Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2016-10-10 16:17:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2016-09-28 15:03:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2016-10-10 16:17:30.000000000 +0200 @@ -1,0 +2,21 @@ +Fri Sep 30 10:53:56 UTC 2016 - [email protected] + +- resume reading from /dev/urandom when interrupted by a signal + (bsc#995075) + * add openssl-randfile_fread_interrupt.patch + +------------------------------------------------------------------- +Fri Sep 30 10:53:06 UTC 2016 - [email protected] + +- add FIPS changes from SP2: +- fix problems with locking in FIPS mode (bsc#992120) + * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 + and bsc#990207 + * bring back openssl-fipslocking.patch +- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) + (bsc#984323) +- don't check for /etc/system-fips (bsc#982268) + * add openssl-fips-dont_run_FIPS_module_installed.patch +- refresh openssl-fips-rsagen-d-bits.patch + +------------------------------------------------------------------- Old: ---- openssl-fips_RSA_compute_d_with_lcm.patch New: ---- openssl-fips-dont_run_FIPS_module_installed.patch openssl-fipslocking.patch openssl-randfile_fread_interrupt.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.xNi2BB/_old 2016-10-10 16:17:32.000000000 +0200 +++ /var/tmp/diff_new_pack.xNi2BB/_new 2016-10-10 16:17:32.000000000 +0200 @@ -74,9 +74,9 @@ Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch # FIPS patches from SLE-12 +Patch41: openssl-fips-dont_run_FIPS_module_installed.patch Patch50: openssl-fips_disallow_x931_rand_method.patch Patch51: openssl-fips_disallow_ENGINE_loading.patch -Patch52: openssl-fips_RSA_compute_d_with_lcm.patch Patch53: openssl-rsakeygen-minimum-distance.patch Patch54: openssl-urandom-reseeding.patch Patch55: openssl-fips-rsagen-d-bits.patch @@ -85,7 +85,9 @@ Patch58: openssl-fips-clearerror.patch Patch59: openssl-fips-dont-fall-back-to-default-digest.patch -Patch60: openssl-print_notice-NULL_crash.patch +Patch61: openssl-fipslocking.patch +Patch62: openssl-print_notice-NULL_crash.patch +Patch63: openssl-randfile_fread_interrupt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -196,9 +198,9 @@ %patch35 -p1 %patch37 -p1 %patch38 -p1 +%patch41 -p1 %patch50 -p1 %patch51 -p1 -%patch52 -p1 %patch53 -p1 %patch54 -p1 %patch55 -p1 @@ -206,7 +208,9 @@ %patch57 -p1 %patch58 -p1 %patch59 -p1 -%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif ++++++ openssl-fips-dont_run_FIPS_module_installed.patch ++++++ Index: openssl-1.0.2h/crypto/o_init.c =================================================================== --- openssl-1.0.2h.orig/crypto/o_init.c 2016-06-01 15:26:25.026937000 +0200 +++ openssl-1.0.2h/crypto/o_init.c 2016-06-01 16:23:24.980858697 +0200 @@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS return; done = 1; #ifdef OPENSSL_FIPS - if (!FIPS_module_installed()) { + /*if (!FIPS_module_installed()) { return; - } + }*/ RAND_init_fips(); init_fips_mode(); if (!FIPS_mode()) { ++++++ openssl-fips-rsagen-d-bits.patch ++++++ --- /var/tmp/diff_new_pack.xNi2BB/_old 2016-10-10 16:17:32.000000000 +0200 +++ /var/tmp/diff_new_pack.xNi2BB/_new 2016-10-10 16:17:32.000000000 +0200 @@ -1,8 +1,8 @@ -Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2h/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:23:50.941168136 +0200 -+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:47:56.651757817 +0200 -@@ -237,6 +237,12 @@ static int FIPS_rsa_builtin_keygen(RSA * +--- openssl-1.0.2h.orig/crypto/rsa/rsa_gen.c 2016-07-14 15:25:28.640174922 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_gen.c 2016-07-14 15:27:41.330349764 +0200 +@@ -234,6 +234,12 @@ static int FIPS_rsa_builtin_keygen(RSA * goto err; } @@ -15,7 +15,7 @@ /* prepare approximate minimum p and q */ if (!BN_set_word(r0, 0xB504F334)) goto err; -@@ -249,12 +255,6 @@ static int FIPS_rsa_builtin_keygen(RSA * +@@ -246,12 +252,6 @@ static int FIPS_rsa_builtin_keygen(RSA * if (!BN_lshift(r3, r3, pbits - 100)) goto err; @@ -28,12 +28,12 @@ /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: -@@ -384,6 +384,8 @@ static int FIPS_rsa_builtin_keygen(RSA * - if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx)) +@@ -375,6 +375,8 @@ static int FIPS_rsa_builtin_keygen(RSA * + if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) goto err; /* d */ + /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */ + /* the LCM part is covered due to the generation by modulo above */ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ - + ++++++ openssl-fipslocking.patch ++++++ Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c =================================================================== --- openssl-1.0.2h.orig/crypto/fips/fips_drbg_rand.c 2016-08-03 18:09:00.212901713 +0200 +++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-08-03 18:22:15.741698211 +0200 @@ -82,7 +82,8 @@ static int fips_drbg_bytes(unsigned char if (count > dctx->min_entropy) RAND_load_file("/dev/urandom", count - dctx->min_entropy); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + int locked; + locked = private_RAND_lock(1); do { size_t rcnt; if (count > (int)dctx->max_request) @@ -111,7 +112,8 @@ static int fips_drbg_bytes(unsigned char while (count); rv = 1; err: - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); return rv; } @@ -126,34 +128,50 @@ static int fips_drbg_status(void) { DRBG_CTX *dctx = &ossl_dctx; int rv; - CRYPTO_r_lock(CRYPTO_LOCK_RAND); + int locked; + locked = private_RAND_lock(1); rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; - CRYPTO_r_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); return rv; } static void fips_drbg_cleanup(void) { DRBG_CTX *dctx = &ossl_dctx; - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + int locked; + locked = private_RAND_lock(1); FIPS_drbg_uninstantiate(dctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); } static int fips_drbg_seed(const void *seed, int seedlen) { DRBG_CTX *dctx = &ossl_dctx; + int locked; + int ret = 1; + + locked = private_RAND_lock(1); if (dctx->rand_seed_cb) - return dctx->rand_seed_cb(dctx, seed, seedlen); - return 1; + ret = dctx->rand_seed_cb(dctx, seed, seedlen); + if (locked) + private_RAND_lock(0); + return ret; } static int fips_drbg_add(const void *seed, int seedlen, double add_entropy) { DRBG_CTX *dctx = &ossl_dctx; + int locked; + int ret = 1; + + locked = private_RAND_lock(1); if (dctx->rand_add_cb) - return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); - return 1; + ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); + if (locked) + private_RAND_lock(0); + return ret; } static const RAND_METHOD rand_drbg_meth = { Index: openssl-1.0.2h/crypto/rand/md_rand.c =================================================================== --- openssl-1.0.2h.orig/crypto/rand/md_rand.c 2016-08-03 18:09:00.216901777 +0200 +++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-08-04 10:42:01.775958714 +0200 @@ -144,13 +144,6 @@ static long md_count[2] = { 0, 0 }; static double entropy = 0; static int initialized = 0; -static unsigned int crypto_lock_rand = 0; /* may be set only when a thread - * holds CRYPTO_LOCK_RAND (to - * prevent double locking) */ -/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -/* valid iff crypto_lock_rand is set */ -static CRYPTO_THREADID locking_threadid; - #ifdef PREDICT int rand_predictable = 0; #endif @@ -196,7 +189,7 @@ static void ssleay_rand_add(const void * long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; EVP_MD_CTX m; - int do_not_lock; + int locked; if (!num) return; @@ -216,18 +209,8 @@ static void ssleay_rand_add(const void * * hash function. */ - /* check if we already have the lock */ - if (crypto_lock_rand) { - CRYPTO_THREADID cur; - CRYPTO_THREADID_current(&cur); - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } else - do_not_lock = 0; + locked = private_RAND_lock(1); - if (!do_not_lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx = state_index; /* @@ -258,8 +241,8 @@ static void ssleay_rand_add(const void * md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - if (!do_not_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); EVP_MD_CTX_init(&m); for (i = 0; i < num; i += MD_DIGEST_LENGTH) { @@ -307,8 +290,7 @@ static void ssleay_rand_add(const void * } EVP_MD_CTX_cleanup(&m); - if (!do_not_lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + locked = private_RAND_lock(1); /* * Don't just copy back local_md into md -- this could mean that other * thread's seeding remains without effect (except for the incremented @@ -320,8 +302,8 @@ static void ssleay_rand_add(const void * } if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ entropy += add; - if (!do_not_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); @@ -346,6 +328,7 @@ int ssleay_rand_bytes(unsigned char *buf pid_t curr_pid = getpid(); #endif int do_stir_pool = 0; + int locked; #ifdef PREDICT if (rand_predictable) { @@ -387,13 +370,7 @@ int ssleay_rand_bytes(unsigned char *buf * global 'md'. */ if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_current(&locking_threadid); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; + locked = private_RAND_lock(1); /* always poll for external entropy in FIPS mode, drbg provides the * expansion @@ -468,9 +445,8 @@ int ssleay_rand_bytes(unsigned char *buf md_count[0] += 1; /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (lock && locked) + private_RAND_lock(0); while (num > 0) { /* num_ceil -= MD_DIGEST_LENGTH/2 */ @@ -519,11 +495,11 @@ int ssleay_rand_bytes(unsigned char *buf MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); MD_Update(&m, local_md, MD_DIGEST_LENGTH); if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + locked = private_RAND_lock(1); MD_Update(&m, md, MD_DIGEST_LENGTH); MD_Final(&m, md); - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (lock && locked) + private_RAND_lock(0); EVP_MD_CTX_cleanup(&m); if (ok) @@ -553,33 +529,10 @@ static int ssleay_rand_pseudo_bytes(unsi static int ssleay_rand_status(void) { - CRYPTO_THREADID cur; int ret; - int do_not_lock; - - CRYPTO_THREADID_current(&cur); - /* - * check if we already have the lock (could happen if a RAND_poll() - * implementation calls RAND_status()) - */ - if (crypto_lock_rand) { - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } else - do_not_lock = 0; + int locked; - if (!do_not_lock) { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* - * prevent ssleay_rand_bytes() from trying to obtain the lock again - */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_THREADID_cpy(&locking_threadid, &cur); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - } + locked = private_RAND_lock(1); if (!initialized) { RAND_poll(); @@ -588,12 +541,8 @@ static int ssleay_rand_status(void) ret = entropy >= ENTROPY_NEEDED; - if (!do_not_lock) { - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } + if (locked) + private_RAND_lock(0); return ret; } Index: openssl-1.0.2h/crypto/rand/rand.h =================================================================== --- openssl-1.0.2h.orig/crypto/rand/rand.h 2016-08-03 18:08:58.848879702 +0200 +++ openssl-1.0.2h/crypto/rand/rand.h 2016-08-03 18:09:00.216901777 +0200 @@ -123,6 +123,8 @@ void RAND_set_fips_drbg_type(int type, i int RAND_init_fips(void); # endif +int private_RAND_lock(int lock); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes Index: openssl-1.0.2h/crypto/rand/rand_lib.c =================================================================== --- openssl-1.0.2h.orig/crypto/rand/rand_lib.c 2016-08-03 18:08:58.848879702 +0200 +++ openssl-1.0.2h/crypto/rand/rand_lib.c 2016-08-04 10:45:28.691025336 +0200 @@ -176,6 +176,41 @@ int RAND_status(void) return 0; } +int private_RAND_lock(int lock) + { + static int crypto_lock_rand; + static CRYPTO_THREADID locking_threadid; + int do_lock; + + if (!lock) + { + crypto_lock_rand = 0; + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + return 0; + } + + /* check if we already have the lock */ + if (crypto_lock_rand) + { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); + do_lock = !!CRYPTO_THREADID_cmp(&locking_threadid, &cur); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } + else + do_lock = 1; + if (do_lock) + { + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); + CRYPTO_THREADID_current(&locking_threadid); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + } + return do_lock; + } + #ifdef OPENSSL_FIPS /* @@ -237,9 +272,10 @@ static int drbg_rand_add(DRBG_CTX *ctx, { RAND_SSLeay()->add(in, inlen, entropy); if (FIPS_rand_status()) { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + int locked = private_RAND_lock(1); FIPS_drbg_reseed(ctx, in, inlen); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); } return 1; } @@ -248,9 +284,10 @@ static int drbg_rand_seed(DRBG_CTX *ctx, { RAND_SSLeay()->seed(in, inlen); if (FIPS_rand_status()) { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + int locked = private_RAND_lock(1); FIPS_drbg_reseed(ctx, NULL, 0); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (locked) + private_RAND_lock(0); } return 1; } ++++++ openssl-randfile_fread_interrupt.patch ++++++ Index: openssl-1.0.2j/crypto/rand/randfile.c =================================================================== --- openssl-1.0.2j.orig/crypto/rand/randfile.c 2016-09-27 13:52:29.265425064 +0200 +++ openssl-1.0.2j/crypto/rand/randfile.c 2016-09-27 13:53:34.162468100 +0200 @@ -205,6 +205,11 @@ int RAND_load_file(const char *file, lon else n = BUFSIZE; i = fread(buf, 1, n, in); + if (i <= 0 && ferror(in) && errno == EINTR) { + clearerr(in); + continue; + } + if (i <= 0) break; #ifdef PURIFY
