra ++client = 17-alpn-empty-server-list-client-extra ++ ++[17-alpn-empty-server-list-server-extra] ++ALPNProtocols = ++ ++[17-alpn-empty-server-list-client-extra] ++ALPNProtocols = foo ++ ++ +diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in +index 81330756c6..322b7096a6 100644 +--- a/test/ssl-tests/09-alpn.cnf.in ++++ b/test/ssl-tests/09-alpn.cnf.in +@@ -322,4 +322,37 @@ our @tests = ( + "ExpectedALPNProtocol" => undef, + }, + }, ++ { ++ name => "alpn-empty-client-list", ++ server => { ++ extra => { ++ "ALPNProtocols" => "foo", ++ }, ++ }, ++ client => { ++ extra => { ++ "ALPNProtocols" => "", ++ }, ++ }, ++ test => { ++ "ExpectedALPNProtocol" => undef, ++ }, ++ }, ++ { ++ name => "alpn-empty-server-list", ++ server => { ++ extra => { ++ "ALPNProtocols" => "", ++ }, ++ }, ++ client => { ++ extra => { ++ "ALPNProtocols" => "foo", ++ }, ++ }, ++ test => { ++ "ExpectedResult" => "ServerFail", ++ "ExpectedServerAlert" => "NoApplicationProtocol", ++ }, ++ }, + ); +-- +2.46.0 + diff --git a/base/openssl3/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch b/base/openssl3/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch new file mode 100644 index 0000000..97c28ee --- /dev/null +++ b/base/openssl3/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch @@ -0,0 +1,39 @@ +From 53f5677f358c4a4f69830d944ea40e71950673b8 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 21 Jun 2024 10:41:55 +0100 +Subject: [PATCH 07/10] Correct return values for + tls_construct_stoc_next_proto_neg + +Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, +rather than EXT_RETURN_SENT. This actually makes no difference at all to +the current control flow since this return value is ignored in this case +anyway. But lets make it correct anyway. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + ssl/statem/extensions_srvr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c +index 800654450e..66ed7dacf2 100644 +--- a/ssl/statem/extensions_srvr.c ++++ b/ssl/statem/extensions_srvr.c +@@ -1501,9 +1501,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, + return EXT_RETURN_FAIL; + } + s->s3.npn_seen = 1; ++ return EXT_RETURN_SENT; + } + +- return EXT_RETURN_SENT; ++ return EXT_RETURN_NOT_SENT; + } + #endif + +-- +2.46.0 + diff --git a/base/openssl3/0136-Add-ALPN-validation-in-the-client.patch b/base/openssl3/0136-Add-ALPN-validation-in-the-client.patch new file mode 100644 index 0000000..1406860 --- /dev/null +++ b/base/openssl3/0136-Add-ALPN-validation-in-the-client.patch @@ -0,0 +1,62 @@ +From 195e15421df113d7283aab2ccff8b8fb06df5465 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 21 Jun 2024 11:51:54 +0100 +Subject: [PATCH 08/10] Add ALPN validation in the client + +The ALPN protocol selected by the server must be one that we originally +advertised. We should verify that it is. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c +index 1ab3c13d57..ff9c009ee5 100644 +--- a/ssl/statem/extensions_clnt.c ++++ b/ssl/statem/extensions_clnt.c +@@ -1590,6 +1590,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) + { + size_t len; ++ PACKET confpkt, protpkt; ++ int valid = 0; + + /* We must have requested it. */ + if (!s->s3.alpn_sent) { +@@ -1608,6 +1610,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); + return 0; + } ++ ++ /* It must be a protocol that we sent */ ++ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { ++ if (PACKET_remaining(&protpkt) != len) ++ continue; ++ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { ++ /* Valid protocol found */ ++ valid = 1; ++ break; ++ } ++ } ++ ++ if (!valid) { ++ /* The protocol sent from the server does not match one we advertised */ ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); ++ return 0; ++ } ++ + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_malloc(len); + if (s->s3.alpn_selected == NULL) { +-- +2.46.0 + diff --git a/base/openssl3/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch b/base/openssl3/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch new file mode 100644 index 0000000..135fa25 --- /dev/null +++ b/base/openssl3/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch @@ -0,0 +1,267 @@ +From 7c95191434415d1c9b7fe9b130df13cce630b6b5 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 21 Jun 2024 10:09:41 +0100 +Subject: [PATCH 09/10] Add explicit testing of ALN and NPN in sslapitest + +We already had some tests elsewhere - but this extends that testing with +additional tests. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + test/sslapitest.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 229 insertions(+) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 15cb9060cb..7a55a2b721 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -11877,6 +11877,231 @@ static int test_select_next_proto(int idx) + return ret; + } + ++static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; ++static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; ++ ++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) ++static int npn_advert_cb(SSL *ssl, const unsigned char **out, ++ unsigned int *outlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ default: ++ case 0: ++ *out = fooprot; ++ *outlen = sizeof(fooprot); ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 1: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 2: ++ return SSL_TLSEXT_ERR_NOACK; ++ } ++} ++ ++static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ case 0: ++ case 1: ++ *out = (unsigned char *)(fooprot + 1); ++ *outlen = *fooprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 3: ++ *out = (unsigned char *)(barprot + 1); ++ *outlen = *barprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 4: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ default: ++ case 2: ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++} ++ ++/* ++ * Test the NPN callbacks ++ * Test 0: advert = foo, select = foo ++ * Test 1: advert = , select = foo ++ * Test 2: no advert ++ * Test 3: advert = foo, select = bar ++ * Test 4: advert = foo, select = (should fail) ++ */ ++static int test_npn(int idx) ++{ ++ SSL_CTX *sctx = NULL, *cctx = NULL; ++ SSL *serverssl = NULL, *clientssl = NULL; ++ int testresult = 0; ++ ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), ++ TLS_client_method(), 0, TLS1_2_VERSION, ++ &sctx, &cctx, cert, privkey))) ++ goto end; ++ ++ SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); ++ SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, ++ NULL))) ++ goto end; ++ ++ if (idx == 4) { ++ /* We don't allow empty selection of NPN, so this should fail */ ++ if (!TEST_false(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ } else { ++ const unsigned char *prot; ++ unsigned int protlen; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); ++ switch (idx) { ++ case 0: ++ case 1: ++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) ++ goto end; ++ break; ++ case 2: ++ if (!TEST_uint_eq(protlen, 0)) ++ goto end; ++ break; ++ case 3: ++ if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot)) ++ goto end; ++ break; ++ default: ++ TEST_error("Should not get here"); ++ goto end; ++ } ++ } ++ ++ testresult = 1; ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++} ++#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ ++ ++static int alpn_select_cb2(SSL *ssl, const unsigned char **out, ++ unsigned char *outlen, const unsigned char *in, ++ unsigned int inlen, void *arg) ++{ ++ int *idx = (int *)arg; ++ ++ switch (*idx) { ++ case 0: ++ *out = (unsigned char *)(fooprot + 1); ++ *outlen = *fooprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 2: ++ *out = (unsigned char *)(barprot + 1); ++ *outlen = *barprot; ++ return SSL_TLSEXT_ERR_OK; ++ ++ case 3: ++ *outlen = 0; ++ return SSL_TLSEXT_ERR_OK; ++ ++ default: ++ case 1: ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++ return 0; ++} ++ ++/* ++ * Test the ALPN callbacks ++ * Test 0: client = foo, select = foo ++ * Test 1: client = , select = none ++ * Test 2: client = foo, select = bar (should fail) ++ * Test 3: client = foo, select = (should fail) ++ */ ++static int test_alpn(int idx) ++{ ++ SSL_CTX *sctx = NULL, *cctx = NULL; ++ SSL *serverssl = NULL, *clientssl = NULL; ++ int testresult = 0; ++ const unsigned char *prots = fooprot; ++ unsigned int protslen = sizeof(fooprot); ++ ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), ++ TLS_client_method(), 0, 0, ++ &sctx, &cctx, cert, privkey))) ++ goto end; ++ ++ SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, ++ NULL))) ++ goto end; ++ ++ if (idx == 1) { ++ prots = NULL; ++ protslen = 0; ++ } ++ ++ /* SSL_set_alpn_protos returns 0 for success! */ ++ if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen))) ++ goto end; ++ ++ if (idx == 2 || idx == 3) { ++ /* We don't allow empty selection of NPN, so this should fail */ ++ if (!TEST_false(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ } else { ++ const unsigned char *prot; ++ unsigned int protlen; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ SSL_get0_alpn_selected(clientssl, &prot, &protlen); ++ switch (idx) { ++ case 0: ++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) ++ goto end; ++ break; ++ case 1: ++ if (!TEST_uint_eq(protlen, 0)) ++ goto end; ++ break; ++ default: ++ TEST_error("Should not get here"); ++ goto end; ++ } ++ } ++ ++ testresult = 1; ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") + + int setup_tests(void) +@@ -12190,6 +12415,10 @@ int setup_tests(void) + ADD_TEST(test_data_retry); + ADD_ALL_TESTS(test_multi_resume, 5); + ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); ++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ADD_ALL_TESTS(test_npn, 5); ++#endif ++ ADD_ALL_TESTS(test_alpn, 4); + return 1; + + err: +-- +2.46.0 + diff --git a/base/openssl3/0138-Add-a-test-for-an-empty-NextProto-message.patch b/base/openssl3/0138-Add-a-test-for-an-empty-NextProto-message.patch new file mode 100644 index 0000000..923ec66 --- /dev/null +++ b/base/openssl3/0138-Add-a-test-for-an-empty-NextProto-message.patch @@ -0,0 +1,199 @@ +From 301b870546d1c7b2d8f0d66e04a2596142f0399f Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 21 Jun 2024 14:29:26 +0100 +Subject: [PATCH 10/10] Add a test for an empty NextProto message + +It is valid according to the spec for a NextProto message to have no +protocols listed in it. The OpenSSL implementation however does not allow +us to create such a message. In order to check that we work as expected +when communicating with a client that does generate such messages we have +to use a TLSProxy test. + +Follow on from CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24717) +--- + test/recipes/70-test_npn.t | 73 +++++++++++++++++++++++++++++++++ + util/perl/TLSProxy/Message.pm | 9 ++++ + util/perl/TLSProxy/NextProto.pm | 54 ++++++++++++++++++++++++ + util/perl/TLSProxy/Proxy.pm | 1 + + 4 files changed, 137 insertions(+) + create mode 100644 test/recipes/70-test_npn.t + create mode 100644 util/perl/TLSProxy/NextProto.pm + +diff --git a/test/recipes/70-test_npn.t b/test/recipes/70-test_npn.t +new file mode 100644 +index 0000000000..f82e71af6a +--- /dev/null ++++ b/test/recipes/70-test_npn.t +@@ -0,0 +1,73 @@ ++#! /usr/bin/env perl ++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; ++use OpenSSL::Test::Utils; ++ ++use TLSProxy::Proxy; ++ ++my $test_name = "test_npn"; ++setup($test_name); ++ ++plan skip_all => "TLSProxy isn't usable on $^O" ++ if $^O =~ /^(VMS)$/; ++ ++plan skip_all => "$test_name needs the dynamic engine feature enabled" ++ if disabled("engine") || disabled("dynamic-engine"); ++ ++plan skip_all => "$test_name needs the sock feature enabled" ++ if disabled("sock"); ++ ++plan skip_all => "$test_name needs NPN enabled" ++ if disabled("nextprotoneg"); ++ ++plan skip_all => "$test_name needs TLSv1.2 enabled" ++ if disabled("tls1_2"); ++ ++my $proxy = TLSProxy::Proxy->new( ++ undef, ++ cmdstr(app(["openssl"]), display => 1), ++ srctop_file("apps", "server.pem"), ++ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ++); ++ ++$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; ++plan tests => 1; ++ ++my $npnseen = 0; ++ ++# Test 1: Check sending an empty NextProto message from the client works. This is ++# valid as per the spec, but OpenSSL does not allow you to send it. ++# Therefore we must be prepared to receive such a message but we cannot ++# generate it except via TLSProxy ++$proxy->clear(); ++$proxy->filter(\&npn_filter); ++$proxy->clientflags("-nextprotoneg foo -no_tls1_3"); ++$proxy->serverflags("-nextprotoneg foo"); ++$proxy->start(); ++ok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); ++ ++sub npn_filter ++{ ++ my $proxy = shift; ++ my $message; ++ ++ # The NextProto message always appears in flight 2 ++ return if $proxy->flight != 2; ++ ++ foreach my $message (@{$proxy->message_list}) { ++ if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { ++ # Our TLSproxy NextProto message support doesn't support parsing of ++ # the message. If we repack it just creates an empty NextProto ++ # message - which is exactly the scenario we want to test here. ++ $message->repack(); ++ $npnseen = 1; ++ } ++ } ++} +diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm +index ce22187569..fb41b2ffc8 100644 +--- a/util/perl/TLSProxy/Message.pm ++++ b/util/perl/TLSProxy/Message.pm +@@ -384,6 +384,15 @@ sub create_message + [@message_frag_lens] + ); + $message->parse(); ++ } elsif ($mt == MT_NEXT_PROTO) { ++ $message = TLSProxy::NextProto->new( ++ $server, ++ $data, ++ [@message_rec_list], ++ $startoffset, ++ [@message_frag_lens] ++ ); ++ $message->parse(); + } else { + #Unknown message type + $message = TLSProxy::Message->new( +diff --git a/util/perl/TLSProxy/NextProto.pm b/util/perl/TLSProxy/NextProto.pm +new file mode 100644 +index 0000000000..0e18347546 +--- /dev/null ++++ b/util/perl/TLSProxy/NextProto.pm +@@ -0,0 +1,54 @@ ++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++ ++package TLSProxy::NextProto; ++ ++use vars '@ISA'; ++push @ISA, 'TLSProxy::Message'; ++ ++sub new ++{ ++ my $class = shift; ++ my ($server, ++ $data, ++ $records, ++ $startoffset, ++ $message_frag_lens) = @_; ++ ++ my $self = $class->SUPER::new( ++ $server, ++ TLSProxy::Message::MT_NEXT_PROTO, ++ $data, ++ $records, ++ $startoffset, ++ $message_frag_lens); ++ ++ return $self; ++} ++ ++sub parse ++{ ++ # We don't support parsing at the moment ++} ++ ++# This is supposed to reconstruct the on-the-wire message data following changes. ++# For now though since we don't support parsing we just create an empty NextProto ++# message - this capability is used in test_npn ++sub set_message_contents ++{ ++ my $self = shift; ++ my $data; ++ ++ $data = pack("C32", 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00); ++ $self->data($data); ++} ++1; +diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm +index 3de10eccb9..b707722b6b 100644 +--- a/util/perl/TLSProxy/Proxy.pm ++++ b/util/perl/TLSProxy/Proxy.pm +@@ -23,6 +23,7 @@ use TLSProxy::CertificateRequest; + use TLSProxy::CertificateVerify; + use TLSProxy::ServerKeyExchange; + use TLSProxy::NewSessionTicket; ++use TLSProxy::NextProto; + + my $have_IPv6; + my $IP_factory; +-- +2.46.0 + diff --git a/base/openssl3/0139-CVE-2024-6119.patch b/base/openssl3/0139-CVE-2024-6119.patch new file mode 100644 index 0000000..a39106a --- /dev/null +++ b/base/openssl3/0139-CVE-2024-6119.patch @@ -0,0 +1,233 @@ +diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c +index 1a18174995..a09414c972 100644 +--- a/crypto/x509/v3_utl.c ++++ b/crypto/x509/v3_utl.c +@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, + ASN1_STRING *cstr; + + gen = sk_GENERAL_NAME_value(gens, i); +- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { +- if (OBJ_obj2nid(gen->d.otherName->type_id) == +- NID_id_on_SmtpUTF8Mailbox) { +- san_present = 1; +- +- /* +- * If it is not a UTF8String then that is unexpected and we +- * treat it as no match +- */ +- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { +- cstr = gen->d.otherName->value->value.utf8string; +- +- /* Positive on success, negative on error! */ +- if ((rv = do_check_string(cstr, 0, equal, flags, +- chk, chklen, peername)) != 0) +- break; +- } +- } else ++ switch (gen->type) { ++ default: ++ continue; ++ case GEN_OTHERNAME: ++ switch (OBJ_obj2nid(gen->d.otherName->type_id)) { ++ default: + continue; +- } else { +- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) ++ case NID_id_on_SmtpUTF8Mailbox: ++ /*- ++ * https://datatracker.ietf.org/doc/html/rfc8398#section-3 ++ * ++ * Due to name constraint compatibility reasons described ++ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT ++ * be used unless the local-part of the email address ++ * contains non-ASCII characters. When the local-part is ++ * ASCII, rfc822Name subjectAltName MUST be used instead ++ * of SmtpUTF8Mailbox. This is compatible with legacy ++ * software that supports only rfc822Name (and not ++ * SmtpUTF8Mailbox). [...] ++ * ++ * SmtpUTF8Mailbox is encoded as UTF8String. ++ * ++ * If it is not a UTF8String then that is unexpected, and ++ * we ignore the invalid SAN (neither set san_present nor ++ * consider it a candidate for equality). This does mean ++ * that the subject CN may be considered, as would be the ++ * case when the malformed SmtpUtf8Mailbox SAN is instead ++ * simply absent. ++ * ++ * When CN-ID matching is not desirable, applications can ++ * choose to turn it off, doing so is at this time a best ++ * practice. ++ */ ++ if (check_type != GEN_EMAIL ++ || gen->d.otherName->value->type != V_ASN1_UTF8STRING) ++ continue; ++ alt_type = 0; ++ cstr = gen->d.otherName->value->value.utf8string; ++ break; ++ } ++ break; ++ case GEN_EMAIL: ++ if (check_type != GEN_EMAIL) + continue; +- } +- san_present = 1; +- if (check_type == GEN_EMAIL) + cstr = gen->d.rfc822Name; +- else if (check_type == GEN_DNS) ++ break; ++ case GEN_DNS: ++ if (check_type != GEN_DNS) ++ continue; + cstr = gen->d.dNSName; +- else ++ break; ++ case GEN_IPADD: ++ if (check_type != GEN_IPADD) ++ continue; + cstr = gen->d.iPAddress; ++ break; ++ } ++ san_present = 1; + /* Positive on success, negative on error! */ + if ((rv = do_check_string(cstr, alt_type, equal, flags, + chk, chklen, peername)) != 0) +diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t +index 522982ddfb..e18735d89a 100644 +--- a/test/recipes/25-test_eai_data.t ++++ b/test/recipes/25-test_eai_data.t +@@ -21,16 +21,18 @@ setup("test_eai_data"); + #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem + #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem + +-plan tests => 12; ++plan tests => 16; + + require_ok(srctop_file('test','recipes','tconversion.pl')); + my $folder = "test/recipes/25-test_eai_data"; + + my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); + my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); ++my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); + + my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); + my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); ++my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); + + my $out; + my $outcnt = 0; +@@ -56,10 +58,18 @@ SKIP: { + + ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); + ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); ++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); + + ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); + ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); + ++# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). ++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); ++# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). ++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); ++# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. ++ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); ++ + #Check that we get the expected failure return code + with({ exit_checker => sub { return shift == 2; } }, + sub { +diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem +new file mode 100644 +index 0000000000..e8a2c6f55d +--- /dev/null ++++ b/test/recipes/25-test_eai_data/kdc-cert.pem +@@ -0,0 +1,21 @@ ++-----BEGIN CERTIFICATE----- ++MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 ++MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU ++RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+ ++6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry ++BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8 ++vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx ++Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT ++7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9 ++3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj ++te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG ++AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU ++RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA ++ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA ++T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb ++iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU ++UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1 ++El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9 ++0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI ++oDQ9fKfUOAmUFth2/R/eGA== ++-----END CERTIFICATE----- +diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem +new file mode 100644 +index 0000000000..a74c96bf31 +--- /dev/null ++++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem +@@ -0,0 +1,16 @@ ++-----BEGIN CERTIFICATE----- ++MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS ++b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD ++DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj ++61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0 ++qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK ++MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS ++dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj ++3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7 ++pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI ++lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT ++Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl ++KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW ++7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS ++vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8 ++-----END CERTIFICATE----- +diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh +new file mode 100755 +index 0000000000..7a8dbc719f +--- /dev/null ++++ b/test/recipes/25-test_eai_data/kdc.sh +@@ -0,0 +1,41 @@ ++#! /usr/bin/env bash ++ ++# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and ++# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS ++# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should ++# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox` ++# should likewise lead to ASAN issues with email name checks. ++ ++rm -f root-key.pem root-cert.pem ++openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \ ++ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem ++ ++exts=$( ++ printf "%s\n%s\n%s\n%s = " \ ++ "subjectKeyIdentifier = hash" \ ++ "authorityKeyIdentifier = keyid" \ ++ "basicConstraints = CA:false" \ ++ "subjectAltName" ++ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name" ++ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com" ++ printf "%s, " "email:joe@example.com" ++ printf "%s\n" "DNS:mx1.example.com" ++ printf "[kdc_princ_name]\n" ++ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n" ++ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n" ++ printf "[kdc_principal_seq]\n" ++ printf "name_type = EXP:0, INTEGER:1\n" ++ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n" ++ printf "[kdc_principal_components]\n" ++ printf "princ1 = GeneralString:krbtgt\n" ++ printf "princ2 = GeneralString:TEST.EXAMPLE\n" ++ ) ++ ++printf "%s\n" "$exts" ++ ++openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \ ++ -subj "/CN=TEST.EXAMPLE" | ++ openssl x509 -req -out kdc-cert.pem \ ++ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \ ++ -set_serial 2 -days 36524 \ ++ -extfile <(printf "%s\n" "$exts") diff --git a/base/openssl3/0140-prov_no-cache.patch b/base/openssl3/0140-prov_no-cache.patch new file mode 100644 index 0000000..3dee746 --- /dev/null +++ b/base/openssl3/0140-prov_no-cache.patch @@ -0,0 +1,103 @@ +diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c +index d311158d77589..70715e7d6a99c 100644 +--- a/crypto/core_fetch.c ++++ b/crypto/core_fetch.c +@@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, + * It is *expected* that the put function increments the refcnt + * of the passed method. + */ +- data->mcm->put(data->store, method, provider, algo->algorithm_names, ++ data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names, + algo->property_definition, data->mcm_data); + + /* refcnt-- because we're dropping the reference */ +diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf +new file mode 100644 +index 0000000000000..cf5ca8d114151 +--- /dev/null ++++ b/test/nocache-and-default.cnf +@@ -0,0 +1,18 @@ ++openssl_conf = openssl_init ++ ++# Comment out the next line to ignore configuration errors ++config_diagnostics = 1 ++ ++[openssl_init] ++providers = provider_sect ++ ++[provider_sect] ++test = test_sect ++default = default_sect ++ ++[test_sect] ++module = ../test/p_test.so ++activate = true ++ ++[default_sect] ++activate = true +diff --git a/test/p_test.c b/test/p_test.c +index 2d20190d4d57b..05f71ec8347c0 100644 +--- a/test/p_test.c ++++ b/test/p_test.c +@@ -230,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_) + return reason_strings; + } + ++static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov, ++ int operation_id, ++ int *no_cache) ++{ ++ *no_cache = 1; ++ return NULL; ++} ++ + static const OSSL_DISPATCH p_test_table[] = { + { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params }, + { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, + (void (*)(void))p_get_reason_strings}, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, ++ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, + OSSL_DISPATCH_END + }; + +diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t +new file mode 100644 +index 0000000000000..734e44ec8c2e1 +--- /dev/null ++++ b/test/recipes/20-test_nocache.t +@@ -0,0 +1,34 @@ ++#! /usr/bin/env perl ++# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++use warnings; ++ ++use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; ++use OpenSSL::Test::Utils; ++ ++setup("test_nocache"); ++ ++plan tests => 4; ++ ++ok(run(app(["openssl", "list", "-mac-algorithms"], ++ stdout => "listout.txt")), ++"List mac algorithms - default configuration"); ++open DATA, "listout.txt"; ++my @match = grep /MAC/, ; ++close DATA; ++ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration"); ++ ++$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf"); ++ok(run(app(["openssl", "list", "-mac-algorithms"], ++ stdout => "listout.txt")), ++"List mac algorithms"); ++open DATA, "listout.txt"; ++my @match = grep /MAC/, ; ++close DATA; ++ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default"); diff --git a/base/openssl3/0141-print-pq-group.patch b/base/openssl3/0141-print-pq-group.patch new file mode 100644 index 0000000..a6462fe --- /dev/null +++ b/base/openssl3/0141-print-pq-group.patch @@ -0,0 +1,19 @@ +diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c +index 3b3c0dd0b38f5..026315406e298 100644 +--- a/apps/lib/s_cb.c ++++ b/apps/lib/s_cb.c +@@ -418,8 +418,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s) + { + EVP_PKEY *key; + +- if (!SSL_get_peer_tmp_key(s, &key)) ++ if (!SSL_get_peer_tmp_key(s, &key)) { ++ if (SSL_version(s) == TLS1_3_VERSION) ++ BIO_printf(out, "Negotiated TLS1.3 group: %s\n", ++ SSL_group_to_name(s, SSL_get_negotiated_group(s))); + return 1; ++ } ++ + BIO_puts(out, "Server Temp Key: "); + switch (EVP_PKEY_get_id(key)) { + case EVP_PKEY_RSA: diff --git a/base/openssl3/0142-CVE-2024-13176-Minerva.patch b/base/openssl3/0142-CVE-2024-13176-Minerva.patch new file mode 100644 index 0000000..4dbe652 --- /dev/null +++ b/base/openssl3/0142-CVE-2024-13176-Minerva.patch @@ -0,0 +1,93 @@ +diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c +index b876edbfac36e..af52e2ced6914 100644 +--- a/crypto/bn/bn_exp.c ++++ b/crypto/bn/bn_exp.c +@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, + * out by Colin Percival, + * http://www.daemonology.net/hyperthreading-considered-harmful/) + */ +-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) + { +@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + unsigned int t4 = 0; + #endif + +- bn_check_top(a); +- bn_check_top(p); +- bn_check_top(m); +- + if (!BN_is_odd(m)) { + ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); + return 0; +@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + goto err; + } else + #endif +- if (!BN_from_montgomery(rr, &tmp, mont, ctx)) ++ if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) + goto err; + ret = 1; + err: +@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + return ret; + } + ++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont) ++{ ++ bn_check_top(a); ++ bn_check_top(p); ++ bn_check_top(m); ++ if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont)) ++ return 0; ++ bn_correct_top(rr); ++ return 1; ++} ++ + int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 19384eba186b5..3f8d65c1bf1a1 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -21,6 +21,7 @@ + #include + #include + #include "crypto/ec.h" ++#include "crypto/bn.h" + #include "internal/nelem.h" + #include "ec_local.h" + +@@ -1265,10 +1266,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, + if (!BN_sub(e, group->order, e)) + goto err; + /*- +- * Exponent e is public. +- * No need for scatter-gather or BN_FLG_CONSTTIME. ++ * Although the exponent is public we want the result to be ++ * fixed top. + */ +- if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) ++ if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data)) + goto err; + + ret = 1; +diff --git a/include/crypto/bn.h b/include/crypto/bn.h +index 47d9b44f879f0..bdee28625ce60 100644 +--- a/include/crypto/bn.h ++++ b/include/crypto/bn.h +@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); + */ + int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); ++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); + int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, diff --git a/base/openssl3/openssl3.spec b/base/openssl3/openssl3.spec index efc4f7c..c3334b1 100644 --- a/base/openssl3/openssl3.spec +++ b/base/openssl3/openssl3.spec @@ -21,7 +21,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl3 Version: 3.2.2 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz @@ -34,137 +34,157 @@ Source10: configuration-prefix.h # Patches exported from source git # Aarch64 and ppc64le use lib64 -Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch -# Use more general default values in openssl.cnf -Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch -# Do not install html docs -Patch3: 0003-Do-not-install-html-docs.patch -# Override default paths for the CA directory tree -Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch -# apps/ca: fix md option help text -Patch5: 0005-apps-ca-fix-md-option-help-text.patch -# Disable signature verification with totally unsafe hash algorithms -Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch -# Add support for PROFILE=SYSTEM system default cipherlist -Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -# Add FIPS_mode() compatibility macro -Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch -# Add check to see if fips flag is enabled in kernel -Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so -# that new modifications made to these files by upstream are not lost. -Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch -# remove unsupported EC curves -Patch11: 0011-Remove-EC-curves.patch -# Disable explicit EC curves -# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 -Patch12: 0012-Disable-explicit-ec.patch -#Skipped tests from former 0011-Remove-EC-curves.patch -Patch13: 0013-skipped-tests-EC-curves.patch -# Instructions to load legacy provider in openssl.cnf -Patch24: 0024-load-legacy-prov.patch -# We load FIPS provider and set FIPS properties implicitly -Patch32: 0032-Force-fips.patch -# Embed HMAC into the fips.so -Patch33: 0033-FIPS-embed-hmac.patch -# Comment out fipsinstall command-line utility -Patch34: 0034.fipsinstall_disable.patch -# Skip unavailable algorithms running `openssl speed` -Patch35: 0035-speed-skip-unavailable-dgst.patch -# Extra public/private key checks required by FIPS-140-3 -Patch44: 0044-FIPS-140-3-keychecks.patch -# Minimize fips services -Patch45: 0045-FIPS-services-minimize.patch -# Execute KATS before HMAC verification -Patch47: 0047-FIPS-early-KATS.patch -# Selectively disallow SHA1 signatures -Patch49: 0049-Selectively-disallow-SHA1-signatures.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2049265 -Patch50: 0050-FIPS-enable-pkcs12-mac.patch -# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes -Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +# # Use more general default values in openssl.cnf +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +# # Do not install html docs +Patch3: 0003-Do-not-install-html-docs.patch +# # Override default paths for the CA directory tree +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +# # apps/ca: fix md option help text +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +# # Disable signature verification with totally unsafe hash algorithms +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +# # Add support for PROFILE=SYSTEM system default cipherlist +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +# # Add FIPS_mode() compatibility macro +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +# # Add check to see if fips flag is enabled in kernel +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so +# # that new modifications made to these files by upstream are not lost. +Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch +# # remove unsupported EC curves +Patch11: 0011-Remove-EC-curves.patch +# # Disable explicit EC curves +# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +Patch12: 0012-Disable-explicit-ec.patch +# # Skipped tests from former 0011-Remove-EC-curves.patch +Patch13: 0013-skipped-tests-EC-curves.patch +# # Instructions to load legacy provider in openssl.cnf +Patch24: 0024-load-legacy-prov.patch +# # We load FIPS provider and set FIPS properties implicitly +Patch32: 0032-Force-fips.patch +# # Embed HMAC into the fips.so +# Modify fips self test as per +# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a +Patch33: 0033-FIPS-embed-hmac.patch +# # Comment out fipsinstall command-line utility +Patch34: 0034.fipsinstall_disable.patch +# # Skip unavailable algorithms running `openssl speed` +Patch35: 0035-speed-skip-unavailable-dgst.patch +# # Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch +# # Minimize fips services +Patch45: 0045-FIPS-services-minimize.patch +# # Execute KATS before HMAC verification +Patch47: 0047-FIPS-early-KATS.patch +# # Selectively disallow SHA1 signatures rhbz#2070977 +Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch # Originally from https://github.com/openssl/openssl/pull/18103 # As we rebased to 3.0.7 and used the version of the function # not matching the upstream one, we have to use aliasing. # When we eliminate this patch, the `-Wl,--allow-multiple-definition` # should also be removed Patch56: 0056-strcasecmp.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 -Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch -Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch -# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) -# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +# 0062-fips-Expose-a-FIPS-indicator.patch +Patch62: 0062-fips-Expose-a-FIPS-indicator.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +# [PATCH 29/46] +# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch +# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 %if 0%{?rhel} >= 8 Patch76: 0076-FIPS-140-3-DRBG.patch %else # RHEL 7 has no getrandom() implemented Patch76: 0076-FIPS-140-3-DRBG-OLD.patch %endif -# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 -Patch77: 0077-FIPS-140-3-zeroization.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 -# https://bugzilla.redhat.com/show_bug.cgi?id=2141695 -# https://bugzilla.redhat.com/show_bug.cgi?id=2160733 -# https://bugzilla.redhat.com/show_bug.cgi?id=2164763 -Patch78: 0078-KDF-Add-FIPS-indicators.patch -#https://bugzilla.redhat.com/show_bug.cgi?id=2141748 -Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2142131 -Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2136250 -Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2137557 -Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch -#https://bugzilla.redhat.com/show_bug.cgi?id=2142121 -Patch85: 0085-FIPS-RSA-disable-shake.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2142087 -Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2144561 -Patch91: 0091-FIPS-RSA-encapsulate.patch -# FIPS-95 -Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=2168289 +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +Patch77: 0077-FIPS-140-3-zeroization.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +Patch78: 0078-KDF-Add-FIPS-indicators.patch +# # We believe that some changes present in CentOS are not necessary +# # because ustream has a check for FIPS version +Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +# [PATCH 36/46] +# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +# [PATCH 37/46] +# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +# [PATCH 38/46] +# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +# 0085-FIPS-RSA-disable-shake.patch +Patch85: 0085-FIPS-RSA-disable-shake.patch +# 0088-signature-Add-indicator-for-PSS-salt-length.patch +Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch +# 0091-FIPS-RSA-encapsulate.patch +Patch91: 0091-FIPS-RSA-encapsulate.patch +# [PATCH 42/46] +# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +# [PATCH 43/46] +# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +# [PATCH 44/46] +# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2179331 +# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2157951 +# # We believe that some changes present in CentOS are not necessary +# # because ustream has a check for FIPS version Patch114: 0114-FIPS-enforce-EMS-support.patch -# skip quic and pairwise tests temporarily +# Amend tests according to Fedora/RHEL code Patch115: 0115-skip-quic-pairwise.patch # Add version aliasing due to # https://github.com/openssl/openssl/issues/23534 Patch116: 0116-version-aliasing.patch # https://github.com/openssl/openssl/issues/23050 Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch - # https://bugzilla.redhat.com/show_bug.cgi?id=2160797 Patch121: 0121-FIPS-cms-defaults.patch -# KTLS regression, temporary skip tests +# skip KTLS tests on infrastructure Patch122: 0122-TMP-KTLS-test-skip.patch # HKDF regression with older provider implementations Patch123: 0123-kdf-Preserve-backward-compatibility-with-older-provi.patch +# https://github.com/openssl/openssl/issues/24577 +Patch124: 0124-PBMAC1-PKCS12-FIPS-support.patch +# Downstream patch: enforce PBMAC1 in FIPS mode +Patch125: 0125-PBMAC1-PKCS12-FIPS-default.patch +# https://github.com/openssl/openssl/issues/25127 +Patch126: 0126-pkeyutl-encap.patch +# https://github.com/openssl/openssl/issues/25056 +Patch127: 0127-speedup-SSL_add_cert_subjects_to_stack.patch +Patch128: 0128-SAST-findings.patch # https://github.com/openssl/openssl/pull/24717 -Patch124: 0124-Fix-SSL_select_next_proto.patch -Patch125: 0125-More-correctly-handle-a-selected_len-of-0-when-proce.patch -Patch126: 0126-Use-correctly-formatted-ALPN-data-in-tserver.patch -Patch127: 0127-Clarify-the-SSL_select_next_proto-documentation.patch -Patch128: 0128-Add-a-test-for-SSL_select_next_proto.patch -Patch129: 0129-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch -Patch130: 0130-Correct-return-values-for-tls_construct_stoc_next_pr.patch -Patch131: 0131-Add-ALPN-validation-in-the-client.patch -Patch132: 0132-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch -Patch133: 0133-Add-a-test-for-an-empty-NextProto-message.patch -Patch136: 0136-CVE-2024-6119.patch +Patch129: 0129-Fix-SSL_select_next_proto.patch +Patch130: 0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch +Patch131: 0131-Use-correctly-formatted-ALPN-data-in-tserver.patch +Patch132: 0132-Clarify-the-SSL_select_next_proto-documentation.patch +Patch133: 0133-Add-a-test-for-SSL_select_next_proto.patch +Patch134: 0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch +Patch135: 0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch +Patch136: 0136-Add-ALPN-validation-in-the-client.patch +Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch +Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch +Patch139: 0139-CVE-2024-6119.patch +# https://github.com/openssl/openssl/pull/26197 +Patch140: 0140-prov_no-cache.patch +# https://github.com/openssl/openssl/pull/25959 +Patch141: 0141-print-pq-group.patch +# https://github.com/openssl/openssl/pull/26429 +Patch142: 0142-CVE-2024-13176-Minerva.patch + %if 0%{?rhel} < 8 Patch1000: openssl-3.0.2-bundled-policy.patch @@ -564,6 +584,10 @@ rm -f %{buildroot}%{_bindir}/{make,renew}-dummy-cert %ldconfig_scriptlets libs %changelog +* Wed Feb 12 2025 Raven - 1:3.2.2-7 +- import Fedora upstream patches + Resolves: CVE-2024-12797 + * Thu Sep 12 2024 Raven - 1:3.2.2-6 - rebase to 3.2.2-6 from c9-stream