diff --git a/CVE-2020-1967.patch b/CVE-2020-1967.patch deleted file mode 100644 index b9f36dcb95a3c638c70f0d404baf3121137100b4..0000000000000000000000000000000000000000 --- a/CVE-2020-1967.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a87f3fe01a5a894aa27ccd6a239155fd129988e4 Mon Sep 17 00:00:00 2001 -From: Benjamin Kaduk -Date: Fri Apr 10 12:27:28 2020 -0700 -Subject: Fix NULL dereference in SSL_check_chain() for TLS 1.3 - -In the tls1_check_sig_alg() helper function, we loop through the list of -"signature_algorithms_cert" values received from the client and attempt -to look up each one in turn in our internal table that maps wire -codepoint to string-form name, digest and/or signature NID, etc., in -order to compare the signature scheme from the peer's list against what -is used to sign the certificates in the certificate chain we're -checking. Unfortunately, when the peer sends a value that we don't -support, the lookup returns NULL, but we unconditionally dereference the -lookup result for the comparison, leading to an application crash -triggerable by an unauthenticated client. - -Since we will not be able to say anything about algorithms we don't -recognize, treat NULL return from lookup as "does not match". - -We currently only apply the "signature_algorithm_cert" checks on TLS 1.3 -connections, so previous TLS versions are unaffected. SSL_check_chain() -is not called directly from libssl, but may be used by the application -inside a callback (e.g., client_hello or cert callback) to verify that a -candidate certificate chain will be acceptable to the client. - -CVE-2020-1967 - -Reviewed-by: Matt Caswell ---- - openssl-1.1.1f/ssl/t1_lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 0ff0d37..5a4389c 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -2132,7 +2132,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) - sigalg = use_pc_sigalgs - ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) - : s->shared_sigalgs[i]; -- if (sig_nid == sigalg->sigandhash) -+ if (sigalg != NULL && sig_nid == sigalg->sigandhash) - return 1; - } - return 0; --- -1.8.3.1 - diff --git a/CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch b/CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch deleted file mode 100644 index 0bf75e601c56c4dfce7fb521d2e37c2ae762cc05..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From aa0ad2011d3e7ad8a611da274ef7d9c7706e289b Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 11 Nov 2020 15:19:34 +0000 -Subject: [PATCH 01/31] DirectoryString is a CHOICE type and therefore uses - explicit tagging - -EDIPartyName has 2 fields that use a DirectoryString. However they were -marked as implicit tagging - which is not correct for a CHOICE type. - -Additionally the partyName field was marked as Optional when, according to -RFC5280 it is not. - -Many thanks to github user @filipnavara for reporting this issue. Also to -David Benjamin from Google who independently identified and reported it. - -Fixes #6859 - -Reviewed-by: Tomas Mraz ---- - crypto/x509v3/v3_genn.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c -index 23e3bc4..b483f35 100644 ---- a/crypto/x509v3/v3_genn.c -+++ b/crypto/x509v3/v3_genn.c -@@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = { - IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) - - ASN1_SEQUENCE(EDIPARTYNAME) = { -- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) -+ /* DirectoryString is a CHOICE type so use explicit tagging */ -+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) - } ASN1_SEQUENCE_END(EDIPARTYNAME) - - IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) --- -1.8.3.1 - diff --git a/CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch b/CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch deleted file mode 100644 index 36954c1454e59e9c32bb842a7a41614eec89805f..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch +++ /dev/null @@ -1,101 +0,0 @@ -From f960d81215ebf3f65e03d4d5d857fb9b666d6920 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 11 Nov 2020 16:12:58 +0000 -Subject: [PATCH 02/31] Correctly compare EdiPartyName in GENERAL_NAME_cmp() - -If a GENERAL_NAME field contained EdiPartyName data then it was -incorrectly being handled as type "other". This could lead to a -segmentation fault. - -Many thanks to David Benjamin from Google for reporting this issue. - -CVE-2020-1971 - -Reviewed-by: Tomas Mraz ---- - crypto/x509v3/v3_genn.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 42 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c -index b483f35..6f0a347 100644 ---- a/crypto/x509v3/v3_genn.c -+++ b/crypto/x509v3/v3_genn.c -@@ -58,6 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a) - (char *)a); - } - -+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) -+{ -+ int res; -+ -+ if (a == NULL || b == NULL) { -+ /* -+ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it -+ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here -+ */ -+ return -1; -+ } -+ if (a->nameAssigner == NULL && b->nameAssigner != NULL) -+ return -1; -+ if (a->nameAssigner != NULL && b->nameAssigner == NULL) -+ return 1; -+ /* If we get here then both have nameAssigner set, or both unset */ -+ if (a->nameAssigner != NULL) { -+ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); -+ if (res != 0) -+ return res; -+ } -+ /* -+ * partyName is required, so these should never be NULL. We treat it in -+ * the same way as the a == NULL || b == NULL case above -+ */ -+ if (a->partyName == NULL || b->partyName == NULL) -+ return -1; -+ -+ return ASN1_STRING_cmp(a->partyName, b->partyName); -+} -+ - /* Returns 0 if they are equal, != 0 otherwise. */ - int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) - { -@@ -67,8 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) - return -1; - switch (a->type) { - case GEN_X400: -+ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); -+ break; -+ - case GEN_EDIPARTY: -- result = ASN1_TYPE_cmp(a->d.other, b->d.other); -+ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); - break; - - case GEN_OTHERNAME: -@@ -115,8 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) - { - switch (type) { - case GEN_X400: -+ a->d.x400Address = value; -+ break; -+ - case GEN_EDIPARTY: -- a->d.other = value; -+ a->d.ediPartyName = value; - break; - - case GEN_OTHERNAME: -@@ -150,8 +187,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) - *ptype = a->type; - switch (a->type) { - case GEN_X400: -+ return a->d.x400Address; -+ - case GEN_EDIPARTY: -- return a->d.other; -+ return a->d.ediPartyName; - - case GEN_OTHERNAME: - return a->d.otherName; --- -1.8.3.1 - diff --git a/CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch b/CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch deleted file mode 100644 index 6e810be2b4efcc511b00fae3882dba256aaf45f0..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 1ecc76f6746cefd502c7e9000bdfa4e5d7911386 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 12 Nov 2020 11:58:12 +0000 -Subject: [PATCH 03/31] Check that multi-strings/CHOICE types don't use - implicit tagging - -It never makes sense for multi-string or CHOICE types to use implicit -tagging since the content would be ambiguous. It is an error in the -template if this ever happens. If we detect it we should stop parsing. - -Thanks to David Benjamin from Google for reporting this issue. - -Reviewed-by: Tomas Mraz ---- - crypto/asn1/asn1_err.c | 1 + - crypto/asn1/tasn_dec.c | 19 +++++++++++++++++++ - crypto/err/openssl.txt | 1 + - include/openssl/asn1err.h | 1 + - 4 files changed, 22 insertions(+) - -diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c -index 613f9ae..99a087d 100644 ---- a/crypto/asn1/asn1_err.c -+++ b/crypto/asn1/asn1_err.c -@@ -160,6 +160,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { - "asn1 sig parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, -+ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), - "bmpstring is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, -diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c -index 2332b20..1021705 100644 ---- a/crypto/asn1/tasn_dec.c -+++ b/crypto/asn1/tasn_dec.c -@@ -182,6 +182,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - tag, aclass, opt, ctx); - - case ASN1_ITYPE_MSTRING: -+ /* -+ * It never makes sense for multi-strings to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); -+ goto err; -+ } -+ - p = *in; - /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, -@@ -199,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); - goto err; - } -+ - /* Check tag matches bit map */ - if (!(ASN1_tag2bit(otag) & it->utype)) { - /* If OPTIONAL, assume this is OK */ -@@ -215,6 +225,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); - - case ASN1_ITYPE_CHOICE: -+ /* -+ * It never makes sense for CHOICE types to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); -+ goto err; -+ } -+ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - if (*pval) { -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 0b5873e..2f93221 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1771,6 +1771,7 @@ ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error - ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error - ASN1_R_AUX_ERROR:100:aux error - ASN1_R_BAD_OBJECT_HEADER:102:bad object header -+ASN1_R_BAD_TEMPLATE:230:bad template - ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length - ASN1_R_BN_LIB:105:bn lib - ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length -diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h -index faed5a5..9070e26 100644 ---- a/include/openssl/asn1err.h -+++ b/include/openssl/asn1err.h -@@ -145,6 +145,7 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_ASN1_SIG_PARSE_ERROR 204 - # define ASN1_R_AUX_ERROR 100 - # define ASN1_R_BAD_OBJECT_HEADER 102 -+# define ASN1_R_BAD_TEMPLATE 230 - # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 - # define ASN1_R_BN_LIB 105 - # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 --- -1.8.3.1 - diff --git a/CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch b/CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch deleted file mode 100644 index c575a53a6080fd1f363e1334e44e87e06ba4b1dd..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 41d62636fd996c031c0c7cef746476278583dc9e Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 12 Nov 2020 14:55:31 +0000 -Subject: [PATCH 04/31] Complain if we are attempting to encode with an invalid - ASN.1 template - -It never makes sense for multi-string or CHOICE types to have implicit -tagging. If we have a template that uses the in this way then we -should immediately fail. - -Thanks to David Benjamin from Google for reporting this issue. - -Reviewed-by: Tomas Mraz ---- - crypto/asn1/asn1_err.c | 3 ++- - crypto/asn1/tasn_enc.c | 16 ++++++++++++++++ - crypto/err/openssl.txt | 1 + - include/openssl/asn1err.h | 7 +++---- - 4 files changed, 22 insertions(+), 5 deletions(-) - -diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c -index 99a087d..cc0a59c 100644 ---- a/crypto/asn1/asn1_err.c -+++ b/crypto/asn1/asn1_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -49,6 +49,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { - "asn1_item_embed_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), - "asn1_item_embed_new"}, -+ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), - "asn1_item_flags_i2d"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, -diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c -index d600c7a..52a051d 100644 ---- a/crypto/asn1/tasn_enc.c -+++ b/crypto/asn1/tasn_enc.c -@@ -103,9 +103,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); - - case ASN1_ITYPE_MSTRING: -+ /* -+ * It never makes sense for multi-strings to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); -+ return -1; -+ } - return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); - - case ASN1_ITYPE_CHOICE: -+ /* -+ * It never makes sense for CHOICE types to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); -+ return -1; -+ } - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) - return 0; - i = asn1_get_choice_selector(pval, it); -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 2f93221..815460b 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -36,6 +36,7 @@ ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp - ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup - ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i - ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new -+ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d - ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d - ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio - ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp -diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h -index 9070e26..e1ad1fe 100644 ---- a/include/openssl/asn1err.h -+++ b/include/openssl/asn1err.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_ASN1ERR_H - # define HEADER_ASN1ERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # ifdef __cplusplus - extern "C" -@@ -53,6 +51,7 @@ int ERR_load_ASN1_strings(void); - # define ASN1_F_ASN1_ITEM_DUP 191 - # define ASN1_F_ASN1_ITEM_EMBED_D2I 120 - # define ASN1_F_ASN1_ITEM_EMBED_NEW 121 -+# define ASN1_F_ASN1_ITEM_EX_I2D 144 - # define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 - # define ASN1_F_ASN1_ITEM_I2D_BIO 192 - # define ASN1_F_ASN1_ITEM_I2D_FP 193 --- -1.8.3.1 - diff --git a/CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch b/CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch deleted file mode 100644 index 614df6cb5f53dbc137297ad70e706a549dc90635..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch +++ /dev/null @@ -1,372 +0,0 @@ -From 94ece6af0c89d596f9c5221b7df7d6582168c8ba Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Mon, 30 Nov 2020 13:50:52 +0000 -Subject: [PATCH 05/31] Add a test for GENERAL_NAME_cmp - -Based on a boringssl test contributed by David Benjamin - -Reviewed-by: Tomas Mraz ---- - test/v3nametest.c | 344 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 344 insertions(+) - -diff --git a/test/v3nametest.c b/test/v3nametest.c -index 86f3829..4c8af92 100644 ---- a/test/v3nametest.c -+++ b/test/v3nametest.c -@@ -359,8 +359,352 @@ static int call_run_cert(int i) - return failed == 0; - } - -+struct gennamedata { -+ const unsigned char der[22]; -+ size_t derlen; -+} gennames[] = { -+ { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * SEQUENCE {} -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 -+ }, -+ 21 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * [APPLICATION 0] {} -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 -+ }, -+ 21 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * UTF8String { "b" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * BOOLEAN { TRUE } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * BOOLEAN { FALSE } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 -+ }, -+ 22 -+ }, { -+ /* [1 PRIMITIVE] { "a" } */ -+ { -+ 0x81, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [1 PRIMITIVE] { "b" } */ -+ { -+ 0x81, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* [2 PRIMITIVE] { "a" } */ -+ { -+ 0x82, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [2 PRIMITIVE] { "b" } */ -+ { -+ 0x82, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* -+ * [4] { -+ * SEQUENCE { -+ * SET { -+ * SEQUENCE { -+ * # commonName -+ * OBJECT_IDENTIFIER { 2.5.4.3 } -+ * UTF8String { "a" } -+ * } -+ * } -+ * } -+ * } -+ */ -+ { -+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 16 -+ }, { -+ /* -+ * [4] { -+ * SEQUENCE { -+ * SET { -+ * SEQUENCE { -+ * # commonName -+ * OBJECT_IDENTIFIER { 2.5.4.3 } -+ * UTF8String { "b" } -+ * } -+ * } -+ * } -+ * } -+ */ -+ { -+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 16 -+ }, { -+ /* -+ * [5] { -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 7 -+ }, { -+ /* -+ * [5] { -+ * [1] { -+ * UTF8String { "b" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 7 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String {} -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 11 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, -+ 0x61 -+ }, -+ 12 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String { "b" } -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, -+ 0x61 -+ }, -+ 12 -+ }, { -+ /* [6 PRIMITIVE] { "a" } */ -+ { -+ 0x86, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [6 PRIMITIVE] { "b" } */ -+ { -+ 0x86, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* [7 PRIMITIVE] { `11111111` } */ -+ { -+ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 -+ }, -+ 6 -+ }, { -+ /* [7 PRIMITIVE] { `22222222`} */ -+ { -+ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 -+ }, -+ 6 -+ }, { -+ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ -+ { -+ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, -+ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 -+ }, -+ 18 -+ }, { -+ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ -+ { -+ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, -+ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 -+ }, -+ 18 -+ }, { -+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ -+ { -+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, -+ 0xb7, 0x09, 0x02, 0x01 -+ }, -+ 15 -+ }, { -+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ -+ { -+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, -+ 0xb7, 0x09, 0x02, 0x02 -+ }, -+ 15 -+ } -+}; -+ -+static int test_GENERAL_NAME_cmp(void) -+{ -+ size_t i, j; -+ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) -+ * OSSL_NELEM(gennames)); -+ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) -+ * OSSL_NELEM(gennames)); -+ int testresult = 0; -+ -+ if (!TEST_ptr(namesa) || !TEST_ptr(namesb)) -+ goto end; -+ -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ const unsigned char *derp = gennames[i].der; -+ -+ /* -+ * We create two versions of each GENERAL_NAME so that we ensure when -+ * we compare them they are always different pointers. -+ */ -+ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); -+ derp = gennames[i].der; -+ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); -+ if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i])) -+ goto end; -+ } -+ -+ /* Every name should be equal to itself and not equal to any others. */ -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ for (j = 0; j < OSSL_NELEM(gennames); j++) { -+ if (i == j) { -+ if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) -+ goto end; -+ } else { -+ if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) -+ goto end; -+ } -+ } -+ } -+ testresult = 1; -+ -+ end: -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ if (namesa != NULL) -+ GENERAL_NAME_free(namesa[i]); -+ if (namesb != NULL) -+ GENERAL_NAME_free(namesb[i]); -+ } -+ OPENSSL_free(namesa); -+ OPENSSL_free(namesb); -+ -+ return testresult; -+} -+ - int setup_tests(void) - { - ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns)); -+ ADD_TEST(test_GENERAL_NAME_cmp); - return 1; - } --- -1.8.3.1 - diff --git a/CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch b/CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch deleted file mode 100644 index 8569490033edee8dd6780c8c7e9430f26d972c20..0000000000000000000000000000000000000000 --- a/CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 433974af7b188d55b1da049b84f3fdeca320cb6a Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Mon, 30 Nov 2020 14:46:47 +0000 -Subject: [PATCH 06/31] Add a test for encoding/decoding using an invalid ASN.1 - Template - -If you have a CHOICE type that it must use explicit tagging - otherwise -the template is invalid. We add tests for this. - -Reviewed-by: Tomas Mraz ---- - test/asn1_decode_test.c | 36 ++++++++++++++++++++++++++++++++++++ - test/asn1_encode_test.c | 33 +++++++++++++++++++++++++++++++++ - 2 files changed, 69 insertions(+) - -diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c -index 369023d..94a22c6 100644 ---- a/test/asn1_decode_test.c -+++ b/test/asn1_decode_test.c -@@ -160,6 +160,41 @@ static int test_uint64(void) - return 1; - } - -+typedef struct { -+ ASN1_STRING *invalidDirString; -+} INVALIDTEMPLATE; -+ -+ASN1_SEQUENCE(INVALIDTEMPLATE) = { -+ /* -+ * DirectoryString is a CHOICE type so it must use explicit tagging - -+ * but we deliberately use implicit here, which makes this template invalid. -+ */ -+ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) -+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) -+ -+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) -+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) -+ -+/* Empty sequence for invalid template test */ -+static unsigned char t_invalid_template[] = { -+ 0x30, 0x03, /* SEQUENCE tag + length */ -+ 0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */ -+}; -+ -+static int test_invalid_template(void) -+{ -+ const unsigned char *p = t_invalid_template; -+ INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p, -+ sizeof(t_invalid_template)); -+ -+ /* We expect a NULL pointer return */ -+ if (TEST_ptr_null(tmp)) -+ return 1; -+ -+ INVALIDTEMPLATE_free(tmp); -+ return 0; -+} -+ - int setup_tests(void) - { - #if OPENSSL_API_COMPAT < 0x10200000L -@@ -169,5 +204,6 @@ int setup_tests(void) - ADD_TEST(test_uint32); - ADD_TEST(test_int64); - ADD_TEST(test_uint64); -+ ADD_TEST(test_invalid_template); - return 1; - } -diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c -index ed920a4..afbd18b 100644 ---- a/test/asn1_encode_test.c -+++ b/test/asn1_encode_test.c -@@ -856,6 +856,38 @@ static int test_uint64(void) - return test_intern(&uint64_test_package); - } - -+typedef struct { -+ ASN1_STRING *invalidDirString; -+} INVALIDTEMPLATE; -+ -+ASN1_SEQUENCE(INVALIDTEMPLATE) = { -+ /* -+ * DirectoryString is a CHOICE type so it must use explicit tagging - -+ * but we deliberately use implicit here, which makes this template invalid. -+ */ -+ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) -+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) -+ -+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) -+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) -+ -+static int test_invalid_template(void) -+{ -+ INVALIDTEMPLATE *temp = INVALIDTEMPLATE_new(); -+ int ret; -+ -+ if (!TEST_ptr(temp)) -+ return 0; -+ -+ ret = i2d_INVALIDTEMPLATE(temp, NULL); -+ -+ INVALIDTEMPLATE_free(temp); -+ -+ /* We expect the i2d operation to fail */ -+ return ret < 0; -+} -+ -+ - int setup_tests(void) - { - #if OPENSSL_API_COMPAT < 0x10200000L -@@ -866,5 +898,6 @@ int setup_tests(void) - ADD_TEST(test_uint32); - ADD_TEST(test_int64); - ADD_TEST(test_uint64); -+ ADD_TEST(test_invalid_template); - return 1; - } --- -1.8.3.1 - diff --git a/CVE-2021-23840.patch b/CVE-2021-23840.patch deleted file mode 100644 index f9f7bee09393e0af5bd0a6292aad913f8cb3ff3a..0000000000000000000000000000000000000000 --- a/CVE-2021-23840.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 2 Feb 2021 17:17:23 +0000 -Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls - -CVE-2021-23840 - -Reviewed-by: Paul Dale ---- - crypto/err/openssl.txt | 3 ++- - crypto/evp/evp_enc.c | 27 +++++++++++++++++++++++++++ - crypto/evp/evp_err.c | 4 +++- - include/openssl/evperr.h | 7 +++---- - 4 files changed, 35 insertions(+), 6 deletions(-) - -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 815460b..7e17763 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1,4 +1,4 @@ --# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - # - # Licensed under the OpenSSL license (the "License"). You may not use - # this file except in compliance with the License. You can obtain a copy -@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ - operation not supported for this keytype - EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized -+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow - EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers - EVP_R_PBKDF2_ERROR:181:pbkdf2 error - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ -diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index b9b6490..0843caf 100644 ---- a/crypto/evp/evp_enc.c -+++ b/crypto/evp/evp_enc.c -@@ -8,6 +8,7 @@ - */ - - #include -+#include - #include - #include "internal/cryptlib.h" - #include -@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, - return 1; - } else { - j = bl - i; -+ -+ /* -+ * Once we've processed the first j bytes from in, the amount of -+ * data left that is a multiple of the block length is: -+ * (inl - j) & ~(bl - 1) -+ * We must ensure that this amount of data, plus the one block that -+ * we process from ctx->buf does not exceed INT_MAX -+ */ -+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { -+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, -+ EVP_R_OUTPUT_WOULD_OVERFLOW); -+ return 0; -+ } - memcpy(&(ctx->buf[i]), in, j); - inl -= j; - in += j; -@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } -+ /* -+ * final_used is only ever set if buf_len is 0. Therefore the maximum -+ * length output we will ever see from evp_EncryptDecryptUpdate is -+ * the maximum multiple of the block length that is <= inl, or just: -+ * inl & ~(b - 1) -+ * Since final_used has been set then the final output length is: -+ * (inl & ~(b - 1)) + b -+ * This must never exceed INT_MAX -+ */ -+ if ((inl & ~(b - 1)) > INT_MAX - b) { -+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); -+ return 0; -+ } - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; -diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c -index 05481d8..32ac012 100644 ---- a/crypto/evp/evp_err.c -+++ b/crypto/evp/evp_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), - "operaton not initialized"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), -+ "output would overflow"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h -index d2b26ea..b4ea90a 100644 ---- a/include/openssl/evperr.h -+++ b/include/openssl/evperr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_EVPERR_H - # define HEADER_EVPERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # ifdef __cplusplus - extern "C" -@@ -179,6 +177,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 - # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 - # define EVP_R_OPERATON_NOT_INITIALIZED 151 -+# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 - # define EVP_R_PARTIALLY_OVERLAPPING 162 - # define EVP_R_PBKDF2_ERROR 181 - # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 --- -1.8.3.1 - diff --git a/CVE-2021-23841.patch b/CVE-2021-23841.patch deleted file mode 100644 index 87cfdf29f15a7c3233bb642ee7b163c16a3169f9..0000000000000000000000000000000000000000 --- a/CVE-2021-23841.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 122a19ab48091c657f7cb1fb3af9fc07bd557bbf Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 10 Feb 2021 16:10:36 +0000 -Subject: [PATCH] Fix Null pointer deref in X509_issuer_and_serial_hash() - -The OpenSSL public API function X509_issuer_and_serial_hash() attempts -to create a unique hash value based on the issuer and serial number data -contained within an X509 certificate. However it fails to correctly -handle any errors that may occur while parsing the issuer field (which -might occur if the issuer field is maliciously constructed). This may -subsequently result in a NULL pointer deref and a crash leading to a -potential denial of service attack. - -The function X509_issuer_and_serial_hash() is never directly called by -OpenSSL itself so applications are only vulnerable if they use this -function directly and they use it on certificates that may have been -obtained from untrusted sources. - -CVE-2021-23841 - -Reviewed-by: Richard Levitte -Reviewed-by: Paul Dale -(cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0) ---- - crypto/x509/x509_cmp.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c -index c9d8933..a964bbf 100644 ---- a/crypto/x509/x509_cmp.c -+++ b/crypto/x509/x509_cmp.c -@@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) - if (ctx == NULL) - goto err; - f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); -+ if (f == NULL) -+ goto err; - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) - goto err; - if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) --- -1.8.3.1 - diff --git a/CVE-2021-3449.patch b/CVE-2021-3449.patch deleted file mode 100644 index 159e14320f3fd21b557c8e789c314158ff7dcbc6..0000000000000000000000000000000000000000 --- a/CVE-2021-3449.patch +++ /dev/null @@ -1,47 +0,0 @@ -From fb9fa6b51defd48157eeb207f52181f735d96148 Mon Sep 17 00:00:00 2001 -From: Peter Kaestle -Date: Mon, 15 Mar 2021 13:19:56 +0100 -Subject: [PATCH] ssl sigalg extension: fix NULL pointer dereference -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's -possible to crash an openssl tls secured server remotely by sending a -manipulated hello message in a rehandshake. - -On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls -tls12_shared_sigalgs() with the peer_sigalgslen of the previous -handshake, while the peer_sigalgs has been freed. -As a result tls12_shared_sigalgs() walks over the available -peer_sigalgs and tries to access data of a NULL pointer. - -This issue was introduced by c589c34e61 (Add support for the TLS 1.3 -signature_algorithms_cert extension, 2018-01-11). - -Signed-off-by: Peter Kästle -Signed-off-by: Samuel Sapalski - -CVE-2021-3449 - -CLA: trivial - -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell ---- - ssl/statem/extensions.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c -index b055935d697b..4aed508d0f03 100644 ---- a/ssl/statem/extensions.c -+++ b/ssl/statem/extensions.c -@@ -1139,6 +1139,7 @@ static int init_sig_algs(SSL *s, unsigned int context) - /* Clear any signature algorithms extension received */ - OPENSSL_free(s->s3->tmp.peer_sigalgs); - s->s3->tmp.peer_sigalgs = NULL; -+ s->s3->tmp.peer_sigalgslen = 0; - - return 1; - } diff --git a/CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch b/CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch deleted file mode 100644 index 26a3cdc5ba6710bbf6e831ccc8a29574b93caa94..0000000000000000000000000000000000000000 --- a/CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 515ac8b5e544dd713a2b4cabfc54b722d122c218 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 13 Aug 2021 16:58:21 +0100 -Subject: [PATCH] Check the plaintext buffer is large enough when decrypting - SM2 - -Previously there was no check that the supplied buffer was large enough. -It was just assumed to be sufficient. Instead we should check and fail if -not. - -Reviewed-by: Paul Dale -Reviewed-by: Nicola Tuveri - -Reference: https://github.com/openssl/openssl/commit/515ac8b5e544dd713a2b4cabfc54b722d122c218 -Conflict: NA ---- - crypto/sm2/sm2_crypt.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c -index 1188abfc6b..00055a4e51 100644 ---- a/crypto/sm2/sm2_crypt.c -+++ b/crypto/sm2/sm2_crypt.c -@@ -294,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key, - C2 = sm2_ctext->C2->data; - C3 = sm2_ctext->C3->data; - msg_len = sm2_ctext->C2->length; -+ if (*ptext_len < (size_t)msg_len) { -+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); -+ goto done; -+ } - - ctx = BN_CTX_new(); - if (ctx == NULL) { --- -2.23.0 - diff --git a/CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch b/CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch deleted file mode 100644 index d7373cafd81d89cb89e3c885cdc8e5c269831a47..0000000000000000000000000000000000000000 --- a/CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 59f5e75f3bced8fc0e130d72a3f582cf7b480b46 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 13 Aug 2021 14:14:51 +0100 -Subject: [PATCH] Correctly calculate the length of SM2 plaintext given the - ciphertext - -Previously the length of the SM2 plaintext could be incorrectly calculated. -The plaintext length was calculated by taking the ciphertext length and -taking off an "overhead" value. - -The overhead value was assumed to have a "fixed" element of 10 bytes. -This is incorrect since in some circumstances it can be more than 10 bytes. -Additionally the overhead included the length of two integers C1x and C1y, -which were assumed to be the same length as the field size (32 bytes for -the SM2 curve). However in some cases these integers can have an additional -padding byte when the msb is set, to disambiguate them from negative -integers. Additionally the integers can also be less than 32 bytes in -length in some cases. - -If the calculated overhead is incorrect and larger than the actual value -this can result in the calculated plaintext length being too small. -Applications are likely to allocate buffer sizes based on this and therefore -a buffer overrun can occur. - -CVE-2021-3711 - -Issue reported by John Ouyang. - -Reviewed-by: Paul Dale -Reviewed-by: Nicola Tuveri - -Reference: https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46 -Conflict: NA ---- - crypto/sm2/sm2_crypt.c | 23 +++++++---------------- - crypto/sm2/sm2_pmeth.c | 2 +- - include/crypto/sm2.h | 3 +-- - test/sm2_internal_test.c | 2 +- - 4 files changed, 10 insertions(+), 20 deletions(-) - -diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c -index ef505f6441..1188abfc6b 100644 ---- a/crypto/sm2/sm2_crypt.c -+++ b/crypto/sm2/sm2_crypt.c -@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group) - return field_size; - } - --int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, -- size_t *pt_size) -+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) - { -- const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); -- const int md_size = EVP_MD_size(digest); -- size_t overhead; -+ struct SM2_Ciphertext_st *sm2_ctext = NULL; - -- if (md_size < 0) { -- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); -- return 0; -- } -- if (field_size == 0) { -- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); -- return 0; -- } -+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); - -- overhead = 10 + 2 * field_size + (size_t)md_size; -- if (msg_len <= overhead) { -+ if (sm2_ctext == NULL) { - SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); - return 0; - } - -- *pt_size = msg_len - overhead; -+ *pt_size = sm2_ctext->C2->length; -+ SM2_Ciphertext_free(sm2_ctext); -+ - return 1; - } - -diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c -index b42a14c32f..27025fbf3a 100644 ---- a/crypto/sm2/sm2_pmeth.c -+++ b/crypto/sm2/sm2_pmeth.c -@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, - const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; - - if (out == NULL) { -- if (!sm2_plaintext_size(ec, md, inlen, outlen)) -+ if (!sm2_plaintext_size(in, inlen, outlen)) - return -1; - else - return 1; -diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h -index 76ee80baff..50851a83ce 100644 ---- a/include/crypto/sm2.h -+++ b/include/crypto/sm2.h -@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen, - int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *ct_size); - --int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, -- size_t *pt_size); -+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); - - int sm2_encrypt(const EC_KEY *key, - const EVP_MD *digest, -diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c -index 2bb73947ff..41827bb82f 100644 ---- a/test/sm2_internal_test.c -+++ b/test/sm2_internal_test.c -@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group, - if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) - goto done; - -- if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) -+ if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len)) - || !TEST_int_eq(ptext_len, msg_len)) - goto done; - --- -2.23.0 - diff --git a/CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch b/CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch deleted file mode 100644 index fda5a457021d5ba0fda1e49610c8223f4f4403b7..0000000000000000000000000000000000000000 --- a/CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 733fa41c3fc4bcac37f94aa917f7242420f8a5a6 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 13 Aug 2021 14:49:47 +0100 -Subject: [PATCH] Extend tests for SM2 decryption - -Check the case where C1y < 32 bytes in length (i.e. short overhead), and -also the case with longer plaintext and C1x and C1y > 32 bytes in length -(i.e. long overhead) - -Reviewed-by: Paul Dale -Reviewed-by: Nicola Tuveri - -Reference: https://github.com/openssl/openssl/commit/733fa41c3fc4bcac37f94aa917f7242420f8a5a6 -Conflict: NA ---- - test/recipes/30-test_evp_data/evppkey.txt | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt -index 736e0ce4d3..c3947cb000 100644 ---- a/test/recipes/30-test_evp_data/evppkey.txt -+++ b/test/recipes/30-test_evp_data/evppkey.txt -@@ -18444,6 +18444,16 @@ Decrypt = SM2_key1 - Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 - Output = "The floofy bunnies hop at midnight" - -+# Test with an C1y value < 32 bytes in length (self generated) -+Decrypt = SM2_key1 -+Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6 -+Output = "Hello World" -+ -+# Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated) -+Decrypt = SM2_key1 -+Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 -+Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah." -+ - # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface - # is capable of creating a signature without failing, but it does not say - # anything about the generated signature being valid, nor does it test the --- -2.23.0 - diff --git a/CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch b/CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch deleted file mode 100644 index dc9c75781a684bc2679570e4891de489b33018ea..0000000000000000000000000000000000000000 --- a/CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 Mon Sep 17 00:00:00 2001 -From: Ingo Schwarze -Date: Sun, 18 Jul 2021 17:48:06 +0200 -Subject: [PATCH] Fix a read buffer overrun in X509_aux_print(). - -The ASN1_STRING_get0_data(3) manual explitely cautions the reader -that the data is not necessarily NUL-terminated, and the function -X509_alias_set1(3) does not sanitize the data passed into it in any -way either, so we must assume the return value from X509_alias_get0(3) -is merely a byte array and not necessarily a string in the sense -of the C language. - -I found this bug while writing manual pages for X509_print_ex(3) -and related functions. Theo Buehler checked my -patch to fix the same bug in LibreSSL, see - -http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9 - -As an aside, note that the function still produces incomplete and -misleading results when the data contains a NUL byte in the middle -and that error handling is consistently absent throughout, even -though the function provides an "int" return value obviously intended -to be 1 for success and 0 for failure, and even though this function -is called by another function that also wants to return 1 for success -and 0 for failure and even does so in many of its code paths, though -not in others. But let's stay focussed. Many things would be nice -to have in the wide wild world, but a buffer overflow must not be -allowed to remain in our backyard. - -CLA: trivial - -Reviewed-by: Tim Hudson -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/16108) - -(cherry picked from commit c5dc9ab965f2a69bca964c709e648158f3e4cd67) - -Reference: https://github.com/openssl/openssl/commit/d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 -Conflict: NA ---- - crypto/x509/t_x509.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c -index 12d807f705..3ba0b3a045 100644 ---- a/crypto/x509/t_x509.c -+++ b/crypto/x509/t_x509.c -@@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent) - BIO_puts(out, "\n"); - } else - BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); -- alias = X509_alias_get0(x, NULL); -+ alias = X509_alias_get0(x, &i); - if (alias) -- BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); -+ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias); - keyid = X509_keyid_get0(x, &keyidlen); - if (keyid) { - BIO_printf(out, "%*sKey Id: ", indent, ""); --- -2.23.0 - diff --git a/CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch b/CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch deleted file mode 100644 index bb770f1045161a30022219c85637b44d1a032cb9..0000000000000000000000000000000000000000 --- a/CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 94d23fcff9b2a7a8368dfe52214d5c2569882c11 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 19 Aug 2021 12:24:17 +0100 -Subject: [PATCH] Fix EC_GROUP_new_from_ecparameters to check the base length - -Check that there's at least one byte in params->base before trying to -read it. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale - -Reference: https://github.com/openssl/openssl/commit/94d23fcff9b2a7a8368dfe52214d5c2569882c11 -Conflict: NA ---- - crypto/ec/ec_asn1.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c -index 7b7c75ce84..e497a25909 100644 ---- a/crypto/ec/ec_asn1.c -+++ b/crypto/ec/ec_asn1.c -@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) - ret->seed_len = params->curve->seed->length; - } - -- if (!params->order || !params->base || !params->base->data) { -+ if (params->order == NULL -+ || params->base == NULL -+ || params->base->data == NULL -+ || params->base->length == 0) { - ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); - goto err; - } --- -2.23.0 - diff --git a/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch b/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch new file mode 100644 index 0000000000000000000000000000000000000000..b066c77c4f093338e088175dfe4914a2b4e3ae2f --- /dev/null +++ b/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch @@ -0,0 +1,58 @@ +From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:35 +0100 +Subject: [PATCH] Add a negative testcase for BN_mod_sqrt + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +--- + test/bntest.c | 11 ++++++++++- + test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/test/bntest.c b/test/bntest.c +index 390dd80073..1cab660bca 100644 +--- a/test/bntest.c ++++ b/test/bntest.c +@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s) + || !TEST_ptr(ret2 = BN_new())) + goto err; + ++ if (BN_is_negative(mod_sqrt)) { ++ /* A negative testcase */ ++ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) ++ goto err; ++ ++ st = 1; ++ goto err; ++ } ++ + /* There are two possible answers. */ +- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) ++ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) + || !TEST_true(BN_sub(ret2, p, ret))) + goto err; + +diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt +index 5ea4d031f2..e28cc6bfb0 100644 +--- a/test/recipes/10-test_bn_data/bnmod.txt ++++ b/test/recipes/10-test_bn_data/bnmod.txt +@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 + A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 + P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f ++ ++# Negative testcases for BN_mod_sqrt() ++ ++# This one triggers an infinite loop with unfixed implementation ++# It should just fail. ++ModSqrt = -1 ++A = 20a7ee ++P = 460201 ++ ++ModSqrt = -1 ++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed ++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f +-- +2.27.0 + diff --git a/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch b/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch new file mode 100644 index 0000000000000000000000000000000000000000..653b8fba621d07cb8b7a4d1dfff33ceb8a57be91 --- /dev/null +++ b/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch @@ -0,0 +1,69 @@ +From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:21 +0100 +Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() + +The calculation in some cases does not finish for non-prime p. + +This fixes CVE-2022-0778. + +Based on patch by David Benjamin . + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +--- + crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c +index 1723d5ded5..53b0f55985 100644 +--- a/crypto/bn/bn_sqrt.c ++++ b/crypto/bn/bn_sqrt.c +@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */ +-- +2.27.0 + diff --git a/backport-Avoid-using-undefined-value-in-generate_stateless_co.patch b/backport-Avoid-using-undefined-value-in-generate_stateless_co.patch deleted file mode 100644 index fef3cda2f9ccfd8ceafc147af65128df6057b5f2..0000000000000000000000000000000000000000 --- a/backport-Avoid-using-undefined-value-in-generate_stateless_co.patch +++ /dev/null @@ -1,31 +0,0 @@ -From cf2b1d6f11aa7ec4aa909ff1ecb9bee6892285d9 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Mon, 23 Aug 2021 11:11:29 +0200 -Subject: [PATCH] Avoid using undefined value in - generate_stateless_cookie_callback - -Reviewed-by: Paul Yang -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/16381) ---- - apps/s_cb.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/apps/s_cb.c b/apps/s_cb.c -index dee1b2e5b4..d066a423de 100644 ---- a/apps/s_cb.c -+++ b/apps/s_cb.c -@@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - { - unsigned int temp; - int res = generate_cookie_callback(ssl, cookie, &temp); -- *cookie_len = temp; -+ -+ if (res != 0) -+ *cookie_len = temp; - return res; - } - --- - diff --git a/backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch b/backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch deleted file mode 100644 index d1a78b393e2b44e023e7012ca71e404a273d00e5..0000000000000000000000000000000000000000 --- a/backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 19 Aug 2021 12:23:38 +0100 -Subject: [PATCH] Fix NETSCAPE_SPKI_print function to not assume NUL terminated - strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/asn1/t_spki.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c -index 51b56d0aa9..64ee77eeec 100644 ---- a/crypto/asn1/t_spki.c -+++ b/crypto/asn1/t_spki.c -@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) - } - chal = spki->spkac->challenge; - if (chal->length) -- BIO_printf(out, " Challenge String: %s\n", chal->data); -+ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); - i = OBJ_obj2nid(spki->sig_algor.algorithm); - BIO_printf(out, " Signature Algorithm: %s", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); --- - diff --git a/backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch b/backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch deleted file mode 100644 index 7424c111489340a2bc9da8d88a5b1208fe2dcb08..0000000000000000000000000000000000000000 --- a/backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5f54e57406ca17731b9ade3afd561d3c652e07f2 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 18 Aug 2021 12:31:38 +0100 -Subject: [PATCH] Fix POLICYINFO printing to not assume NUL terminated strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/x509v3/v3_cpols.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c -index 1d12c89912..861e8455dd 100644 ---- a/crypto/x509v3/v3_cpols.c -+++ b/crypto/x509v3/v3_cpols.c -@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch (OBJ_obj2nid(qualinfo->pqualid)) { - case NID_id_qt_cps: -- BIO_printf(out, "%*sCPS: %s\n", indent, "", -+ BIO_printf(out, "%*sCPS: %.*s\n", indent, "", -+ qualinfo->d.cpsuri->length, - qualinfo->d.cpsuri->data); - break; - -@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) - if (notice->noticeref) { - NOTICEREF *ref; - ref = notice->noticeref; -- BIO_printf(out, "%*sOrganization: %s\n", indent, "", -+ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", -+ ref->organization->length, - ref->organization->data); - BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); -@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) - BIO_puts(out, "\n"); - } - if (notice->exptext) -- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", -+ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", -+ notice->exptext->length, - notice->exptext->data); - } - --- - diff --git a/backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch b/backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch deleted file mode 100644 index ac58d331441481dccbc26fceca0f76289da0a262..0000000000000000000000000000000000000000 --- a/backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch +++ /dev/null @@ -1,53 +0,0 @@ -From bb4d2ed4091408404e18b3326e3df67848ef63d0 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 18 Aug 2021 17:58:23 +0100 -Subject: [PATCH] Fix append_ia5 function to not assume NUL terminated strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/x509v3/v3_utl.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c -index 004ef55df9..513dc68b08 100644 ---- a/crypto/x509v3/v3_utl.c -+++ b/crypto/x509v3/v3_utl.c -@@ -528,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email - /* First some sanity checks */ - if (email->type != V_ASN1_IA5STRING) - return 1; -- if (!email->data || !email->length) -+ if (email->data == NULL || email->length == 0) -+ return 1; -+ if (memchr(email->data, 0, email->length) != NULL) - return 1; - if (*sk == NULL) - *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (*sk == NULL) - return 0; -+ -+ emtmp = OPENSSL_strndup((char *)email->data, email->length); -+ if (emtmp == NULL) -+ return 0; -+ - /* Don't add duplicates */ -- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) -+ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { -+ OPENSSL_free(emtmp); - return 1; -- emtmp = OPENSSL_strdup((char *)email->data); -- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { -- OPENSSL_free(emtmp); /* free on push failure */ -+ } -+ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { -+ OPENSSL_free(emtmp); /* free on push failure */ - X509_email_free(*sk); - *sk = NULL; - return 0; --- - diff --git a/backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch b/backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch deleted file mode 100644 index 3953f5e9fea6ed346bd3d03712f1c971ff179268..0000000000000000000000000000000000000000 --- a/backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 174ba8048a7f2f5e1fca31cfb93b1730d9db8300 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 18 Aug 2021 12:24:22 +0100 -Subject: [PATCH] Fix i2v_GENERAL_NAME to not assume NUL terminated strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/x509v3/v3_alt.c | 10 +++++++--- - crypto/x509v3/v3_utl.c | 38 ++++++++++++++++++++++++++++++++------ - include/crypto/x509.h | 5 +++++ - 3 files changed, 44 insertions(+), 9 deletions(-) - -diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c -index 4dce004101..6e5f9f8b0e 100644 ---- a/crypto/x509v3/v3_alt.c -+++ b/crypto/x509v3/v3_alt.c -@@ -9,6 +9,7 @@ - - #include - #include "internal/cryptlib.h" -+#include "crypto/x509.h" - #include - #include - #include "ext_dat.h" -@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - break; - - case GEN_EMAIL: -- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) -+ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, -+ gen->d.ia5->length, &ret)) - return NULL; - break; - - case GEN_DNS: -- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) -+ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, -+ gen->d.ia5->length, &ret)) - return NULL; - break; - - case GEN_URI: -- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) -+ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, -+ gen->d.ia5->length, &ret)) - return NULL; - break; - -diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c -index 7281a7b917..004ef55df9 100644 ---- a/crypto/x509v3/v3_utl.c -+++ b/crypto/x509v3/v3_utl.c -@@ -12,6 +12,7 @@ - #include "e_os.h" - #include "internal/cryptlib.h" - #include -+#include - #include "crypto/ctype.h" - #include - #include -@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); - - /* Add a CONF_VALUE name value pair to stack */ - --int X509V3_add_value(const char *name, const char *value, -- STACK_OF(CONF_VALUE) **extlist) -+static int x509v3_add_len_value(const char *name, const char *value, -+ size_t vallen, STACK_OF(CONF_VALUE) **extlist) - { - CONF_VALUE *vtmp = NULL; - char *tname = NULL, *tvalue = NULL; - int sk_allocated = (*extlist == NULL); - -- if (name && (tname = OPENSSL_strdup(name)) == NULL) -- goto err; -- if (value && (tvalue = OPENSSL_strdup(value)) == NULL) -+ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) - goto err; -+ if (value != NULL && vallen > 0) { -+ /* -+ * We tolerate a single trailing NUL character, but otherwise no -+ * embedded NULs -+ */ -+ if (memchr(value, 0, vallen - 1) != NULL) -+ goto err; -+ tvalue = OPENSSL_strndup(value, vallen); -+ if (tvalue == NULL) -+ goto err; -+ } - if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) - goto err; - if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) -@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value, - return 0; - } - -+int X509V3_add_value(const char *name, const char *value, -+ STACK_OF(CONF_VALUE) **extlist) -+{ -+ return x509v3_add_len_value(name, value, -+ value != NULL ? strlen((const char *)value) : 0, -+ extlist); -+} -+ - int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist) - { -- return X509V3_add_value(name, (const char *)value, extlist); -+ return x509v3_add_len_value(name, (const char *)value, -+ value != NULL ? strlen((const char *)value) : 0, -+ extlist); -+} -+ -+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, -+ size_t vallen, STACK_OF(CONF_VALUE) **extlist) -+{ -+ return x509v3_add_len_value(name, (const char *)value, vallen, extlist); - } - - /* Free function for STACK_OF(CONF_VALUE) */ -diff --git a/include/crypto/x509.h b/include/crypto/x509.h -index b53c2b03c3..7ffb8abfe7 100644 ---- a/include/crypto/x509.h -+++ b/include/crypto/x509.h -@@ -8,6 +8,8 @@ - */ - - #include "internal/refcount.h" -+#include -+#include - - /* Internal X509 structures and functions: not for application use */ - -@@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); - int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); - - void x509_init_sig_info(X509 *x); -+ -+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, -+ size_t vallen, STACK_OF(CONF_VALUE) **extlist); --- - diff --git a/backport-Fix-potential-double-free.patch b/backport-Fix-potential-double-free.patch deleted file mode 100644 index d1977f3f083444bfb4b0af2bd96bad2fb670938b..0000000000000000000000000000000000000000 --- a/backport-Fix-potential-double-free.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 75a4f263ba9d3ec1e9d55ca5024aee62aec70475 Mon Sep 17 00:00:00 2001 -From: Todd Short -Date: Fri, 13 Aug 2021 09:59:59 -0400 -Subject: [PATCH] Fix potential double-free - -The `sk` variable is assigned to `s->session->peer_chain`. -If `ssl3_digest_cached_records()` were to fail, then `sk` would still be -non-NULL, and subsequently freed on the error return. When the session -is freed, it will then attempt to free `s->session->peer_chain`, -resulting in a double-free (of `sk`). - -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/16309) - -(cherry picked from commit 0449702abc95a3af24c049cb02c01ca6a8015cef) ---- - ssl/statem/statem_srvr.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index 30d20f1297..d701c46b43 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -3753,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) - - sk_X509_pop_free(s->session->peer_chain, X509_free); - s->session->peer_chain = sk; -+ sk = NULL; - - /* - * Freeze the handshake buffer. For -Date: Wed, 18 Aug 2021 14:02:40 +0100 -Subject: [PATCH] Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL - terminated strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/x509v3/v3_pci.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c -index 3d124fa6d9..98b6ef25e2 100644 ---- a/crypto/x509v3/v3_pci.c -+++ b/crypto/x509v3/v3_pci.c -@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, - i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); - BIO_puts(out, "\n"); - if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) -- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", -+ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", -+ pci->proxyPolicy->policy->length, - pci->proxyPolicy->policy->data); - return 1; - } --- - diff --git a/backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch b/backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch deleted file mode 100644 index becd2c5babba28bfb6c84085dcbb7db628f8554a..0000000000000000000000000000000000000000 --- a/backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch +++ /dev/null @@ -1,189 +0,0 @@ -From 8393de42498f8be75cf0353f5c9f906a43a748d2 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 18 Aug 2021 17:08:58 +0100 -Subject: [PATCH] Fix the name constraints code to not assume NUL terminated - strings - -ASN.1 strings may not be NUL terminated. Don't assume they are. - -CVE-2021-3712 - -Reviewed-by: Viktor Dukhovni -Reviewed-by: Paul Dale ---- - crypto/x509v3/v3_ncons.c | 77 +++++++++++++++++++++++++++------------- - 1 file changed, 52 insertions(+), 25 deletions(-) - -diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c -index 2a7b4f0992..cb701c4d84 100644 ---- a/crypto/x509v3/v3_ncons.c -+++ b/crypto/x509v3/v3_ncons.c -@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - -+ -+#define IA5_OFFSET_LEN(ia5base, offset) \ -+ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) -+ -+/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the -+ * starting point to search from -+ */ -+# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) -+ -+/* Like memrrchr but for ASN1_IA5STRING */ -+static char *ia5memrchr(ASN1_IA5STRING *str, int c) -+{ -+ int i; -+ -+ for (i = str->length; i > 0 && str->data[i - 1] != c; i--); -+ -+ if (i == 0) -+ return NULL; -+ -+ return (char *)&str->data[i - 1]; -+} -+ - /* -- * We cannot use strncasecmp here because that applies locale specific rules. -+ * We cannot use strncasecmp here because that applies locale specific rules. It -+ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. - * For example in Turkish 'I' is not the uppercase character for 'i'. We need to - * do a simple ASCII case comparison ignoring the locale (that is why we use - * numeric constants below). -@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n) - - /* c1 > c2 */ - return 1; -- } else if (*s1 == 0) { -- /* If we get here we know that *s2 == 0 too */ -- return 0; - } - } - - return 0; - } - --static int ia5casecmp(const char *s1, const char *s2) --{ -- return ia5ncasecmp(s1, s2, SIZE_MAX); --} -- - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { -@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) - --utf8_length; - - /* Reject *embedded* NULs */ -- if ((size_t)utf8_length != strlen((char *)utf8_value)) { -+ if (memchr(utf8_value, 0, utf8_length) != NULL) { - OPENSSL_free(utf8_value); - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - } -@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) - { - char *baseptr = (char *)base->data; - char *dnsptr = (char *)dns->data; -+ - /* Empty matches everything */ -- if (!*baseptr) -+ if (base->length == 0) - return X509_V_OK; -+ -+ if (dns->length < base->length) -+ return X509_V_ERR_PERMITTED_VIOLATION; -+ - /* - * Otherwise can add zero or more components on the left so compare RHS - * and if dns is longer and expect '.' as preceding character. -@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) - return X509_V_ERR_PERMITTED_VIOLATION; - } - -- if (ia5casecmp(baseptr, dnsptr)) -+ if (ia5ncasecmp(baseptr, dnsptr, base->length)) - return X509_V_ERR_PERMITTED_VIOLATION; - - return X509_V_OK; -@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) - { - const char *baseptr = (char *)base->data; - const char *emlptr = (char *)eml->data; -+ const char *baseat = ia5memrchr(base, '@'); -+ const char *emlat = ia5memrchr(eml, '@'); -+ size_t basehostlen, emlhostlen; - -- const char *baseat = strchr(baseptr, '@'); -- const char *emlat = strchr(emlptr, '@'); - if (!emlat) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: initial '.' is RHS match */ -- if (!baseat && (*baseptr == '.')) { -+ if (!baseat && base->length > 0 && (*baseptr == '.')) { - if (eml->length > base->length) { - emlptr += eml->length - base->length; -- if (ia5casecmp(baseptr, emlptr) == 0) -+ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) - return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; -@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) - baseptr = baseat + 1; - } - emlptr = emlat + 1; -+ basehostlen = IA5_OFFSET_LEN(base, baseptr); -+ emlhostlen = IA5_OFFSET_LEN(eml, emlptr); - /* Just have hostname left to match: case insensitive */ -- if (ia5casecmp(baseptr, emlptr)) -+ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) - return X509_V_ERR_PERMITTED_VIOLATION; - - return X509_V_OK; -@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - { - const char *baseptr = (char *)base->data; - const char *hostptr = (char *)uri->data; -- const char *p = strchr(hostptr, ':'); -+ const char *p = ia5memchr(uri, (char *)uri->data, ':'); - int hostlen; -+ - /* Check for foo:// and skip past it */ -- if (!p || (p[1] != '/') || (p[2] != '/')) -+ if (p == NULL -+ || IA5_OFFSET_LEN(uri, p) < 3 -+ || p[1] != '/' -+ || p[2] != '/') - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - hostptr = p + 3; - -@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - - /* Look for a port indicator as end of hostname first */ - -- p = strchr(hostptr, ':'); -+ p = ia5memchr(uri, hostptr, ':'); - /* Otherwise look for trailing slash */ -- if (!p) -- p = strchr(hostptr, '/'); -+ if (p == NULL) -+ p = ia5memchr(uri, hostptr, '/'); - -- if (!p) -- hostlen = strlen(hostptr); -+ if (p == NULL) -+ hostlen = IA5_OFFSET_LEN(uri, hostptr); - else - hostlen = p - hostptr; - -@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - - /* Special case: initial '.' is RHS match */ -- if (*baseptr == '.') { -+ if (base->length > 0 && *baseptr == '.') { - if (hostlen > base->length) { - p = hostptr + hostlen - base->length; - if (ia5ncasecmp(p, baseptr, base->length) == 0) --- - diff --git a/backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch b/backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch deleted file mode 100644 index d470ea84887193d67b18d7d9a43834766d5fa094..0000000000000000000000000000000000000000 --- a/backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 9d868840b821fddf895e3bf6b589ecf6be7b1b13 Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Tue, 17 Aug 2021 13:19:32 +1000 -Subject: [PATCH] pkcs12: check for zero length digest to avoid division by - zero - -Fixes #16331 - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Kurt Roeckx -(Merged from https://github.com/openssl/openssl/pull/16333) ---- - crypto/pkcs12/p12_key.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c -index ab31a61295..b814f79216 100644 ---- a/crypto/pkcs12/p12_key.c -+++ b/crypto/pkcs12/p12_key.c -@@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - #endif - v = EVP_MD_block_size(md_type); - u = EVP_MD_size(md_type); -- if (u < 0 || v <= 0) -+ if (u <= 0 || v <= 0) - goto err; - D = OPENSSL_malloc(v); - Ai = OPENSSL_malloc(u); --- - diff --git a/bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch b/bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch deleted file mode 100644 index ea54d4fdf756d17055798160b2c168b242f83a52..0000000000000000000000000000000000000000 --- a/bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 61b0fead5e6079ca826594df5b9ca00e65883cb0 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 19 Nov 2020 13:58:21 +0000 -Subject: [PATCH] Don't Overflow when printing Thawte Strong Extranet Version - -When printing human readable info on the Thawte Strong Extranet extension -the version number could overflow if the version number == LONG_MAX. This -is undefined behaviour. - -Issue found by OSSFuzz. - -Reviewed-by: Ben Kaduk -(Merged from https://github.com/openssl/openssl/pull/13452) ---- - crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++--- - 1 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c -index 76f5eafc73..6e2b796a38 100644 ---- a/crypto/x509v3/v3_sxnet.c -+++ b/crypto/x509v3/v3_sxnet.c -@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) - static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) - { -- long v; -+ int64_t v; - char *tmp; - SXNETID *id; - int i; -- v = ASN1_INTEGER_get(sx->version); -- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); -+ -+ /* -+ * Since we add 1 to the version number to display it, we don't support -+ * LONG_MAX since that would cause on overflow. -+ */ -+ if (!ASN1_INTEGER_get_int64(&v, sx->version) -+ || v >= LONG_MAX -+ || v < LONG_MIN) { -+ BIO_printf(out, "%*sVersion: ", indent, ""); -+ } else { -+ long vl = (long)v; -+ -+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); -+ } - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - --- -2.23.0 - diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch index d82530d4438631287d2fd0ad8714d27ee69ad085..c0ef62b786490e364cf7f213505d4e6c2d878f02 100644 --- a/openssl-1.1.1-build.patch +++ b/openssl-1.1.1-build.patch @@ -1,28 +1,7 @@ -#diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl -#--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200 -#+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200 -#@@ -680,7 +680,7 @@ uninstall_runtime: -# install_man_docs: -# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) -# @$(ECHO) "*** Installing manpages" -#- $(PERL) $(SRCDIR)/util/process_docs.pl \ -#+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ -# --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) -# -# uninstall_man_docs: -#@@ -692,7 +692,7 @@ uninstall_man_docs: -# install_html_docs: -# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) -# @$(ECHO) "*** Installing HTML manpages" -#- $(PERL) $(SRCDIR)/util/process_docs.pl \ -#+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ -# --destdir=$(DESTDIR)$(HTMLDIR) --type=html -# -# uninstall_html_docs: -diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf ---- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200 -+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200 -@@ -693,6 +693,7 @@ my %targets = ( +diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf +--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200 ++++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200 +@@ -678,6 +678,7 @@ my %targets = ( cxxflags => add("-m64"), lib_cppflags => add("-DL_ENDIAN"), perlasm_scheme => "linux64le", @@ -30,7 +9,7 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8 }, "linux-armv4" => { -@@ -733,6 +734,7 @@ my %targets = ( +@@ -718,6 +719,7 @@ my %targets = ( "linux-aarch64" => { inherit_from => [ "linux-generic64", asm("aarch64_asm") ], perlasm_scheme => "linux64", @@ -38,3 +17,24 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8 }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], +diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200 ++++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200 +@@ -823,7 +823,7 @@ uninstall_runtime_libs: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -835,7 +835,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html + + uninstall_html_docs: diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index c17f6e837b9b53bcd3c07c67d39a6e3bdeacb20e..aa3d33d16d79d0b26531e55b8a744b1317df1f93 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,18 +1,18 @@ -diff -up openssl-1.1.1e/apps/pkcs12.c.fips openssl-1.1.1e/apps/pkcs12.c ---- openssl-1.1.1e/apps/pkcs12.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/apps/pkcs12.c 2020-03-17 17:30:52.020567497 +0100 -@@ -127,7 +127,7 @@ int pkcs12_main(int argc, char **argv) +diff -up openssl-1.1.1j/apps/pkcs12.c.fips openssl-1.1.1j/apps/pkcs12.c +--- openssl-1.1.1j/apps/pkcs12.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/apps/pkcs12.c 2021-03-03 12:57:42.194734484 +0100 +@@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; - # ifndef OPENSSL_NO_RC2 + #ifndef OPENSSL_NO_RC2 - int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC; - # else + #else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - # endif -diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c ---- openssl-1.1.1e/apps/speed.c.fips 2020-03-17 17:30:51.997567897 +0100 -+++ openssl-1.1.1e/apps/speed.c 2020-03-17 17:30:52.021567479 +0100 + #endif +diff -up openssl-1.1.1j/apps/speed.c.fips openssl-1.1.1j/apps/speed.c +--- openssl-1.1.1j/apps/speed.c.fips 2021-03-03 12:57:42.185734409 +0100 ++++ openssl-1.1.1j/apps/speed.c 2021-03-03 12:57:42.195734492 +0100 @@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { @@ -163,10 +163,10 @@ diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure ---- openssl-1.1.1e/Configure.fips 2020-03-17 17:30:52.015567584 +0100 -+++ openssl-1.1.1e/Configure 2020-03-17 17:30:52.022567462 +0100 -@@ -319,7 +319,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.1j/Configure.fips openssl-1.1.1j/Configure +--- openssl-1.1.1j/Configure.fips 2021-03-03 12:57:42.192734467 +0100 ++++ openssl-1.1.1j/Configure 2021-03-03 12:57:42.195734492 +0100 +@@ -329,7 +329,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", @@ -175,9 +175,9 @@ diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/cmac/cm_pmeth.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1j/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c 2021-03-03 12:57:42.195734492 +0100 @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -187,9 +187,9 @@ diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err.c ---- openssl-1.1.1e/crypto/dh/dh_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_err.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_err.c.fips openssl-1.1.1j/crypto/dh/dh_err.c +--- openssl-1.1.1j/crypto/dh/dh_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_err.c 2021-03-03 12:57:42.195734492 +0100 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -215,9 +215,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err. {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen.c ---- openssl-1.1.1e/crypto/dh/dh_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_gen.c 2020-03-17 18:03:31.005320382 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips openssl-1.1.1j/crypto/dh/dh_gen.c +--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 12:57:42.195734492 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -261,9 +261,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key.c ---- openssl-1.1.1e/crypto/dh/dh_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_key.c 2020-03-17 18:03:52.706940641 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips openssl-1.1.1j/crypto/dh/dh_key.c +--- openssl-1.1.1j/crypto/dh/dh_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 13:02:45.963247596 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_local.h" @@ -274,22 +274,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); - - int DH_generate_key(DH *dh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - return dh->meth->generate_key(dh); - } +@@ -34,6 +37,13 @@ int DH_compute_key(unsigned char *key, c + int ret = 0, i; + volatile size_t npad = 0, mask = 1; - int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { @@ -297,18 +285,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. + return 0; + } +#endif - return dh->meth->compute_key(key, pub_key, dh); - } - - int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - int rv, pad; -- rv = dh->meth->compute_key(key, pub_key, dh); -+ rv = DH_compute_key(key, pub_key, dh); - if (rv <= 0) - return rv; - pad = BN_num_bytes(dh->p) - rv; -@@ -82,6 +99,14 @@ static int generate_key(DH *dh) + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; +@@ -109,6 +119,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -323,7 +303,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke +@@ -206,6 +224,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -337,7 +317,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -255,6 +280,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -347,9 +327,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pmeth.c ---- openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_pmeth.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips openssl-1.1.1j/crypto/dh/dh_pmeth.c +--- openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -368,9 +348,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pm pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_err.c ---- openssl-1.1.1e/crypto/dsa/dsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_err.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_err.c.fips openssl-1.1.1j/crypto/dsa/dsa_err.c +--- openssl-1.1.1j/crypto/dsa/dsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_err.c 2021-03-03 12:57:42.196734500 +0100 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -402,9 +382,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_gen.c ---- openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_gen.c 2020-03-17 18:02:14.626656877 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips openssl-1.1.1j/crypto/dsa/dsa_gen.c +--- openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_gen.c 2021-03-03 12:57:42.196734500 +0100 @@ -22,12 +22,22 @@ #include #include @@ -566,9 +546,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_key.c ---- openssl-1.1.1e/crypto/dsa/dsa_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_key.c 2020-03-17 18:02:51.103018604 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_key.c.fips openssl-1.1.1j/crypto/dsa/dsa_key.c +--- openssl-1.1.1j/crypto/dsa/dsa_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_key.c 2021-03-03 12:57:42.196734500 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_local.h" @@ -648,9 +628,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_ossl.c 2020-03-19 17:11:22.037994064 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1j/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,9 @@ #include #include "dsa_local.h" @@ -710,9 +690,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_pmeth.c 2020-03-17 17:30:52.025567409 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1j/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -733,9 +713,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/ds pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips 2020-03-17 17:30:52.025567409 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdh_ossl.c 2020-03-17 18:01:24.704530440 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdh_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -19,9 +19,20 @@ #include #include "ec_local.h" @@ -757,9 +737,9 @@ diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-17 18:01:41.642234061 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,10 @@ #include "crypto/bn.h" #include "ec_local.h" @@ -799,10 +779,10 @@ diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key.c ---- openssl-1.1.1e/crypto/ec/ec_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_key.c 2020-03-17 17:30:52.026567392 +0100 -@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY +diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips openssl-1.1.1j/crypto/ec/ec_key.c +--- openssl-1.1.1j/crypto/ec/ec_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 12:57:42.196734500 +0100 +@@ -179,14 +179,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -867,9 +847,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pmeth.c ---- openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_pmeth.c 2020-03-17 17:30:52.026567392 +0100 +diff -up openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips openssl-1.1.1j/crypto/ec/ec_pmeth.c +--- openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_pmeth.c 2021-03-03 12:57:42.197734509 +0100 @@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { @@ -879,131 +859,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c ---- openssl-1.1.1e/crypto/evp/c_allc.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/c_allc.c 2020-03-17 17:30:52.027567375 +0100 -@@ -17,6 +17,9 @@ - void openssl_add_all_ciphers_int(void) - { - -+#ifdef OPENSSL_FIPS -+ if (!FIPS_mode()) { -+#endif - #ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_cfb1()); -@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_chacha20_poly1305()); - # endif - #endif -+#ifdef OPENSSL_FIPS -+ } else { -+# ifndef OPENSSL_NO_DES -+ EVP_add_cipher(EVP_des_ede3_cfb()); -+ -+ EVP_add_cipher(EVP_des_ede3_ofb()); -+ -+ EVP_add_cipher(EVP_des_ede3_cbc()); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); -+ -+ EVP_add_cipher(EVP_des_ede3()); -+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); -+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); -+ EVP_add_cipher(EVP_des_ede3_wrap()); -+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); -+# endif -+ -+# ifndef OPENSSL_NO_AES -+ EVP_add_cipher(EVP_aes_128_ecb()); -+ EVP_add_cipher(EVP_aes_128_cbc()); -+ EVP_add_cipher(EVP_aes_128_cfb()); -+ EVP_add_cipher(EVP_aes_128_cfb1()); -+ EVP_add_cipher(EVP_aes_128_cfb8()); -+ EVP_add_cipher(EVP_aes_128_ofb()); -+ EVP_add_cipher(EVP_aes_128_ctr()); -+ EVP_add_cipher(EVP_aes_128_gcm()); -+ EVP_add_cipher(EVP_aes_128_xts()); -+ EVP_add_cipher(EVP_aes_128_ccm()); -+ EVP_add_cipher(EVP_aes_128_wrap()); -+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); -+ EVP_add_cipher(EVP_aes_128_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); -+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); -+ EVP_add_cipher(EVP_aes_192_ecb()); -+ EVP_add_cipher(EVP_aes_192_cbc()); -+ EVP_add_cipher(EVP_aes_192_cfb()); -+ EVP_add_cipher(EVP_aes_192_cfb1()); -+ EVP_add_cipher(EVP_aes_192_cfb8()); -+ EVP_add_cipher(EVP_aes_192_ofb()); -+ EVP_add_cipher(EVP_aes_192_ctr()); -+ EVP_add_cipher(EVP_aes_192_gcm()); -+ EVP_add_cipher(EVP_aes_192_ccm()); -+ EVP_add_cipher(EVP_aes_192_wrap()); -+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); -+ EVP_add_cipher(EVP_aes_192_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); -+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); -+ EVP_add_cipher(EVP_aes_256_ecb()); -+ EVP_add_cipher(EVP_aes_256_cbc()); -+ EVP_add_cipher(EVP_aes_256_cfb()); -+ EVP_add_cipher(EVP_aes_256_cfb1()); -+ EVP_add_cipher(EVP_aes_256_cfb8()); -+ EVP_add_cipher(EVP_aes_256_ofb()); -+ EVP_add_cipher(EVP_aes_256_ctr()); -+ EVP_add_cipher(EVP_aes_256_gcm()); -+ EVP_add_cipher(EVP_aes_256_xts()); -+ EVP_add_cipher(EVP_aes_256_ccm()); -+ EVP_add_cipher(EVP_aes_256_wrap()); -+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); -+ EVP_add_cipher(EVP_aes_256_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); -+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -+# endif -+ } -+#endif - } -diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c ---- openssl-1.1.1e/crypto/evp/c_alld.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/c_alld.c 2020-03-17 17:30:52.027567375 +0100 -@@ -16,6 +16,9 @@ - - void openssl_add_all_digests_int(void) - { -+#ifdef OPENSSL_FIPS -+ if (!FIPS_mode()) { -+#endif - #ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); - #endif -@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void) - EVP_add_digest(EVP_sha3_512()); - EVP_add_digest(EVP_shake128()); - EVP_add_digest(EVP_shake256()); -+#ifdef OPENSSL_FIPS -+ } else { -+ EVP_add_digest(EVP_md5_sha1()); -+ EVP_add_digest(EVP_sha1()); -+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+ EVP_add_digest(EVP_sha512_224()); -+ EVP_add_digest(EVP_sha512_256()); -+ EVP_add_digest(EVP_sha3_224()); -+ EVP_add_digest(EVP_sha3_256()); -+ EVP_add_digest(EVP_sha3_384()); -+ EVP_add_digest(EVP_sha3_512()); -+ EVP_add_digest(EVP_shake128()); -+ EVP_add_digest(EVP_shake256()); -+ } -+#endif - } -diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c ---- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100 +diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/digest.c +--- openssl-1.1.1j/crypto/evp/digest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/digest.c 2021-03-03 12:57:42.197734509 +0100 @@ -14,6 +14,9 @@ #include #include "crypto/evp.h" @@ -1064,9 +922,9 @@ diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes.c ---- openssl-1.1.1e/crypto/evp/e_aes.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_aes.c 2020-03-17 17:30:52.028567357 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_aes.c.fips openssl-1.1.1j/crypto/evp/e_aes.c +--- openssl-1.1.1j/crypto/evp/e_aes.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_aes.c 2021-03-03 12:57:42.197734509 +0100 @@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. @@ -1189,9 +1047,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des3.c ---- openssl-1.1.1e/crypto/evp/e_des3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_des3.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_des3.c.fips openssl-1.1.1j/crypto/evp/e_des3.c +--- openssl-1.1.1j/crypto/evp/e_des3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_des3.c 2021-03-03 12:57:42.197734509 +0100 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1218,9 +1076,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_null.c ---- openssl-1.1.1e/crypto/evp/e_null.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_null.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_null.c.fips openssl-1.1.1j/crypto/evp/e_null.c +--- openssl-1.1.1j/crypto/evp/e_null.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_null.c 2021-03-03 12:57:42.197734509 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1231,10 +1089,10 @@ diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_enc.c ---- openssl-1.1.1e/crypto/evp/evp_enc.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_enc.c 2020-03-17 17:39:52.663129373 +0100 -@@ -17,9 +17,18 @@ +diff -up openssl-1.1.1j/crypto/evp/evp_enc.c.fips openssl-1.1.1j/crypto/evp/evp_enc.c +--- openssl-1.1.1j/crypto/evp/evp_enc.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_enc.c 2021-03-03 12:57:42.197734509 +0100 +@@ -18,9 +18,18 @@ #include #include "crypto/evp.h" #include "evp_local.h" @@ -1253,7 +1111,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (c == NULL) return 1; if (c->cipher != NULL) { -@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX +@@ -40,6 +49,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -1266,7 +1124,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -68,6 +83,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1279,7 +1137,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -137,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1288,7 +1146,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -196,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1307,9 +1165,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_err.c ---- openssl-1.1.1e/crypto/evp/evp_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_err.c.fips openssl-1.1.1j/crypto/evp/evp_err.c +--- openssl-1.1.1j/crypto/evp/evp_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 12:57:42.198734517 +0100 @@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), "aes_t4_xts_init_key"}, @@ -1326,7 +1184,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -249,6 +251,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -251,6 +253,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1334,7 +1192,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -274,6 +277,8 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -276,6 +279,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, @@ -1343,9 +1201,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), "xts duplicated keys"}, {0, NULL} -diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_lib.c ---- openssl-1.1.1e/crypto/evp/evp_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_lib.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_lib.c.fips openssl-1.1.1j/crypto/evp/evp_lib.c +--- openssl-1.1.1j/crypto/evp/evp_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1356,9 +1214,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha1.c ---- openssl-1.1.1e/crypto/evp/m_sha1.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha1.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha1.c.fips openssl-1.1.1j/crypto/evp/m_sha1.c +--- openssl-1.1.1j/crypto/evp/m_sha1.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha1.c 2021-03-03 12:57:42.198734517 +0100 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1422,9 +1280,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha3.c ---- openssl-1.1.1e/crypto/evp/m_sha3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha3.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha3.c.fips openssl-1.1.1j/crypto/evp/m_sha3.c +--- openssl-1.1.1j/crypto/evp/m_sha3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha3.c 2021-03-03 12:57:42.198734517 +0100 @@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ @@ -1479,9 +1337,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pmeth_lib.c ---- openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/pmeth_lib.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips openssl-1.1.1j/crypto/evp/pmeth_lib.c +--- openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/pmeth_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1498,9 +1356,9 @@ diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pm if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/build.info ---- openssl-1.1.1e/crypto/fips/build.info.fips 2020-03-17 17:30:52.032567287 +0100 -+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-17 17:30:52.032567287 +0100 +diff -up openssl-1.1.1j/crypto/fips/build.info.fips openssl-1.1.1j/crypto/fips/build.info +--- openssl-1.1.1j/crypto/fips/build.info.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/build.info 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1517,9 +1375,9 @@ diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_aes_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_aes_selftest.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1893,9 +1751,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.c ---- openssl-1.1.1e/crypto/fips/fips.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips.c.fips openssl-1.1.1j/crypto/fips/fips.c +--- openssl-1.1.1j/crypto/fips/fips.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2303,7 +2161,7 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips. + rv = 0; + + /* Installed == true */ -+ return !rv; ++ return !rv || FIPS_module_mode(); +} + +int FIPS_module_mode_set(int onoff) @@ -2423,9 +2281,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2583,9 +2441,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/cry + return rv; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_des_selftest.c 2020-03-17 17:30:52.034567253 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_des_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2720,9 +2578,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips 2020-03-17 17:30:52.038567183 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dh_selftest.c 2020-03-17 17:30:52.038567183 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dh_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2904,9 +2762,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypt + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips 2020-03-17 17:30:52.040567148 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c 2020-03-17 17:30:52.039567165 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3314,9 +3172,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/f + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips 2020-03-17 17:30:52.041567130 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hash.c 2020-03-17 17:30:52.040567148 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hash.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3672,9 +3530,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips 2020-03-17 17:30:52.042567113 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c 2020-03-17 17:30:52.042567113 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3938,9 +3796,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips 2020-03-17 17:30:52.043567095 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_lib.c 2020-03-17 17:30:52.043567095 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_lib.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4470,9 +4328,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/f +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_rand.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_rand.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4659,9 +4517,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5491,9 +5349,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips 2020-03-17 17:30:52.045567061 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h 2020-03-17 17:30:52.045567061 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7286,9 +7144,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7485,9 +7343,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7731,9 +7589,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/cry +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7901,9 +7759,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/cr +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/fips_err.h ---- openssl-1.1.1e/crypto/fips/fips_err.h.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_err.h 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_err.h.fips openssl-1.1.1j/crypto/fips/fips_err.h +--- openssl-1.1.1j/crypto/fips/fips_err.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_err.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8102,9 +7960,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/fips_ers.c ---- openssl-1.1.1e/crypto/fips/fips_ers.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ers.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ers.c.fips openssl-1.1.1j/crypto/fips/fips_ers.c +--- openssl-1.1.1j/crypto/fips/fips_ers.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ers.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,7 @@ +#include + @@ -8113,9 +7971,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8251,9 +8109,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/cry + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/fips_locl.h ---- openssl-1.1.1e/crypto/fips/fips_locl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_locl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_locl.h.fips openssl-1.1.1j/crypto/fips/fips_locl.h +--- openssl-1.1.1j/crypto/fips/fips_locl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_locl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8326,9 +8184,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/fips_post.c ---- openssl-1.1.1e/crypto/fips/fips_post.c.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_post.c.fips openssl-1.1.1j/crypto/fips/fips_post.c +--- openssl-1.1.1j/crypto/fips/fips_post.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_post.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8554,9 +8412,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lcl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1j/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lcl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8761,9 +8619,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lib.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1j/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lib.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8999,9 +8857,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/f +# endif +} + -diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9341,9 +9199,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_sha_selftest.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_sha_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9568,9 +9426,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9699,9 +9557,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/c +#endif + return 0; +} -diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac.c ---- openssl-1.1.1e/crypto/hmac/hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/hmac/hmac.c 2020-03-17 17:38:16.969802663 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hmac.c.fips openssl-1.1.1j/crypto/hmac/hmac.c +--- openssl-1.1.1j/crypto/hmac/hmac.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hmac.c 2021-03-03 12:57:42.202734550 +0100 @@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9716,9 +9574,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); -diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/hmac/hm_pmeth.c 2020-03-17 17:30:52.051566956 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1j/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hm_pmeth.c 2021-03-03 12:57:42.202734550 +0100 @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9728,111 +9586,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/h pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -diff -up openssl-1.1.1e/include/crypto/fips.h.fips openssl-1.1.1e/include/crypto/fips.h ---- openssl-1.1.1e/include/crypto/fips.h.fips 2020-03-17 17:30:52.051566956 +0100 -+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 17:30:52.051566956 +0100 -@@ -0,0 +1,98 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+int FIPS_module_mode_set(int onoff); -+int FIPS_module_mode(void); -+int FIPS_module_installed(void); -+int FIPS_selftest_sha1(void); -+int FIPS_selftest_sha2(void); -+int FIPS_selftest_sha3(void); -+int FIPS_selftest_aes_ccm(void); -+int FIPS_selftest_aes_gcm(void); -+int FIPS_selftest_aes_xts(void); -+int FIPS_selftest_aes(void); -+int FIPS_selftest_des(void); -+int FIPS_selftest_rsa(void); -+int FIPS_selftest_dsa(void); -+int FIPS_selftest_ecdsa(void); -+int FIPS_selftest_ecdh(void); -+int FIPS_selftest_dh(void); -+void FIPS_drbg_stick(int onoff); -+int FIPS_selftest_hmac(void); -+int FIPS_selftest_drbg(void); -+int FIPS_selftest_cmac(void); -+ -+int fips_pkey_signature_test(EVP_PKEY *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, -+ unsigned int katlen, -+ const EVP_MD *digest, -+ unsigned int md_flags, const char *fail_str); -+ -+int fips_cipher_test(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len); -+ -+void fips_set_selftest_fail(void); -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+#endif -diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c ---- openssl-1.1.1e/crypto/o_fips.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_fips.c 2020-03-17 17:30:52.052566939 +0100 +diff -up openssl-1.1.1j/crypto/o_fips.c.fips openssl-1.1.1j/crypto/o_fips.c +--- openssl-1.1.1j/crypto/o_fips.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_fips.c 2021-03-03 12:57:42.202734550 +0100 @@ -8,17 +8,28 @@ */ @@ -9862,10 +9618,10 @@ diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c return 0; +#endif } -diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c ---- openssl-1.1.1e/crypto/o_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_init.c 2020-03-17 17:30:52.052566939 +0100 -@@ -7,8 +7,68 @@ +diff -up openssl-1.1.1j/crypto/o_init.c.fips openssl-1.1.1j/crypto/o_init.c +--- openssl-1.1.1j/crypto/o_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_init.c 2021-03-03 12:57:42.202734550 +0100 +@@ -7,8 +7,69 @@ * https://www.openssl.org/source/license.html */ @@ -9891,16 +9647,20 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c + char buf[2] = "0"; + int fd; + -+ /* Ensure the selftests always run */ -+ /* XXX: TO SOLVE - premature initialization due to selftests */ -+ FIPS_mode_set(1); -+ + if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { + buf[0] = '1'; + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; + close(fd); + } ++ ++ if (buf[0] != '1' && !FIPS_module_installed()) ++ return; ++ ++ /* Ensure the selftests always run */ ++ /* XXX: TO SOLVE - premature initialization due to selftests */ ++ FIPS_mode_set(1); ++ + /* Failure reading the fips mode switch file means just not + * switching into FIPS mode. We would break too many things + * otherwise.. @@ -9925,18 +9685,15 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c + if (done) + return; + done = 1; -+ if (!FIPS_module_installed()) { -+ return; -+ } + init_fips_mode(); +} +#endif /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/rand_lib.c ---- openssl-1.1.1e/crypto/rand/rand_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rand/rand_lib.c 2020-03-17 17:35:56.471259207 +0100 +diff -up openssl-1.1.1j/crypto/rand/rand_lib.c.fips openssl-1.1.1j/crypto/rand/rand_lib.c +--- openssl-1.1.1j/crypto/rand/rand_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rand/rand_lib.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_local.h" @@ -9948,7 +9705,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -961,3 +965,15 @@ int RAND_status(void) +@@ -959,3 +963,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -9964,9 +9721,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_crpt.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1j/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_crpt.c 2021-03-03 12:57:42.202734550 +0100 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10020,9 +9777,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_err.c ---- openssl-1.1.1e/crypto/rsa/rsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_err.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_err.c.fips openssl-1.1.1j/crypto/rsa/rsa_err.c +--- openssl-1.1.1j/crypto/rsa/rsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_err.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10091,9 +9848,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_gen.c ---- openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_gen.c 2020-03-17 17:33:55.560367363 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips openssl-1.1.1j/crypto/rsa/rsa_gen.c +--- openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_gen.c 2021-03-03 12:57:42.202734550 +0100 @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10486,9 +10243,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_lib.c ---- openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_lib.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips openssl-1.1.1j/crypto/rsa/rsa_lib.c +--- openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_lib.c 2021-03-03 12:57:42.203734558 +0100 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10531,9 +10288,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_ossl.c 2020-03-17 17:34:32.289726964 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1j/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_ossl.c 2021-03-03 12:57:42.203734558 +0100 @@ -12,6 +12,10 @@ #include "rsa_local.h" #include "internal/constant_time.h" @@ -10650,9 +10407,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_pmeth.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1j/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_pmeth.c 2021-03-03 12:57:42.203734558 +0100 @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10671,9 +10428,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rs pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa_sign.c ---- openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_sign.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips openssl-1.1.1j/crypto/rsa/rsa_sign.c +--- openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_sign.c 2021-03-03 12:57:42.203734558 +0100 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10700,9 +10457,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha256.c ---- openssl-1.1.1e/crypto/sha/sha256.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha256.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha256.c.fips openssl-1.1.1j/crypto/sha/sha256.c +--- openssl-1.1.1j/crypto/sha/sha256.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha256.c 2021-03-03 12:57:42.203734558 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10723,9 +10480,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha512.c ---- openssl-1.1.1e/crypto/sha/sha512.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha512.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha512.c.fips openssl-1.1.1j/crypto/sha/sha512.c +--- openssl-1.1.1j/crypto/sha/sha512.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha512.c 2021-03-03 12:57:42.203734558 +0100 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10746,9 +10503,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sha_local.h ---- openssl-1.1.1e/crypto/sha/sha_local.h.fips 2020-03-17 17:30:51.766571925 +0100 -+++ openssl-1.1.1e/crypto/sha/sha_local.h 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha_local.h.fips openssl-1.1.1j/crypto/sha/sha_local.h +--- openssl-1.1.1j/crypto/sha/sha_local.h.fips 2021-03-03 12:57:41.941732391 +0100 ++++ openssl-1.1.1j/crypto/sha/sha_local.h 2021-03-03 12:57:42.203734558 +0100 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10759,9 +10516,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sh memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod 2021-03-03 12:57:42.203734558 +0100 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10775,9 +10532,111 @@ diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/openssl/crypto.h ---- openssl-1.1.1e/include/openssl/crypto.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/crypto.h 2020-03-17 17:31:00.997410980 +0100 +diff -up openssl-1.1.1j/include/crypto/fips.h.fips openssl-1.1.1j/include/crypto/fips.h +--- openssl-1.1.1j/include/crypto/fips.h.fips 2021-03-03 12:57:42.202734550 +0100 ++++ openssl-1.1.1j/include/crypto/fips.h 2021-03-03 12:57:42.202734550 +0100 +@@ -0,0 +1,98 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++int FIPS_module_mode_set(int onoff); ++int FIPS_module_mode(void); ++int FIPS_module_installed(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++int FIPS_selftest_sha3(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++int FIPS_selftest_des(void); ++int FIPS_selftest_rsa(void); ++int FIPS_selftest_dsa(void); ++int FIPS_selftest_ecdsa(void); ++int FIPS_selftest_ecdh(void); ++int FIPS_selftest_dh(void); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_cmac(void); ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, ++ unsigned int katlen, ++ const EVP_MD *digest, ++ unsigned int md_flags, const char *fail_str); ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len); ++ ++void fips_set_selftest_fail(void); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#endif +diff -up openssl-1.1.1j/include/openssl/crypto.h.fips openssl-1.1.1j/include/openssl/crypto.h +--- openssl-1.1.1j/include/openssl/crypto.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/crypto.h 2021-03-03 12:57:42.204734567 +0100 @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10790,9 +10649,9 @@ diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/ope void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/openssl/dherr.h ---- openssl-1.1.1e/include/openssl/dherr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dherr.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/openssl/dherr.h +--- openssl-1.1.1j/include/openssl/dherr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dherr.h 2021-03-03 12:57:42.204734567 +0100 @@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 @@ -10818,9 +10677,9 @@ diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/open # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl/dh.h ---- openssl-1.1.1e/include/openssl/dh.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dh.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dh.h.fips openssl-1.1.1j/include/openssl/dh.h +--- openssl-1.1.1j/include/openssl/dh.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dh.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10829,9 +10688,9 @@ diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/openssl/dsaerr.h ---- openssl-1.1.1e/include/openssl/dsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsaerr.h 2020-03-17 17:31:00.999410945 +0100 +diff -up openssl-1.1.1j/include/openssl/dsaerr.h.fips openssl-1.1.1j/include/openssl/dsaerr.h +--- openssl-1.1.1j/include/openssl/dsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsaerr.h 2021-03-03 12:57:42.204734567 +0100 @@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 @@ -10858,9 +10717,9 @@ diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/ope # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openssl/dsa.h ---- openssl-1.1.1e/include/openssl/dsa.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsa.h 2020-03-17 17:31:01.000410928 +0100 +diff -up openssl-1.1.1j/include/openssl/dsa.h.fips openssl-1.1.1j/include/openssl/dsa.h +--- openssl-1.1.1j/include/openssl/dsa.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsa.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10869,10 +10728,10 @@ diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/openssl/evperr.h ---- openssl-1.1.1e/include/openssl/evperr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-17 17:31:01.000410928 +0100 -@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1j/include/openssl/evperr.h.fips openssl-1.1.1j/include/openssl/evperr.h +--- openssl-1.1.1j/include/openssl/evperr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 12:57:42.204734567 +0100 +@@ -22,14 +22,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 @@ -10891,7 +10750,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); +@@ -140,6 +141,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -10899,7 +10758,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -185,6 +187,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -10907,7 +10766,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -200,6 +203,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 @@ -10916,9 +10775,9 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openssl/evp.h ---- openssl-1.1.1e/include/openssl/evp.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evp.h 2020-03-17 17:31:01.001410911 +0100 +diff -up openssl-1.1.1j/include/openssl/evp.h.fips openssl-1.1.1j/include/openssl/evp.h +--- openssl-1.1.1j/include/openssl/evp.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evp.h 2021-03-03 12:57:42.204734567 +0100 @@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -10929,9 +10788,9 @@ diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openss const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/openssl/fips.h ---- openssl-1.1.1e/include/openssl/fips.h.fips 2020-03-17 17:31:01.002410893 +0100 -+++ openssl-1.1.1e/include/openssl/fips.h 2020-03-17 17:31:01.002410893 +0100 +diff -up openssl-1.1.1j/include/openssl/fips.h.fips openssl-1.1.1j/include/openssl/fips.h +--- openssl-1.1.1j/include/openssl/fips.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11120,9 +10979,9 @@ diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/opens +} +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/openssl/fips_rand.h ---- openssl-1.1.1e/include/openssl/fips_rand.h.fips 2020-03-17 17:31:01.003410876 +0100 -+++ openssl-1.1.1e/include/openssl/fips_rand.h 2020-03-17 17:31:01.003410876 +0100 +diff -up openssl-1.1.1j/include/openssl/fips_rand.h.fips openssl-1.1.1j/include/openssl/fips_rand.h +--- openssl-1.1.1j/include/openssl/fips_rand.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips_rand.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11269,10 +11128,10 @@ diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/ +# endif +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/include/openssl/opensslconf.h.in ---- openssl-1.1.1e/include/openssl/opensslconf.h.in.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/opensslconf.h.in 2020-03-17 17:31:01.003410876 +0100 -@@ -150,6 +150,11 @@ extern "C" { +diff -up openssl-1.1.1j/include/openssl/opensslconf.h.in.fips openssl-1.1.1j/include/openssl/opensslconf.h.in +--- openssl-1.1.1j/include/openssl/opensslconf.h.in.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/opensslconf.h.in 2021-03-03 12:57:42.205734575 +0100 +@@ -155,6 +155,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11284,9 +11143,9 @@ diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/openssl/randerr.h ---- openssl-1.1.1e/include/openssl/randerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/randerr.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/randerr.h.fips openssl-1.1.1j/include/openssl/randerr.h +--- openssl-1.1.1j/include/openssl/randerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/randerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 @@ -11295,9 +11154,9 @@ diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/op # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/openssl/rand.h ---- openssl-1.1.1e/include/openssl/rand.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rand.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/rand.h.fips openssl-1.1.1j/include/openssl/rand.h +--- openssl-1.1.1j/include/openssl/rand.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rand.h 2021-03-03 12:57:42.205734575 +0100 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11310,9 +11169,9 @@ diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/opens #ifdef __cplusplus } -diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/openssl/rsaerr.h ---- openssl-1.1.1e/include/openssl/rsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rsaerr.h 2020-03-17 17:31:01.005410841 +0100 +diff -up openssl-1.1.1j/include/openssl/rsaerr.h.fips openssl-1.1.1j/include/openssl/rsaerr.h +--- openssl-1.1.1j/include/openssl/rsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rsaerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 @@ -11368,9 +11227,9 @@ diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c ---- openssl-1.1.1e/ssl/s3_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/s3_lib.c 2020-03-17 17:31:01.007410806 +0100 +diff -up openssl-1.1.1j/ssl/s3_lib.c.fips openssl-1.1.1j/ssl/s3_lib.c +--- openssl-1.1.1j/ssl/s3_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 12:57:42.205734575 +0100 @@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, @@ -11470,9 +11329,9 @@ diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, -diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c ---- openssl-1.1.1e/ssl/ssl_ciph.c.fips 2020-03-17 17:30:52.017567549 +0100 -+++ openssl-1.1.1e/ssl/ssl_ciph.c 2020-03-17 17:31:01.008410788 +0100 +diff -up openssl-1.1.1j/ssl/ssl_ciph.c.fips openssl-1.1.1j/ssl/ssl_ciph.c +--- openssl-1.1.1j/ssl/ssl_ciph.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_ciph.c 2021-03-03 12:57:42.206734583 +0100 @@ -387,7 +387,7 @@ int ssl_load_ciphers(void) } } @@ -11511,9 +11370,9 @@ diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c ---- openssl-1.1.1e/ssl/ssl_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/ssl_init.c 2020-03-17 17:31:01.009410771 +0100 +diff -up openssl-1.1.1j/ssl/ssl_init.c.fips openssl-1.1.1j/ssl/ssl_init.c +--- openssl-1.1.1j/ssl/ssl_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/ssl_init.c 2021-03-03 12:57:42.206734583 +0100 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11557,10 +11416,10 @@ diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c ---- openssl-1.1.1e/ssl/ssl_lib.c.fips 2020-03-17 17:30:52.018567531 +0100 -+++ openssl-1.1.1e/ssl/ssl_lib.c 2020-03-17 17:31:01.011410736 +0100 -@@ -2970,6 +2970,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1j/ssl/ssl_lib.c.fips openssl-1.1.1j/ssl/ssl_lib.c +--- openssl-1.1.1j/ssl/ssl_lib.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_lib.c 2021-03-03 12:57:42.206734583 +0100 +@@ -2973,6 +2973,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11572,7 +11431,7 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -3026,13 +3031,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -3029,13 +3034,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11597,10 +11456,10 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h ---- openssl-1.1.1e/ssl/ssl_local.h.fips 2020-03-17 17:30:51.842570600 +0100 -+++ openssl-1.1.1e/ssl/ssl_local.h 2020-03-17 17:31:10.740241108 +0100 -@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { +diff -up openssl-1.1.1j/ssl/ssl_local.h.fips openssl-1.1.1j/ssl/ssl_local.h +--- openssl-1.1.1j/ssl/ssl_local.h.fips 2021-03-03 12:57:42.100733706 +0100 ++++ openssl-1.1.1j/ssl/ssl_local.h 2021-03-03 12:57:42.206734583 +0100 +@@ -1515,6 +1515,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11608,9 +11467,9 @@ diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h typedef struct cert_pkey_st CERT_PKEY; -diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ---- openssl-1.1.1e/ssl/t1_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/t1_lib.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/ssl/t1_lib.c.fips openssl-1.1.1j/ssl/t1_lib.c +--- openssl-1.1.1j/ssl/t1_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 12:57:42.207734591 +0100 @@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ @@ -11636,9 +11495,9 @@ diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c ---- openssl-1.1.1e/test/dsatest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/dsatest.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/test/dsatest.c.fips openssl-1.1.1j/test/dsatest.c +--- openssl-1.1.1j/test/dsatest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/dsatest.c 2021-03-03 12:57:42.207734591 +0100 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11721,9 +11580,9 @@ diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt 2020-03-17 17:31:10.742241073 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt 2021-03-03 12:57:42.207734591 +0100 @@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 @@ -11732,13 +11591,13 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1e/util/libcrypto.num.fips openssl-1.1.1e/util/libcrypto.num ---- openssl-1.1.1e/util/libcrypto.num.fips 2020-03-17 17:31:10.744241038 +0100 -+++ openssl-1.1.1e/util/libcrypto.num 2020-03-17 17:32:37.851722261 +0100 -@@ -4587,3 +4587,38 @@ EVP_PKEY_meth_set_digestverify - EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION: - EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION: - RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA +diff -up openssl-1.1.1j/util/libcrypto.num.fips openssl-1.1.1j/util/libcrypto.num +--- openssl-1.1.1j/util/libcrypto.num.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 12:57:42.208734600 +0100 +@@ -4591,3 +4591,38 @@ X509_ALGOR_copy + X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: + X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: + EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1f.tar.gz b/openssl-1.1.1f.tar.gz deleted file mode 100644 index b9ae421603e536cdef1f4e818245ea766f449c44..0000000000000000000000000000000000000000 Binary files a/openssl-1.1.1f.tar.gz and /dev/null differ diff --git a/openssl-1.1.1m.tar.gz b/openssl-1.1.1m.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..2db4ee8e8886de8356fa9fdea6d4d99ec5c410e0 Binary files /dev/null and b/openssl-1.1.1m.tar.gz differ diff --git a/openssl.spec b/openssl.spec index 5e0b2577fb90e4e24462a8c38f3772cb8466466a..8d510b49332331036109d25e9b99a89f3c2ec156 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,47 +1,20 @@ %define soversion 1.1 Name: openssl Epoch: 1 -Version: 1.1.1f -Release: 9 +Version: 1.1.1m +Release: 1 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ -Source0: https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz +Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch -Patch3: CVE-2020-1967.patch -Patch4: CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch -Patch5: CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch -Patch6: CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch -Patch7: CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch -Patch8: CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch -Patch9: CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch -Patch10: CVE-2021-23840.patch -Patch11: CVE-2021-23841.patch -Patch12: CVE-2021-3449.patch -Patch13: CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch -Patch14: CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch -Patch15: CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch -Patch16: CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch -Patch17: CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch -Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch -Patch19: backport-Avoid-using-undefined-value-in-generate_stateless_co.patch -Patch20: backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch -Patch21: backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch -Patch22: backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch -Patch23: backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch -Patch24: backport-Fix-potential-double-free.patch -Patch25: backport-Fix-printing-of-PROXY_CERT_INFO_EXTENSION-to-not-ass.patch -Patch26: backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch -Patch27: backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch +Patch3: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch +Patch4: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel - -Requires: coreutils perl %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} -Obsoletes: openssl-perl < %{epoch}:%{version}-%{release} -Provides: openssl-perl = %{epoch}:%{version}-%{release} -Provides: openssl-perl%{_isa} = %{epoch}:%{version}-%{release} +Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} %description OpenSSL is a robust, commercial-grade, and full-featured toolkit for the @@ -62,6 +35,16 @@ The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols. +%package perl +Summary: Perl scripts provided with OpenSSL +Requires: perl-interpreter +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%description perl +OpenSSL is a toolkit for supporting cryptography. The openssl-perl +package provides Perl scripts for converting certificates and keys +from other formats to the formats used by the OpenSSL toolkit. + %package devel Summary: Development files for openssl Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -146,6 +129,13 @@ for manpage in man*/* ; do done popd +# Next step of gradual disablement of ssl3. +# Make SSL3 disappear to newly built dependencies. +sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ +#ifndef OPENSSL_NO_SSL3\ +# define OPENSSL_NO_SSL3\ +#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h + rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist %check @@ -170,12 +160,7 @@ make test || : %license LICENSE %doc AUTHORS CHANGES FAQ NEWS README %{_pkgdocdir}/Makefile.certificate -%dir %{_sysconfdir}/pki/CA -%dir %{_sysconfdir}/pki/CA/private -%dir %{_sysconfdir}/pki/CA/certs -%dir %{_sysconfdir}/pki/CA/crl -%dir %{_sysconfdir}/pki/CA/newcerts -%{_bindir}/* +%{_bindir}/openssl %files libs %defattr(-,root,root) @@ -210,13 +195,33 @@ make test || : %{_mandir}/man7/* %{_pkgdocdir}/html/ +%files perl +%{_bindir}/c_rehash +%{_bindir}/*.pl +%{_bindir}/tsget +%dir %{_sysconfdir}/pki/CA +%dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts + +%ldconfig_scriptlets libs + %changelog -* Sat Dec 25 2021 steven_ygui - 1:1.1.1f-9 -- backport upstream patches +* Thu Mar 24 2022 duyiwei - 1:1.1.1m-1 +- update openssl-1.1.1f to openssl-1.1.1m +- add subpackage openssl-perl +- fix the cve-2022-0778 -* Fri Sep 24 2021 openEuler Buildteam - 1:1.1.1f-8 +* Wed Dec 8 2021 lujie42 - 1:1.1.1l-1 +- update openssl-1.1.1f to openssl-1.1.1l + +* Fri Sep 24 2021 openEuler Buildteam - 1:1.1.1f-9 - bugfix Overflow when printing Thawte Strong Extranet +* Sat Sep 18 2021 zhuyan - 1:1.1.1f-8 +- fix software package format problem + * Mon Aug 30 2021 openEuler Buildteam - 1:1.1.1f-7 - fix the CVE-2021-3711 and CVE-2021-3712 @@ -229,7 +234,7 @@ make test || : * Wed Mar 10 2021 openEuler Buildteam - 1:1.1.1f-4 - fix CVE-2021-23840 and CVE-2021-23841 -* Mon Jan 19 2021 openEuler Buildteam - 1:1.1.1f-3 +* Tue Jan 19 2021 openEuler Buildteam - 1:1.1.1f-3 - fix CVE-2020-1971 * Fri Sep 11 2020 Liquor - 1:1.1.1f-2