Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2017-07-07 10:15:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Fri Jul 7 10:15:17 2017 rev:4 rq:508256 version:1.0.2l Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2017-06-27 10:19:47.307778558 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 2017-07-07 10:15:21.736206236 +0200 @@ -1,0 +2,36 @@ +Tue Jul 4 09:24:55 UTC 2017 - vci...@suse.com + +- Don't run FIPS power-up self-tests when the checksum files aren't + installed (bsc#1042392, boo#1038906) + * add openssl-fips-run_selftests_only_when_module_is_complete.patch +- AES XTS key parts must not be identical in FIPS mode (bsc#1019637) + * add openssl-fips-xts_nonidentical_key_parts.patch +- Allow runtime switching of s390x capabilities via OPENSSL_s390xcap + environmental variable (bsc#1028723) + * add openssl-fips-OPENSSL_s390xcap.patch + +------------------------------------------------------------------- +Tue Jul 4 09:24:51 UTC 2017 - vci...@suse.com + +- remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE (bsc#1027908) + * update patches: + openssl-1.0.1e-add-suse-default-cipher.patch + openssl-1.0.1e-add-test-suse-default-cipher-suite.patch +- s_client sent empty client certificate (bsc#1028281) + Add back certificate initialization set_cert_key_stuff() + which was removed by openssl-1.0.2a-default-paths.patch + * modified openssl-1.0.2a-default-paths.patch + +------------------------------------------------------------------- +Tue Jul 4 09:24:48 UTC 2017 - vci...@suse.com + +- package FIPS CAVS testing tools (bsc#1027688) + * add openssl-fips_add_cavs_tests.patch +- FIPS CAVS: Add AES keywrap (KWVS) test tool (bsc#1044095) + * add openssl-fips_cavs_aes_keywrap.patch +- Fix CAVS testing padding issue with RSA d values (bsc#1044107) + * add openssl-fips_cavs_pad_with_zeroes.patch from Pedro Monreal +- FIPS CAVS: allow fips_* tools to run in FIPS mode (bnc#902364) + * added openssl-fips_cavs_helpers_run_in_fips_mode.patch + +------------------------------------------------------------------- New: ---- openssl-fips-OPENSSL_s390xcap.patch openssl-fips-run_selftests_only_when_module_is_complete.patch openssl-fips-xts_nonidentical_key_parts.patch openssl-fips_add_cavs_tests.patch openssl-fips_cavs_aes_keywrap.patch openssl-fips_cavs_helpers_run_in_fips_mode.patch openssl-fips_cavs_pad_with_zeroes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.EGDZw8/_old 2017-07-07 10:15:23.211997412 +0200 +++ /var/tmp/diff_new_pack.EGDZw8/_new 2017-07-07 10:15:23.215996847 +0200 @@ -83,6 +83,13 @@ Patch59: openssl-fips-dont-fall-back-to-default-digest.patch Patch61: openssl-fipslocking.patch Patch63: openssl-randfile_fread_interrupt.patch +Patch70: openssl-fips-xts_nonidentical_key_parts.patch +Patch71: openssl-fips_add_cavs_tests.patch +Patch73: openssl-fips-OPENSSL_s390xcap.patch +Patch74: openssl-fips_cavs_helpers_run_in_fips_mode.patch +Patch75: openssl-fips_cavs_pad_with_zeroes.patch +Patch76: openssl-fips_cavs_aes_keywrap.patch +Patch77: openssl-fips-run_selftests_only_when_module_is_complete.patch # steam patches Patch100: openssl-fix-cpuid_setup.patch BuildRequires: bc @@ -231,6 +238,13 @@ %patch59 -p1 %patch61 -p1 %patch63 -p1 +%patch70 -p1 +%patch71 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 cp -p %{SOURCE10} . cp -p %{SOURCE11} . ++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++ --- /var/tmp/diff_new_pack.EGDZw8/_old 2017-07-07 10:15:23.347978172 +0200 +++ /var/tmp/diff_new_pack.EGDZw8/_new 2017-07-07 10:15:23.347978172 +0200 @@ -31,7 +31,7 @@ + +# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ -+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" ++ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is ++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++ --- /var/tmp/diff_new_pack.EGDZw8/_old 2017-07-07 10:15:23.359976474 +0200 +++ /var/tmp/diff_new_pack.EGDZw8/_new 2017-07-07 10:15:23.363975907 +0200 @@ -17,7 +17,7 @@ +done + +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite" -+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]" ++../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES" + +if [ $? -ne 1 ];then + echo "weak ciphers are present on DEFAULT_SUSE cipher suite" ++++++ openssl-1.0.2a-default-paths.patch ++++++ --- /var/tmp/diff_new_pack.EGDZw8/_old 2017-07-07 10:15:23.375974210 +0200 +++ /var/tmp/diff_new_pack.EGDZw8/_new 2017-07-07 10:15:23.379973644 +0200 @@ -1,18 +1,3 @@ -Index: openssl-1.0.2b/apps/s_client.c -=================================================================== ---- openssl-1.0.2b.orig/apps/s_client.c 2015-06-11 17:28:32.039203737 +0200 -+++ openssl-1.0.2b/apps/s_client.c 2015-06-11 17:39:40.138741521 +0200 -@@ -1346,10 +1346,6 @@ int MAIN(int argc, char **argv) - ERR_print_errors(bio_err); - } - -- ssl_ctx_add_crls(ctx, crls, crl_download); -- if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) -- goto end; -- - #ifndef OPENSSL_NO_TLSEXT - if (servername != NULL) { - tlsextcbp.biodebug = bio_err; Index: openssl-1.0.2b/apps/s_server.c =================================================================== --- openssl-1.0.2b.orig/apps/s_server.c 2015-06-11 17:28:04.879854931 +0200 ++++++ openssl-fips-OPENSSL_s390xcap.patch ++++++ ++++ 1312 lines (skipped) ++++++ openssl-fips-run_selftests_only_when_module_is_complete.patch ++++++ Index: openssl-1.0.2j/crypto/fips/fips.c =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips.c 2017-05-12 15:51:59.258797863 +0200 +++ openssl-1.0.2j/crypto/fips/fips.c 2017-06-20 19:57:12.649510712 +0200 @@ -421,15 +421,15 @@ int FIPS_module_mode_set(int onoff, cons } # endif - if (!FIPS_selftest()) { + if (!verify_checksums()) { + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, + FIPS_R_FINGERPRINT_DOES_NOT_MATCH); fips_selftest_fail = 1; ret = 0; goto end; } - if (!verify_checksums()) { - FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, - FIPS_R_FINGERPRINT_DOES_NOT_MATCH); + if (!FIPS_selftest()) { fips_selftest_fail = 1; ret = 0; goto end; ++++++ openssl-fips-xts_nonidentical_key_parts.patch ++++++ Index: openssl-1.0.2j/crypto/evp/e_aes.c =================================================================== --- openssl-1.0.2j.orig/crypto/evp/e_aes.c 2017-02-16 17:20:41.647972394 +0100 +++ openssl-1.0.2j/crypto/evp/e_aes.c 2017-02-17 17:05:29.251130889 +0100 @@ -177,6 +177,26 @@ void AES_xts_decrypt(const char *inp, ch # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks # endif +static int xts_check_key(const unsigned char *key, unsigned int key_len) +{ + /* + * key consists of two keys of equal size concatenated, + * therefore the length must be even + */ + if (key_len % 2) + return 0; + +# ifdef OPENSSL_FIPS + /* FIPS 140-2 IG A.9 mandates that the key parts mustn't match */ + if (FIPS_module_mode() && + CRYPTO_memcmp(key, key + (key_len / 2), key_len / 2) == 0) { + return 0; + } +# endif + + return 1; +} + # if defined(AES_ASM) && !defined(I386_ONLY) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ @@ -387,6 +407,9 @@ static int aesni_xts_init_key(EVP_CIPHER return 1; if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; + /* key_len is two AES keys */ if (enc) { aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); @@ -707,6 +730,9 @@ static int aes_t4_xts_init_key(EVP_CIPHE return 1; if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; + int bits = ctx->key_len * 4; xctx->stream = NULL; /* key_len is two AES keys */ @@ -1650,7 +1676,10 @@ static int aes_xts_init_key(EVP_CIPHER_C if (!iv && !key) return 1; - if (key) + if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; + do { # ifdef AES_XTS_ASM xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; @@ -1719,6 +1748,7 @@ static int aes_xts_init_key(EVP_CIPHER_C xctx->xts.key1 = &xctx->ks1; } while (0); + } if (iv) { xctx->xts.key2 = &xctx->ks2; ++++++ openssl-fips_add_cavs_tests.patch ++++++ ++++ 10654 lines (skipped) ++++++ openssl-fips_cavs_aes_keywrap.patch ++++++ Index: openssl-1.0.2j/crypto/fips/fips_kwvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_kwvs.c 2017-05-12 14:14:26.561672018 +0200 @@ -0,0 +1,137 @@ +/* + * Crude test driver for processing the VST and MCT testvector files + * generated by the CMVP RNGVS product. + * + * Note the input files are assumed to have a _very_ specific format + * as described in the NIST document "The Random Number Generator + * Validation System (RNGVS)", May 25, 2004. + * + */ +#include <openssl/opensslconf.h> + +#include <openssl/bn.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/modes.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +void die(char *mes) +{ + fprintf(stderr, mes); + exit(1); +} + +void process(char *req, char *rsp) +{ + char buf[2048], lbuf[2048]; + unsigned char result[2048]; + unsigned char *K = NULL; + unsigned char *P = NULL; + unsigned char *C = NULL; + unsigned plaintext_len, ciphertext_len; + unsigned key_len; + char *end; + AES_KEY aes_key; + char *keyword, *value; + long l; + int length; + int inverse = 0; + block128_f f; + + FILE *in = fopen(req, "r"); + FILE *out = fopen(rsp, "w"); + + if (!in || !out) { + die("Can't open input or output file\n"); + } + + while(fgets(buf, sizeof(buf), in) != NULL) + { + fputs(buf,out); + + if (!parse_line(&keyword, &value, lbuf, buf)) { + /* might be a header, check if inverse cipher function is requested */ + if(strstr(buf, "inverse")) { + inverse = 1; + } + continue; + } + + if(!strcmp(keyword, "[PLAINTEXT LENGTH")) + { + end = value + strlen(value) - 1; + /* remove trailing ] */ + if (*end == ']') + *end = 0; + plaintext_len = atoi(value) / 8; + ciphertext_len = plaintext_len + 8; + } + /* key */ + else if(!strcmp(keyword, "K")) + { + K = hex2bin_m(value, &l); + key_len = strlen(value) / 2; + } + /* plaintext */ + else if(!strcmp(keyword, "P")) + { + /* Wrap, we have a key and a plaintext */ + P = hex2bin_m(value, &l); + if (inverse) { + if (AES_set_decrypt_key(K, key_len*8, &aes_key)) + die("Can't set AES decrypt key.\n"); + f = (block128_f)AES_decrypt; + } else { + if (AES_set_encrypt_key(K, key_len*8, &aes_key)) + die("Can't set AES encrypt key.\n"); + f = (block128_f)AES_encrypt; + } + length = CRYPTO_128_wrap(&aes_key, NULL, result, P, plaintext_len, f); + if (!length) + die("Wrapping failed.\n"); + OutputValue("C", result, length, out, 0); + } + /* ciphertext */ + else if(!strcmp(keyword, "C")) + { + /* Unwrap, we have a key and a ciphertext */ + C = hex2bin_m(value, &l); + if (inverse) { + if (AES_set_encrypt_key(K, key_len*8, &aes_key)) + die("Can't set AES encrypt key.\n"); + f = (block128_f)AES_encrypt; + } else { + if (AES_set_decrypt_key(K, key_len*8, &aes_key)) + die("Can't set AES decrypt key.\n"); + f = (block128_f)AES_decrypt; + } + length = CRYPTO_128_unwrap(&aes_key, NULL, result, C, ciphertext_len, f); + if (!length) { + fprintf(out, "FAIL" RESP_EOL); + } else { + OutputValue("P", result, length, out, 0); + } + } + } +} + +int main(int argc,char **argv) +{ + if(argc != 3) + { + fprintf(stderr,"%s Req Rsp\n",argv[0]); + exit(1); + } + if(!FIPS_mode_set(1)) + { + do_print_errors(); + exit(1); + } + + process(argv[1], argv[2]); + + return 0; +} Index: openssl-1.0.2j/crypto/fips/Makefile =================================================================== --- openssl-1.0.2j.orig/crypto/fips/Makefile 2017-05-11 16:56:02.495668727 +0200 +++ openssl-1.0.2j/crypto/fips/Makefile 2017-05-11 16:56:02.531669302 +0200 @@ -19,15 +19,15 @@ APPS= PROGRAM= fips_standalone_hmac EXE= $(PROGRAM)$(EXE_EXT) -CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \ +CAVS_PROGRAMS= fips_kwvs fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \ fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \ fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest -CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \ +CAVS_SRC= fips_kwvs.c fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \ fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c fips_rsastest.c \ fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c -CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \ +CAVS_OBJ= fips_kwvs.o fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \ fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o fips_rsastest.o \ fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o @@ -454,6 +454,19 @@ fips_aesavs.o: ../../include/openssl/ope fips_aesavs.o: ../../include/openssl/ossl_typ.h fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c +fips_kwvs.o: ../../e_os.h ../../include/openssl/aes.h +fips_kwvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_kwvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_kwvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_kwvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_kwvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_kwvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_kwvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_kwvs.o: ../../include/openssl/opensslconf.h +fips_kwvs.o: ../../include/openssl/opensslv.h +fips_kwvs.o: ../../include/openssl/ossl_typ.h +fips_kwvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_kwvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_kwvs.c fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h ++++++ openssl-fips_cavs_helpers_run_in_fips_mode.patch ++++++ Index: openssl-1.0.2j/crypto/fips/fips_aesavs.c =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips_aesavs.c 2017-04-07 12:01:35.335422766 +0200 +++ openssl-1.0.2j/crypto/fips/fips_aesavs.c 2017-04-07 12:11:35.876483996 +0200 @@ -870,7 +870,11 @@ int main(int argc, char **argv) FILE *fp = NULL; char fn[250] = "", rfn[256] = ""; int d_opt = 1; - fips_algtest_init(); + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } if (argc > 1) { ++++++ openssl-fips_cavs_pad_with_zeroes.patch ++++++ Index: openssl-1.0.2j/crypto/fips/fips_rsagtest.c =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips_rsagtest.c 2017-05-04 20:57:44.099237241 +0200 +++ openssl-1.0.2j/crypto/fips/fips_rsagtest.c 2017-05-04 20:58:13.159687179 +0200 @@ -585,7 +585,7 @@ int rsa_PrimeGen(FILE *out, FILE *in) do_bn_print_name(out, "p", rsa->p); do_bn_print_name(out, "q", rsa->q); do_bn_print_name(out, "n", rsa->n); - do_bn_print_name(out, "d", rsa->d); + do_bn_print_name_pad(out, "d", rsa->d, mod); FIPS_rsa_free(rsa); rsa = NULL; } Index: openssl-1.0.2j/crypto/fips/fips_utl.h =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips_utl.h 2017-05-04 20:57:44.099237241 +0200 +++ openssl-1.0.2j/crypto/fips/fips_utl.h 2017-05-04 20:57:44.131237737 +0200 @@ -74,7 +74,9 @@ int hex2bin(const char *in, unsigned cha unsigned char *hex2bin_m(const char *in, long *plen); int do_hex2bn(BIGNUM **pr, const char *in); int do_bn_print(FILE *out, const BIGNUM *bn); +int do_bn_print_pad(FILE *out, const BIGNUM *bn, int padbits); int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn); +int do_bn_print_name_pad(FILE *out, const char *name, const BIGNUM *bn, int padbits); int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf); int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol); BIGNUM *hex2bn(const char *in); @@ -291,6 +293,43 @@ int do_bn_print_name(FILE *out, const ch if (!r) return 0; fputs(RESP_EOL, out); + return 1; + } + +int do_bn_print_pad(FILE *out, const BIGNUM *bn, int padbits) + { + int len, i; + unsigned char *tmp; + len = BN_num_bytes(bn); + if (len == 0) + { + fputs("00", out); + return 1; + } + + tmp = OPENSSL_malloc(len); + if (!tmp) + { + fprintf(stderr, "Memory allocation error\n"); + return 0; + } + BN_bn2bin(bn, tmp); + for (i = 0; i < padbits/BN_BYTES - len; i++) + fprintf(out, "%02x", 0); + for (i = 0; i < len; i++) + fprintf(out, "%02x", tmp[i]); + OPENSSL_free(tmp); + return 1; + } + +int do_bn_print_name_pad(FILE *out, const char *name, const BIGNUM *bn, int padbits) + { + int r; + fprintf(out, "%s = ", name); + r = do_bn_print_pad(out, bn, padbits); + if (!r) + return 0; + fputs(RESP_EOL, out); return 1; }