Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2019-01-15 09:15:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Tue Jan 15 09:15:08 2019 rev:15 rq:662509 version:1.0.2q Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2018-08-07 09:41:01.553095582 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.28833/openssl-1_0_0.changes 2019-01-15 09:15:18.294295223 +0100 @@ -1,0 +2,63 @@ +Sun Dec 16 20:01:28 UTC 2018 - Tobias Klausmann <[email protected]> + +- Start versioning the exported symbols: + At least one steam game (Company of Heroes 2) needs this symbol versioned + properly +- modify openssl-1.0.0-version.patch + +------------------------------------------------------------------- +Tue Nov 20 14:37:26 UTC 2018 - Vítězslav Čížek <[email protected]> + +- Update to 1.0.2q + * Microarchitecture timing vulnerability in ECC scalar multiplication + (CVE-2018-5407, bsc#1113534, "PortSmash") + * Timing vulnerability in DSA signature generation + (CVE-2018-0734, bsc#1113652) + * Use a secure getenv wrapper inside libcrypto +- refreshed patches: + * openssl-fipslocking.patch + * openssl-1.0.2i-fips.patch + +------------------------------------------------------------------- +Tue Sep 4 12:04:27 UTC 2018 - [email protected] + +- correct the error detection in openssl-CVE-2018-0737-fips.patch + (bsc#1106197) + +------------------------------------------------------------------- +Thu Aug 16 12:41:44 UTC 2018 - [email protected] + +- Fix One&Done side-channel attack on RSA (bsc#1104789) + * add openssl-One_and_Done.patch + +------------------------------------------------------------------- +Wed Aug 15 13:15:43 UTC 2018 - [email protected] + +- Update to 1.0.2p + OpenSSL Security Advisory [12 June 2018] + * Reject excessively large primes in DH key generation + (bsc#1097158, CVE-2018-0732) + OpenSSL Security Advisory [16 Apr 2018] + * Cache timing vulnerability in RSA Key Generation + (CVE-2018-0737, bsc#1089039) + * Make EVP_PKEY_asn1_new() a bit stricter about its input + * Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + * Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + * Increase the number of Miller-Rabin rounds for DSA key generating to 64. + * Add blinding to ECDSA and DSA signatures to protect against side channel + attacks + * When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + * Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. +- add openssl-CVE-2018-0737-fips.patch +- refreshed patches: + * openssl-1.0.2a-fips-ec.patch + * openssl-1.0.2a-ipv6-apps.patch + * openssl-1.0.2i-fips.patch + * openssl-1.0.2i-new-fips-reqs.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2o.tar.gz openssl-1.0.2o.tar.gz.asc New: ---- openssl-1.0.2q.tar.gz openssl-1.0.2q.tar.gz.asc openssl-CVE-2018-0737-fips.patch openssl-One_and_Done.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.386294208 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.390294205 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-1_0_0 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -26,7 +26,7 @@ %define num_version 1.0.0 %define _rname openssl Name: openssl-1_0_0 -Version: 1.0.2o +Version: 1.0.2q Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -89,6 +89,8 @@ Patch76: openssl-fips_cavs_aes_keywrap.patch Patch77: openssl-fips-run_selftests_only_when_module_is_complete.patch Patch78: 0001-Set-FIPS-thread-id-callback.patch +Patch79: openssl-CVE-2018-0737-fips.patch +Patch80: openssl-One_and_Done.patch # steam patches Patch100: openssl-fix-cpuid_setup.patch BuildRequires: bc @@ -227,6 +229,8 @@ %patch77 -p1 # we don't have FIPS_crypto_threadid_set_callback %patch78 -R -p1 +%patch79 -p1 +%patch80 -p1 # clean up patching leftovers find . -name '*.orig' -delete @@ -244,7 +248,6 @@ popd > /dev/null %build -find -type f -name "*.c" -exec sed -i -e "s@getenv@secure_getenv@g" {} + %ifarch armv5el armv5tel export MACHINE=armv5el %endif ++++++ openssl-1.0.0-version.patch ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.502294101 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.502294101 +0100 @@ -15,29 +15,53 @@ =================================================================== --- /dev/null +++ openssl-1.0.2k/openssl.ld -@@ -0,0 +1,5 @@ +@@ -0,0 +1,13 @@ +OPENSSL_1.0.0 { + global: + *; +}; + ++OPENSSL_1.0.1 { ++ global: ++ SSL_CTX_set_next_proto_select_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.2 { ++} OPENSSL_1.0.1; ++ Index: openssl-1.0.2k/engines/openssl.ld =================================================================== --- /dev/null +++ openssl-1.0.2k/engines/openssl.ld -@@ -0,0 +1,5 @@ +@@ -0,0 +1,13 @@ +OPENSSL_1.0.0 { + global: + *; +}; + ++OPENSSL_1.0.1 { ++ global: ++ SSL_CTX_set_next_proto_select_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.2 { ++} OPENSSL_1.0.1; ++ Index: openssl-1.0.2k/engines/ccgost/openssl.ld =================================================================== --- /dev/null +++ openssl-1.0.2k/engines/ccgost/openssl.ld -@@ -0,0 +1,5 @@ +@@ -0,0 +1,13 @@ +OPENSSL_1.0.0 { + global: + *; +}; + ++OPENSSL_1.0.1 { ++ global: ++ SSL_CTX_set_next_proto_select_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.2 { ++} OPENSSL_1.0.1; ++ ++++++ openssl-1.0.2a-fips-ec.patch ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.522294082 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.522294082 +0100 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2a/crypto/ecdh/ecdhtest.c +Index: openssl-1.0.2p/crypto/ecdh/ecdhtest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdh/ecdhtest.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-05-24 14:55:25.865876498 +0200 +--- openssl-1.0.2p.orig/crypto/ecdh/ecdhtest.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdh/ecdhtest.c 2018-08-15 15:07:50.081774764 +0200 @@ -501,11 +501,13 @@ int main(int argc, char *argv[]) goto err; @@ -32,10 +32,10 @@ ret = 0; err: -Index: openssl-1.0.2a/crypto/ecdh/ech_lib.c +Index: openssl-1.0.2p/crypto/ecdh/ech_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdh/ech_lib.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdh/ech_lib.c 2015-05-24 14:55:25.865876498 +0200 +--- openssl-1.0.2p.orig/crypto/ecdh/ech_lib.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdh/ech_lib.c 2018-08-15 15:07:50.081774764 +0200 @@ -93,14 +93,7 @@ void ECDH_set_default_method(const ECDH_ const ECDH_METHOD *ECDH_get_default_method(void) { @@ -51,10 +51,10 @@ } return default_ECDH_method; } -Index: openssl-1.0.2a/crypto/ecdh/ech_ossl.c +Index: openssl-1.0.2p/crypto/ecdh/ech_ossl.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdh/ech_ossl.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdh/ech_ossl.c 2015-05-24 14:55:25.865876498 +0200 +--- openssl-1.0.2p.orig/crypto/ecdh/ech_ossl.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdh/ech_ossl.c 2018-08-15 15:07:50.081774764 +0200 @@ -78,6 +78,10 @@ #include <openssl/obj_mac.h> #include <openssl/bn.h> @@ -89,36 +89,11 @@ if (outlen > INT_MAX) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, * anyway */ -Index: openssl-1.0.2a/crypto/ecdsa/ecdsatest.c +Index: openssl-1.0.2p/crypto/ecdsa/ecdsatest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdsa/ecdsatest.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-05-24 14:55:25.866876513 +0200 -@@ -138,11 +138,14 @@ int restore_rand(void) - } - - static int fbytes_counter = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" - "55657156756655", - "1275552191113212300012030439187146164646146646466749494799", -@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num) - int ret; - BIGNUM *tmp = NULL; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -532,8 +535,10 @@ int main(void) +--- openssl-1.0.2p.orig/crypto/ecdsa/ecdsatest.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdsa/ecdsatest.c 2018-08-15 15:11:05.619277949 +0200 +@@ -539,8 +539,10 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); /* the tests */ @@ -129,10 +104,10 @@ if (!test_builtin(out)) goto err; -Index: openssl-1.0.2a/crypto/ecdsa/ecs_lib.c +Index: openssl-1.0.2p/crypto/ecdsa/ecs_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdsa/ecs_lib.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_lib.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/ecdsa/ecs_lib.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdsa/ecs_lib.c 2018-08-15 15:07:50.081774764 +0200 @@ -80,14 +80,7 @@ void ECDSA_set_default_method(const ECDS const ECDSA_METHOD *ECDSA_get_default_method(void) { @@ -148,21 +123,21 @@ } return default_ECDSA_method; } -Index: openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c +Index: openssl-1.0.2p/crypto/ecdsa/ecs_ossl.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdsa/ecs_ossl.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c 2015-05-24 14:55:25.866876513 +0200 -@@ -60,6 +60,9 @@ - #include <openssl/err.h> +--- openssl-1.0.2p.orig/crypto/ecdsa/ecs_ossl.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ecdsa/ecs_ossl.c 2018-08-15 15:11:49.383614364 +0200 +@@ -61,6 +61,9 @@ #include <openssl/obj_mac.h> #include <openssl/bn.h> + #include "bn_int.h" +#ifdef OPENSSL_FIPS +# include <openssl/fips.h> +#endif static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, const BIGNUM *, const BIGNUM *, -@@ -78,7 +81,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = +@@ -79,7 +82,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = NULL, /* init */ NULL, /* finish */ #endif @@ -171,9 +146,9 @@ NULL /* app_data */ }; -@@ -245,6 +248,13 @@ static ECDSA_SIG *ecdsa_do_sign(const un - ECDSA_DATA *ecdsa; +@@ -261,6 +264,13 @@ static ECDSA_SIG *ecdsa_do_sign(const un const BIGNUM *priv_key; + BN_MONT_CTX *mont_data; +#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { @@ -185,7 +160,7 @@ ecdsa = ecdsa_check(eckey); group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); -@@ -358,6 +368,13 @@ static int ecdsa_do_verify(const unsigne +@@ -386,6 +396,13 @@ static int ecdsa_do_verify(const unsigne const EC_GROUP *group; const EC_POINT *pub_key; @@ -199,10 +174,10 @@ /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -Index: openssl-1.0.2a/crypto/ec/ec_cvt.c +Index: openssl-1.0.2p/crypto/ec/ec_cvt.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_cvt.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_cvt.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/ec/ec_cvt.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ec/ec_cvt.c 2018-08-15 15:07:50.085774795 +0200 @@ -82,10 +82,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const B const EC_METHOD *meth; EC_GROUP *ret; @@ -225,10 +200,10 @@ meth = EC_GF2m_simple_method(); ret = EC_GROUP_new(meth); -Index: openssl-1.0.2a/crypto/ec/ec_key.c +Index: openssl-1.0.2p/crypto/ec/ec_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_key.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_key.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/ec/ec_key.c 2018-08-15 15:07:48.569763139 +0200 ++++ openssl-1.0.2p/crypto/ec/ec_key.c 2018-08-15 15:07:50.085774795 +0200 @@ -64,9 +64,6 @@ #include <string.h> #include "ec_lcl.h" @@ -306,7 +281,7 @@ ok = 1; err: -@@ -408,10 +447,12 @@ int EC_KEY_set_public_key_affine_coordin +@@ -414,10 +453,12 @@ int EC_KEY_set_public_key_affine_coordin goto err; } /* @@ -322,10 +297,10 @@ ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); goto err; -Index: openssl-1.0.2a/crypto/ec/ecp_mont.c +Index: openssl-1.0.2p/crypto/ec/ecp_mont.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ecp_mont.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ec/ecp_mont.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/ec/ecp_mont.c 2018-08-14 14:48:57.000000000 +0200 ++++ openssl-1.0.2p/crypto/ec/ecp_mont.c 2018-08-15 15:07:50.085774795 +0200 @@ -63,10 +63,6 @@ #include <openssl/err.h> @@ -349,10 +324,10 @@ return &ret; } -Index: openssl-1.0.2a/crypto/ec/ecp_nist.c +Index: openssl-1.0.2p/crypto/ec/ecp_nist.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ecp_nist.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ec/ecp_nist.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/ec/ecp_nist.c 2018-08-14 14:48:57.000000000 +0200 ++++ openssl-1.0.2p/crypto/ec/ecp_nist.c 2018-08-15 15:07:50.085774795 +0200 @@ -67,10 +67,6 @@ #include <openssl/obj_mac.h> #include "ec_lcl.h" @@ -376,10 +351,10 @@ return &ret; } -Index: openssl-1.0.2a/crypto/ec/ecp_smpl.c +Index: openssl-1.0.2p/crypto/ec/ecp_smpl.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ecp_smpl.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/ec/ecp_smpl.c 2015-05-24 21:43:08.872837721 +0200 +--- openssl-1.0.2p.orig/crypto/ec/ecp_smpl.c 2018-08-14 14:48:57.000000000 +0200 ++++ openssl-1.0.2p/crypto/ec/ecp_smpl.c 2018-08-15 15:07:50.085774795 +0200 @@ -66,10 +66,6 @@ #include <openssl/err.h> #include <openssl/symhacks.h> @@ -417,10 +392,10 @@ if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) -Index: openssl-1.0.2a/crypto/evp/m_ecdsa.c +Index: openssl-1.0.2p/crypto/evp/m_ecdsa.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_ecdsa.c 2015-05-24 14:52:39.768392752 +0200 -+++ openssl-1.0.2a/crypto/evp/m_ecdsa.c 2015-05-24 14:55:25.866876513 +0200 +--- openssl-1.0.2p.orig/crypto/evp/m_ecdsa.c 2018-08-15 15:07:48.573763170 +0200 ++++ openssl-1.0.2p/crypto/evp/m_ecdsa.c 2018-08-15 15:07:50.085774795 +0200 @@ -136,7 +136,7 @@ static const EVP_MD ecdsa_md = { NID_ecdsa_with_SHA1, NID_ecdsa_with_SHA1, @@ -430,10 +405,10 @@ init, update, final, -Index: openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c +Index: openssl-1.0.2p/crypto/fips/cavs/fips_ecdhvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c 2015-05-24 14:55:25.867876528 +0200 ++++ openssl-1.0.2p/crypto/fips/cavs/fips_ecdhvs.c 2018-08-15 15:07:50.085774795 +0200 @@ -0,0 +1,456 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL @@ -891,10 +866,10 @@ +} + +#endif -Index: openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c +Index: openssl-1.0.2p/crypto/fips/cavs/fips_ecdsavs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c 2015-05-24 14:55:25.867876528 +0200 ++++ openssl-1.0.2p/crypto/fips/cavs/fips_ecdsavs.c 2018-08-15 15:07:50.085774795 +0200 @@ -0,0 +1,486 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL @@ -1382,10 +1357,10 @@ +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c +Index: openssl-1.0.2p/crypto/fips/fips_ecdh_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c 2015-05-24 14:55:25.867876528 +0200 ++++ openssl-1.0.2p/crypto/fips/fips_ecdh_selftest.c 2018-08-15 15:07:50.085774795 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL @@ -1629,10 +1604,10 @@ +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c +Index: openssl-1.0.2p/crypto/fips/fips_ecdsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c 2015-05-24 14:55:25.867876528 +0200 ++++ openssl-1.0.2p/crypto/fips/fips_ecdsa_selftest.c 2018-08-15 15:07:50.085774795 +0200 @@ -0,0 +1,165 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL @@ -1799,10 +1774,10 @@ +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips.h +Index: openssl-1.0.2p/crypto/fips/fips.h =================================================================== ---- openssl-1.0.2a.orig/crypto/fips/fips.h 2015-05-24 14:55:25.854876334 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-05-24 21:41:19.603243847 +0200 +--- openssl-1.0.2p.orig/crypto/fips/fips.h 2018-08-15 15:07:48.573763170 +0200 ++++ openssl-1.0.2p/crypto/fips/fips.h 2018-08-15 15:07:50.085774795 +0200 @@ -93,6 +93,8 @@ extern "C" { void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); @@ -1812,10 +1787,10 @@ void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -Index: openssl-1.0.2a/crypto/fips/fips_post.c +Index: openssl-1.0.2p/crypto/fips/fips_post.c =================================================================== ---- openssl-1.0.2a.orig/crypto/fips/fips_post.c 2015-05-24 14:55:25.854876334 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-05-24 21:41:18.397226254 +0200 +--- openssl-1.0.2p.orig/crypto/fips/fips_post.c 2018-08-15 15:07:48.573763170 +0200 ++++ openssl-1.0.2p/crypto/fips/fips_post.c 2018-08-15 15:07:50.085774795 +0200 @@ -95,8 +95,12 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_rsa()) @@ -1829,10 +1804,10 @@ return rv; } -Index: openssl-1.0.2a/crypto/fips/Makefile +Index: openssl-1.0.2p/crypto/fips/Makefile =================================================================== ---- openssl-1.0.2a.orig/crypto/fips/Makefile 2015-05-24 14:55:25.856876363 +0200 -+++ openssl-1.0.2a/crypto/fips/Makefile 2015-05-24 21:41:18.397226254 +0200 +--- openssl-1.0.2p.orig/crypto/fips/Makefile 2018-08-15 15:07:48.573763170 +0200 ++++ openssl-1.0.2p/crypto/fips/Makefile 2018-08-15 15:07:50.085774795 +0200 @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ ++++++ openssl-1.0.2a-ipv6-apps.patch ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.534294071 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.534294071 +0100 @@ -1,17 +1,17 @@ -diff --git a/apps/s_apps.h b/apps/s_apps.h -index 5ba1e1d..0020e23 100644 ---- a/apps/s_apps.h -+++ b/apps/s_apps.h +Index: openssl-1.0.2p/apps/s_apps.h +=================================================================== +--- openssl-1.0.2p.orig/apps/s_apps.h 2018-08-15 15:56:31.832169858 +0200 ++++ openssl-1.0.2p/apps/s_apps.h 2018-08-15 16:04:47.219955276 +0200 @@ -151,7 +151,7 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int type, int *ret, +int do_server(char *port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); -@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SSL *s); + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept); + #ifdef HEADER_X509_H +@@ -166,11 +166,10 @@ int ssl_print_point_formats(BIO *out, SS int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); @@ -25,10 +25,10 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -diff --git a/apps/s_client.c b/apps/s_client.c -index c855668..00b5620 100644 ---- a/apps/s_client.c -+++ b/apps/s_client.c +Index: openssl-1.0.2p/apps/s_client.c +=================================================================== +--- openssl-1.0.2p.orig/apps/s_client.c 2018-08-15 15:56:31.832169858 +0200 ++++ openssl-1.0.2p/apps/s_client.c 2018-08-15 16:04:47.219955276 +0200 @@ -668,7 +668,7 @@ int MAIN(int argc, char **argv) int cbuf_len, cbuf_off; int sbuf_len, sbuf_off; @@ -63,10 +63,10 @@ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); goto end; -diff --git a/apps/s_server.c b/apps/s_server.c -index 6d407dd..5ce1a7c 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c +Index: openssl-1.0.2p/apps/s_server.c +=================================================================== +--- openssl-1.0.2p.orig/apps/s_server.c 2018-08-15 15:56:31.832169858 +0200 ++++ openssl-1.0.2p/apps/s_server.c 2018-08-15 16:04:47.219955276 +0200 @@ -1082,7 +1082,7 @@ int MAIN(int argc, char *argv[]) { X509_VERIFY_PARAM *vpm = NULL; @@ -76,7 +76,7 @@ char *CApath = NULL, *CAfile = NULL; char *chCApath = NULL, *chCAfile = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL; -@@ -1170,7 +1170,8 @@ int MAIN(int argc, char *argv[]) +@@ -1173,7 +1173,8 @@ int MAIN(int argc, char *argv[]) if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) { if (--argc < 1) goto bad; @@ -86,7 +86,7 @@ goto bad; } else if (strcmp(*argv, "-naccept") == 0) { if (--argc < 1) -@@ -2064,13 +2065,13 @@ int MAIN(int argc, char *argv[]) +@@ -2075,13 +2076,13 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); if (rev) @@ -103,11 +103,11 @@ naccept); print_stats(bio_s_out, ctx); ret = 0; -diff --git a/apps/s_socket.c b/apps/s_socket.c -index 83624ca..6c24dc6 100644 ---- a/apps/s_socket.c -+++ b/apps/s_socket.c -@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(char *name); +Index: openssl-1.0.2p/apps/s_socket.c +=================================================================== +--- openssl-1.0.2p.orig/apps/s_socket.c 2018-08-15 15:56:31.832169858 +0200 ++++ openssl-1.0.2p/apps/s_socket.c 2018-08-15 16:14:36.336471136 +0200 +@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha static void ssl_sock_cleanup(void); # endif static int ssl_sock_init(void); @@ -115,7 +115,7 @@ -static int init_server(int *sock, int port, int type); -static int init_server_long(int *sock, int port, char *ip, int type); +static int init_server(int *sock, char *port, int type); - static int do_accept(int acc_sock, int *sock, char **host); + static int do_accept(int acc_sock, int *sock); static int host_ip(char *str, unsigned char ip[4]); @@ -231,65 +229,66 @@ static int ssl_sock_init(void) @@ -159,12 +159,13 @@ - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); +- +- if (s == INVALID_SOCKET) { +- perror("socket"); + memset(&hints, '\0', sizeof(hints)); + hints.ai_socktype = type; + hints.ai_flags = AI_ADDRCONFIG; - -- if (s == INVALID_SOCKET) { -- perror("socket"); ++ + e = getaddrinfo(host, port, &hints, &res); + if (e) { + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); @@ -199,16 +200,16 @@ } - } # endif +- +- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { +- closesocket(s); +- perror("connect"); +- return (0); + if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) { + freeaddrinfo(res0); + *sock = s; + return (1); + } - -- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { -- closesocket(s); -- perror("connect"); -- return (0); + failed_call = "socket"; + nextres: + if (s != INVALID_SOCKET) @@ -223,13 +224,14 @@ + perror(failed_call); + return (0); } ++ -int do_server(int port, int type, int *ret, +int do_server(char *port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) -@@ -328,69 +327,89 @@ int do_server(int port, int type, int *ret, + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept) + { +@@ -324,64 +323,83 @@ int do_server(int port, int type, int *r } } @@ -258,12 +260,6 @@ - memcpy(&server.sin_addr.s_addr, ip, 4); -# else - memcpy(&server.sin_addr, ip, 4); --# endif -- -- if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + memset(&hints, '\0', sizeof(hints)); + hints.ai_family = AF_INET6; + tryipv4: @@ -280,9 +276,6 @@ + } else + res = NULL; + } - -- if (s == INVALID_SOCKET) -- goto err; + res0 = res; + while (res) { + s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); @@ -294,22 +287,17 @@ + int j = 0; + setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j); + } - # if defined SOL_SOCKET && defined SO_REUSEADDR -- { -- int j = 1; -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); -- } --# endif -- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { --# ifndef OPENSSL_SYS_WINDOWS -- perror("bind"); ++# if defined SOL_SOCKET && defined SO_REUSEADDR + { + int j = 1; + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); + } # endif -- goto err; -+ + +- if (type == SOCK_STREAM) +- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) { + failed_call = "bind"; + goto nextres; @@ -318,15 +306,21 @@ + failed_call = "listen"; + goto nextres; + } -+ -+ *sock = s; -+ return (1); -+ -+ nextres: -+ if (s != INVALID_SOCKET) -+ close(s); -+ res = res->ai_next; - } + +- if (s == INVALID_SOCKET) +- goto err; +-# if defined SOL_SOCKET && defined SO_REUSEADDR +- { +- int j = 1; +- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); +- } +-# endif +- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { +-# ifndef OPENSSL_SYS_WINDOWS +- perror("bind"); +-# endif +- goto err; +- } - /* Make it 128 for linux */ - if (type == SOCK_STREAM && listen(s, 128) == -1) - goto err; @@ -335,9 +329,22 @@ - err: - if ((ret == 0) && (s != -1)) { - SHUTDOWN(s); ++ *sock = s; ++ return (1); ++ ++ nextres: ++ if (s != INVALID_SOCKET) ++ close(s); ++ res = res->ai_next; + } +- return (ret); +-} + if (res0) + freeaddrinfo(res0); -+ + +-static int init_server(int *sock, int port, int type) +-{ +- return (init_server_long(sock, port, NULL, type)); + if (s == INVALID_SOCKET) { + if (hints.ai_family == AF_INET6) { + hints.ai_family = AF_INET; @@ -345,82 +352,17 @@ + } + perror("socket"); + return (0); - } -- return (ret); --} - --static int init_server(int *sock, int port, int type) --{ -- return (init_server_long(sock, port, NULL, type)); ++ } + perror(failed_call); + return (0); } - static int do_accept(int acc_sock, int *sock, char **host) ++ + static int do_accept(int acc_sock, int *sock) { -+ static struct sockaddr_storage from; -+ char buffer[NI_MAXHOST]; int ret; -- struct hostent *h1, *h2; -- static struct sockaddr_in from; - int len; - /* struct linger ling; */ - -@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *sock, char **host) - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); -- if (i < 0) { perror("linger"); return(0); } -+ if (i < 0) { closesocket(ret); perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); -- if (i < 0) { perror("keepalive"); return(0); } -+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); } - */ - - if (host == NULL) - goto end; --# ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr), AF_INET); --# else -- h1 = gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr), AF_INET); --# endif -- if (h1 == NULL) { -- BIO_printf(bio_err, "bad gethostbyaddr\n"); -+ -+ if (getnameinfo((struct sockaddr *)&from, sizeof(from), -+ buffer, sizeof(buffer), NULL, 0, 0)) { -+ BIO_printf(bio_err, "getnameinfo failed\n"); - *host = NULL; - /* return(0); */ - } else { -- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) { -+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) { - perror("OPENSSL_malloc"); - closesocket(ret); - return (0); - } -- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); -- -- h2 = GetHostByName(*host); -- if (h2 == NULL) { -- BIO_printf(bio_err, "gethostbyname failure\n"); -- closesocket(ret); -- return (0); -- } -- if (h2->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -- closesocket(ret); -- return (0); -- } -+ strcpy(*host, buffer); - } - end: - *sock = ret; - return (1); +@@ -422,29 +440,34 @@ static int do_accept(int acc_sock, int * + return 1; } -int extract_host_port(char *str, char **host_ptr, unsigned char *ip, @@ -428,11 +370,10 @@ +int extract_host_port(char *str, char **host_ptr, char **port_ptr) { - char *h, *p; -- ++ char *h, *p, *x; + - h = str; - p = strchr(str, ':'); -+ char *h, *p, *x; -+ + x = h = str; + if (*h == '[') { + h++; @@ -460,73 +401,13 @@ - if (!extract_port(p, port_ptr)) - goto err; -- return (1); -- err: -- return (0); --} -- --static int host_ip(char *str, unsigned char ip[4]) --{ -- unsigned int in[4]; -- int i; -- -- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == -- 4) { -- for (i = 0; i < 4; i++) -- if (in[i] > 255) { -- BIO_printf(bio_err, "invalid IP address\n"); -- goto err; -- } -- ip[0] = in[0]; -- ip[1] = in[1]; -- ip[2] = in[2]; -- ip[3] = in[3]; -- } else { /* do a gethostbyname */ -- struct hostent *he; -- -- if (!ssl_sock_init()) -- return (0); -- -- he = GetHostByName(str); -- if (he == NULL) { -- BIO_printf(bio_err, "gethostbyname failure\n"); -- goto err; -- } -- /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -- return (0); -- } -- ip[0] = he->h_addr_list[0][0]; -- ip[1] = he->h_addr_list[0][1]; -- ip[2] = he->h_addr_list[0][2]; -- ip[3] = he->h_addr_list[0][3]; -- } -- return (1); + return (1); - err: - return (0); --} -- --int extract_port(char *str, short *port_ptr) --{ -- int i; -- struct servent *s; -- -- i = atoi(str); -- if (i != 0) -- *port_ptr = (unsigned short)i; -- else { -- s = getservbyname(str, "tcp"); -- if (s == NULL) { -- BIO_printf(bio_err, "getservbyname failure for %s\n", str); -- return (0); -- } -- *port_ptr = ntohs((unsigned short)s->s_port); -- } - return (1); } -@@ -595,7 +540,7 @@ static struct hostent *GetHostByName(char *name) + static int host_ip(char *str, unsigned char ip[4]) +@@ -540,7 +563,7 @@ static struct hostent *GetHostByName(cha if (ret == NULL) return (NULL); /* else add to cache */ ++++++ openssl-1.0.2i-fips.patch ++++++ ++++ 1603 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1.0.2i-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.28833/openssl-1.0.2i-fips.patch ++++++ openssl-1.0.2i-new-fips-reqs.patch ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.566294041 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.566294041 +0100 @@ -1,6 +1,7 @@ -diff -up openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2i/crypto/bn/bn_rand.c ---- openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs 2016-09-22 13:54:26.533848449 +0200 -+++ openssl-1.0.2i/crypto/bn/bn_rand.c 2016-09-22 13:56:52.169233060 +0200 +Index: openssl-1.0.2p/crypto/bn/bn_rand.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/bn/bn_rand.c 2018-08-15 15:12:00.099696743 +0200 ++++ openssl-1.0.2p/crypto/bn/bn_rand.c 2018-08-15 15:12:05.687739699 +0200 @@ -141,8 +141,11 @@ static int bnrand(int pseudorand, BIGNUM } @@ -15,9 +16,10 @@ /* We ignore the value of pseudorand and always call RAND_bytes */ if (RAND_bytes(buf, bytes) <= 0) -diff -up openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2i/crypto/dh/dh_gen.c ---- openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs 2016-09-22 13:54:26.489847426 +0200 -+++ openssl-1.0.2i/crypto/dh/dh_gen.c 2016-09-22 13:54:26.533848449 +0200 +Index: openssl-1.0.2p/crypto/dh/dh_gen.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/dh/dh_gen.c 2018-08-15 15:12:00.099696743 +0200 ++++ openssl-1.0.2p/crypto/dh/dh_gen.c 2018-08-15 15:12:05.687739699 +0200 @@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret, return 0; } @@ -27,9 +29,10 @@ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); goto err; } -diff -up openssl-1.0.2i/crypto/dh/dh.h.fips-reqs openssl-1.0.2i/crypto/dh/dh.h ---- openssl-1.0.2i/crypto/dh/dh.h.fips-reqs 2016-09-22 13:54:26.489847426 +0200 -+++ openssl-1.0.2i/crypto/dh/dh.h 2016-09-22 13:54:26.534848472 +0200 +Index: openssl-1.0.2p/crypto/dh/dh.h +=================================================================== +--- openssl-1.0.2p.orig/crypto/dh/dh.h 2018-08-15 15:12:00.099696743 +0200 ++++ openssl-1.0.2p/crypto/dh/dh.h 2018-08-15 15:12:05.687739699 +0200 @@ -78,6 +78,7 @@ # endif @@ -38,9 +41,10 @@ # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_gen.c ---- openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs 2016-09-22 13:54:26.490847450 +0200 -+++ openssl-1.0.2i/crypto/dsa/dsa_gen.c 2016-09-22 13:54:26.534848472 +0200 +Index: openssl-1.0.2p/crypto/dsa/dsa_gen.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/dsa/dsa_gen.c 2018-08-15 15:12:00.103696775 +0200 ++++ openssl-1.0.2p/crypto/dsa/dsa_gen.c 2018-08-15 15:12:05.695739761 +0200 @@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_ } @@ -56,9 +60,10 @@ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); goto err; } -diff -up openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2i/crypto/dsa/dsa.h ---- openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs 2016-09-22 13:54:26.490847450 +0200 -+++ openssl-1.0.2i/crypto/dsa/dsa.h 2016-09-22 13:54:26.534848472 +0200 +Index: openssl-1.0.2p/crypto/dsa/dsa.h +=================================================================== +--- openssl-1.0.2p.orig/crypto/dsa/dsa.h 2018-08-15 15:12:00.107696804 +0200 ++++ openssl-1.0.2p/crypto/dsa/dsa.h 2018-08-15 15:12:05.703739822 +0200 @@ -89,6 +89,7 @@ # endif @@ -67,22 +72,11 @@ # define DSA_FLAG_CACHE_MONT_P 0x01 /* -@@ -251,9 +252,9 @@ int DSAparams_print_fp(FILE *fp, const D - int DSA_print_fp(FILE *bp, const DSA *x, int off); - # endif - --# define DSS_prime_checks 50 -+# define DSS_prime_checks 64 - /* -- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of -+ * Primality test according to FIPS PUB 186-4, Appendix 2.1: 64 rounds of - * Rabin-Miller - */ - # define DSA_is_prime(n, callback, cb_arg) \ -diff -up openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_key.c ---- openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200 -+++ openssl-1.0.2i/crypto/dsa/dsa_key.c 2016-09-22 13:54:26.534848472 +0200 -@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa) +Index: openssl-1.0.2p/crypto/dsa/dsa_key.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/dsa/dsa_key.c 2018-08-15 15:12:00.107696804 +0200 ++++ openssl-1.0.2p/crypto/dsa/dsa_key.c 2018-08-15 15:12:05.703739822 +0200 +@@ -120,7 +120,7 @@ static int dsa_builtin_keygen(DSA *dsa) # ifdef OPENSSL_FIPS if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) @@ -91,10 +85,11 @@ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); goto err; } -diff -up openssl-1.0.2i/crypto/fips/fips.c.fips-reqs openssl-1.0.2i/crypto/fips/fips.c ---- openssl-1.0.2i/crypto/fips/fips.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200 -+++ openssl-1.0.2i/crypto/fips/fips.c 2016-09-22 13:54:26.534848472 +0200 -@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons +Index: openssl-1.0.2p/crypto/fips/fips.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/fips/fips.c 2018-08-15 15:12:00.111696835 +0200 ++++ openssl-1.0.2p/crypto/fips/fips.c 2018-08-15 15:12:05.703739822 +0200 +@@ -418,26 +418,24 @@ int FIPS_module_mode_set(int onoff, cons ret = 0; goto end; } @@ -127,9 +122,10 @@ ret = 1; goto end; } -diff -up openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_dh_selftest.c ---- openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs 2016-09-22 13:54:26.535848495 +0200 -+++ openssl-1.0.2i/crypto/fips/fips_dh_selftest.c 2016-09-22 13:54:26.535848495 +0200 +Index: openssl-1.0.2p/crypto/fips/fips_dh_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2p/crypto/fips/fips_dh_selftest.c 2018-08-15 15:12:05.703739822 +0200 @@ -0,0 +1,162 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -293,9 +289,10 @@ + return ret; +} +#endif -diff -up openssl-1.0.2i/crypto/fips/fips.h.fips-reqs openssl-1.0.2i/crypto/fips/fips.h ---- openssl-1.0.2i/crypto/fips/fips.h.fips-reqs 2016-09-22 13:54:26.527848309 +0200 -+++ openssl-1.0.2i/crypto/fips/fips.h 2016-09-22 13:54:26.535848495 +0200 +Index: openssl-1.0.2p/crypto/fips/fips.h +=================================================================== +--- openssl-1.0.2p.orig/crypto/fips/fips.h 2018-08-15 15:12:00.039696282 +0200 ++++ openssl-1.0.2p/crypto/fips/fips.h 2018-08-15 15:12:05.703739822 +0200 @@ -96,6 +96,7 @@ extern "C" { int FIPS_selftest_dsa(void); int FIPS_selftest_ecdsa(void); @@ -304,9 +301,10 @@ void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_post.c ---- openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs 2016-09-22 13:54:26.524848240 +0200 -+++ openssl-1.0.2i/crypto/fips/fips_post.c 2016-09-22 13:54:26.535848495 +0200 +Index: openssl-1.0.2p/crypto/fips/fips_post.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/fips/fips_post.c 2018-08-15 15:12:00.023696159 +0200 ++++ openssl-1.0.2p/crypto/fips/fips_post.c 2018-08-15 15:12:05.703739822 +0200 @@ -99,6 +99,8 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_dsa()) @@ -316,9 +314,10 @@ if (!FIPS_selftest_ecdh()) rv = 0; return rv; -diff -up openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs 2016-09-22 13:54:26.499847659 +0200 -+++ openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c 2016-09-22 13:54:26.537848542 +0200 +Index: openssl-1.0.2p/crypto/fips/fips_rsa_selftest.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/fips/fips_rsa_selftest.c 2018-08-15 15:12:00.003696005 +0200 ++++ openssl-1.0.2p/crypto/fips/fips_rsa_selftest.c 2018-08-15 15:12:05.707739853 +0200 @@ -60,68 +60,107 @@ #ifdef OPENSSL_FIPS @@ -973,9 +972,10 @@ RSA_free(key); return ret; } -diff -up openssl-1.0.2i/crypto/fips/Makefile.fips-reqs openssl-1.0.2i/crypto/fips/Makefile ---- openssl-1.0.2i/crypto/fips/Makefile.fips-reqs 2016-09-22 13:54:26.524848240 +0200 -+++ openssl-1.0.2i/crypto/fips/Makefile 2016-09-22 13:54:26.537848542 +0200 +Index: openssl-1.0.2p/crypto/fips/Makefile +=================================================================== +--- openssl-1.0.2p.orig/crypto/fips/Makefile 2018-08-15 15:12:00.023696159 +0200 ++++ openssl-1.0.2p/crypto/fips/Makefile 2018-08-15 15:12:05.707739853 +0200 @@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -994,9 +994,10 @@ LIBCRYPTO=-L.. -lcrypto -diff -up openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2i/crypto/rand/rand_lcl.h ---- openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs 2016-09-22 13:54:26.261842127 +0200 -+++ openssl-1.0.2i/crypto/rand/rand_lcl.h 2016-09-22 13:54:26.537848542 +0200 +Index: openssl-1.0.2p/crypto/rand/rand_lcl.h +=================================================================== +--- openssl-1.0.2p.orig/crypto/rand/rand_lcl.h 2018-08-14 14:48:58.000000000 +0200 ++++ openssl-1.0.2p/crypto/rand/rand_lcl.h 2018-08-15 15:12:05.707739853 +0200 @@ -112,7 +112,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -1006,9 +1007,10 @@ # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -diff -up openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2i/crypto/rand/rand_lib.c ---- openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/crypto/rand/rand_lib.c 2016-09-22 13:54:26.537848542 +0200 +Index: openssl-1.0.2p/crypto/rand/rand_lib.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/rand/rand_lib.c 2018-08-14 14:48:58.000000000 +0200 ++++ openssl-1.0.2p/crypto/rand/rand_lib.c 2018-08-15 15:12:05.707739853 +0200 @@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx, double entropy) { @@ -1032,9 +1034,10 @@ return 1; } -diff -up openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2i/crypto/rsa/rsa_gen.c ---- openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs 2016-09-22 13:54:26.502847728 +0200 -+++ openssl-1.0.2i/crypto/rsa/rsa_gen.c 2016-09-22 13:54:26.538848565 +0200 +Index: openssl-1.0.2p/crypto/rsa/rsa_gen.c +=================================================================== +--- openssl-1.0.2p.orig/crypto/rsa/rsa_gen.c 2018-08-15 15:12:00.003696005 +0200 ++++ openssl-1.0.2p/crypto/rsa/rsa_gen.c 2018-08-15 15:12:05.707739853 +0200 @@ -1,5 +1,6 @@ /* crypto/rsa/rsa_gen.c */ /* Copyright (C) 1995-1998 Eric Young ([email protected]) @@ -1302,7 +1305,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { -@@ -180,15 +434,11 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -191,15 +445,11 @@ static int rsa_builtin_keygen(RSA *rsa, #ifdef OPENSSL_FIPS if (FIPS_module_mode()) { @@ -1319,7 +1322,7 @@ } #endif -@@ -317,16 +567,6 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -339,16 +589,6 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) goto err; @@ -1336,9 +1339,10 @@ ok = 1; err: if (ok == -1) { -diff -up openssl-1.0.2i/ssl/t1_enc.c.fips-reqs openssl-1.0.2i/ssl/t1_enc.c ---- openssl-1.0.2i/ssl/t1_enc.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/ssl/t1_enc.c 2016-09-22 13:54:26.538848565 +0200 +Index: openssl-1.0.2p/ssl/t1_enc.c +=================================================================== +--- openssl-1.0.2p.orig/ssl/t1_enc.c 2018-08-14 14:48:59.000000000 +0200 ++++ openssl-1.0.2p/ssl/t1_enc.c 2018-08-15 15:12:05.707739853 +0200 @@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask, return ret; } ++++++ openssl-CVE-2018-0737-fips.patch ++++++ Adjustments to fips_rsa_builtin_keygen along the lines of the CVE-2018-0737 fix which consists of commits: 9db724cfede4ba7a3668bff533973ee70145ec07 011f82e66f4bf131c733fd41a8390039859aafb2 7150a4720af7913cae16f2e4eaf768b578c0b298 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Index: openssl-1.0.2p/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2p.orig/crypto/rsa/rsa_gen.c 2018-09-04 11:18:01.208954538 +0200 +++ openssl-1.0.2p/crypto/rsa/rsa_gen.c 2018-09-04 13:50:07.744359213 +0200 @@ -183,6 +183,7 @@ static int FIPS_rsa_builtin_keygen(RSA * int n = 0; int test = 0; int pbits = bits / 2; + unsigned long error = 0; if (FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); @@ -252,6 +253,10 @@ retry: if (!BN_lshift(r3, r3, pbits - 100)) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); + /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: @@ -266,9 +271,9 @@ retry: if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, cb); @@ -276,6 +281,15 @@ retry: goto err; if (r > 0) break; + } else { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } } if (!BN_GENCB_call(cb, 2, n++)) @@ -309,9 +323,9 @@ retry: if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, cb); @@ -319,6 +333,15 @@ retry: goto err; if (r > 0) break; + } else { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } } if (!BN_GENCB_call(cb, 2, n++)) ++++++ openssl-One_and_Done.patch ++++++ commit 848113a30b431c2fe21ae8de2a366b9b6146fb92 Author: User <[email protected]> Date: Wed May 16 13:59:36 2018 -0400 bn/bn_exp.c: mitigation of the One-and-Done side-channel attack. The One&Done attack, which is described in a paper to appear in the USENIX Security'18 conference, uses EM emanations to recover the values of the bits that are obtained using BN_is_bit_set while constructing the value of the window in BN_mod_exp_consttime. The EM signal changes slightly depending on the value of the bit, and since the lookup of a bit is surrounded by highly regular execution (constant-time Montgomery multiplications) the attack is able to isolate the (very brief) part of the signal that changes depending on the bit. Although the change is slight, the attack recovers it successfully >90% of the time on several phones and IoT devices (all with ARM processors with clock rates around 1GHz), so after only one RSA decryption more than 90% of the bits in d_p and d_q are recovered correctly, which enables rapid recovery of the full RSA key using an algorithm (also described in the paper) that modifies the branch-and-prune approach for a situation in which the exponents' bits are recovered with errors, i.e. where we do not know a priori which bits are correctly recovered. The mitigation for the attack is relatively simple - all the bits of the window are obtained at once, along with other bits so that an entire integer's worth of bits are obtained together using masking and shifts, without unnecessarily considering each bit in isolation. This improves performance somewhat (one call to bn_get_bits is faster than several calls to BN_is_bit_set), so the attacker now gets one signal snippet per window (rather than one per bit) in which the signal is affected by all bits in the integer (rather than just the one bit). Reviewed-by: Andy Polyakov <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/6276) >From 3f0c3d2263cd98dd3bcd366f199f0df7c9887d81 Mon Sep 17 00:00:00 2001 From: Andy Polyakov <[email protected]> Date: Wed, 13 Jun 2018 14:00:04 +0200 Subject: [PATCH] bn/bn_exp.c: harmonize all code paths with last commit. 848113a30b431c2fe21ae8de2a366b9b6146fb92 added mitigation for a side-channel attack. This commit extends approach to all code paths for consistency. [It also removes redundant white spaces introduced in last commit.] Reviewed-by: Rich Salz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/6480) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 36b7ba6..f96aea2 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -586,7 +586,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, return (ret); } -#if defined(SPARC_T4_MONT) static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) { BN_ULONG ret = 0; @@ -605,7 +604,6 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) return ret & BN_MASK2; } -#endif /* * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific @@ -704,7 +702,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { - int i, bits, ret = 0, window, wvalue; + int i, bits, ret = 0, window, wvalue, wmask, window0; int top; BN_MONT_CTX *mont = NULL; @@ -956,20 +954,27 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top /= 2; bn_flip_t4(np, mont->N.d, top); - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5_t4(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { + while (bits > 0) { if (bits < stride) - stride = bits + 1; + stride = bits; bits -= stride; - wvalue = bn_get_bits(p, bits + 1); + wvalue = bn_get_bits(p, bits); if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) continue; @@ -1077,32 +1082,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_scatter5(tmp.d, top, powerbuf, i); } # endif - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - if (top & 7) - while (bits >= 0) { - for (wvalue = 0, i = 0; i < 5; i++, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - + if (top & 7) { + while (bits > 0) { bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); + bn_get_bits5(p->d, bits -= 5)); + } } else { - while (bits >= 0) { - wvalue = bn_get_bits5(p->d, bits - 4); - bits -= 5; - bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue); + while (bits > 0) { + bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, + bn_get_bits5(p->d, bits -= 5)); } } @@ -1144,27 +1153,44 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - bits--; - for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % window + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, window)) goto err; + wmask = (1 << window) - 1; /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { - wvalue = 0; /* The 'value' of the window */ + while (bits > 0) { - /* Scan the window, squaring the result as we go */ - for (i = 0; i < window; i++, bits--) { + /* Square the result window-size times */ + for (i = 0; i < window; i++) if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - } + /* + * Get a window's worth of bits from the exponent + * This avoids calling BN_is_bit_set for each bit, which + * is not only slower but also makes each bit vulnerable to + * EM (and likely other) side-channel attacks like One&Done + * (for details see "One&Done: A Single-Decryption EM-Based + * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and + * M. Prvulovic, in USENIX Security'18) + */ + bits -= window; + wvalue = bn_get_bits(p, bits) & wmask; /* * Fetch the appropriate pre-computed value from the pre-buf */ ++++++ openssl-fipslocking.patch ++++++ --- /var/tmp/diff_new_pack.xKhnXR/_old 2019-01-15 09:15:19.626293985 +0100 +++ /var/tmp/diff_new_pack.xKhnXR/_new 2019-01-15 09:15:19.626293985 +0100 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2n/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.2q/crypto/fips/fips_drbg_rand.c =================================================================== ---- openssl-1.0.2n.orig/crypto/fips/fips_drbg_rand.c 2017-12-08 13:31:56.267746606 +0100 -+++ openssl-1.0.2n/crypto/fips/fips_drbg_rand.c 2017-12-08 13:31:56.307747247 +0100 +--- openssl-1.0.2q.orig/crypto/fips/fips_drbg_rand.c 2018-11-20 15:51:27.401475952 +0100 ++++ openssl-1.0.2q/crypto/fips/fips_drbg_rand.c 2018-11-20 15:51:27.501476547 +0100 @@ -82,7 +82,8 @@ static int fips_drbg_bytes(unsigned char if (count > dctx->min_entropy) RAND_load_file("/dev/urandom", count - dctx->min_entropy); @@ -81,10 +81,10 @@ } static const RAND_METHOD rand_drbg_meth = { -Index: openssl-1.0.2n/crypto/rand/md_rand.c +Index: openssl-1.0.2q/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2n.orig/crypto/rand/md_rand.c 2017-12-08 13:31:56.267746606 +0100 -+++ openssl-1.0.2n/crypto/rand/md_rand.c 2017-12-08 13:31:56.311747311 +0100 +--- openssl-1.0.2q.orig/crypto/rand/md_rand.c 2018-11-20 15:51:27.401475952 +0100 ++++ openssl-1.0.2q/crypto/rand/md_rand.c 2018-11-20 15:51:27.501476547 +0100 @@ -144,13 +144,6 @@ static long md_count[2] = { 0, 0 }; static double entropy = 0; static int initialized = 0; @@ -160,7 +160,7 @@ #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); -@@ -353,6 +335,7 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -352,6 +334,7 @@ int ssleay_rand_bytes(unsigned char *buf pid_t curr_pid = getpid(); #endif int do_stir_pool = 0; @@ -168,7 +168,7 @@ #ifdef PREDICT if (rand_predictable) { -@@ -394,13 +377,7 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -393,13 +376,7 @@ int ssleay_rand_bytes(unsigned char *buf * global 'md'. */ if (lock) @@ -183,7 +183,7 @@ /* always poll for external entropy in FIPS mode, drbg provides the * expansion -@@ -475,9 +452,8 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -473,9 +450,8 @@ int ssleay_rand_bytes(unsigned char *buf md_count[0] += 1; /* before unlocking, we must clear 'crypto_lock_rand' */ @@ -195,7 +195,7 @@ while (num > 0) { /* num_ceil -= MD_DIGEST_LENGTH/2 */ -@@ -535,15 +511,15 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -533,15 +509,15 @@ int ssleay_rand_bytes(unsigned char *buf !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) goto err; if (lock) @@ -215,8 +215,8 @@ + private_RAND_lock(0); EVP_MD_CTX_cleanup(&m); - if (ok) -@@ -577,33 +553,10 @@ static int ssleay_rand_pseudo_bytes(unsi + if (initialized) +@@ -587,33 +563,10 @@ static int ssleay_rand_pseudo_bytes(unsi static int ssleay_rand_status(void) { @@ -252,9 +252,9 @@ if (!initialized) { RAND_poll(); -@@ -612,12 +565,8 @@ static int ssleay_rand_status(void) +@@ -622,12 +575,8 @@ static int ssleay_rand_status(void) - ret = entropy >= ENTROPY_NEEDED; + ret = initialized; - if (!do_not_lock) { - /* before unlocking, we must clear 'crypto_lock_rand' */ @@ -267,10 +267,10 @@ return ret; } -Index: openssl-1.0.2n/crypto/rand/rand.h +Index: openssl-1.0.2q/crypto/rand/rand.h =================================================================== ---- openssl-1.0.2n.orig/crypto/rand/rand.h 2017-12-08 13:31:56.143744621 +0100 -+++ openssl-1.0.2n/crypto/rand/rand.h 2017-12-08 13:31:56.311747311 +0100 +--- openssl-1.0.2q.orig/crypto/rand/rand.h 2018-11-20 15:51:27.125474308 +0100 ++++ openssl-1.0.2q/crypto/rand/rand.h 2018-11-20 15:51:27.501476547 +0100 @@ -123,6 +123,8 @@ void RAND_set_fips_drbg_type(int type, i int RAND_init_fips(void); # endif @@ -280,10 +280,10 @@ /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes -Index: openssl-1.0.2n/crypto/rand/rand_lib.c +Index: openssl-1.0.2q/crypto/rand/rand_lib.c =================================================================== ---- openssl-1.0.2n.orig/crypto/rand/rand_lib.c 2017-12-08 13:31:56.267746606 +0100 -+++ openssl-1.0.2n/crypto/rand/rand_lib.c 2017-12-08 13:32:55.968702015 +0100 +--- openssl-1.0.2q.orig/crypto/rand/rand_lib.c 2018-11-20 15:51:27.401475952 +0100 ++++ openssl-1.0.2q/crypto/rand/rand_lib.c 2018-11-20 15:51:27.501476547 +0100 @@ -176,6 +176,41 @@ int RAND_status(void) return 0; } @@ -326,7 +326,7 @@ #ifdef OPENSSL_FIPS /* -@@ -237,9 +272,10 @@ static int drbg_rand_add(DRBG_CTX *ctx, +@@ -255,9 +290,10 @@ static int drbg_rand_add(DRBG_CTX *ctx, { RAND_SSLeay()->add(in, inlen, entropy); if (FIPS_rand_status()) { @@ -339,7 +339,7 @@ } return 1; } -@@ -248,9 +284,10 @@ static int drbg_rand_seed(DRBG_CTX *ctx, +@@ -266,9 +302,10 @@ static int drbg_rand_seed(DRBG_CTX *ctx, { RAND_SSLeay()->seed(in, inlen); if (FIPS_rand_status()) {
