Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2016-04-22 16:17:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2016-03-05 11:21:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2016-04-22 16:17:18.000000000 +0200 @@ -1,0 +2,27 @@ +Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com + +- Remove a hack for bsc#936563 +- Drop bsc936563_hack.patch + +------------------------------------------------------------------- +Fri Apr 15 11:59:48 UTC 2016 - vcizek@suse.com + +- import fips patches from SLE-12 + * openssl-fips-clearerror.patch + * openssl-fips-dont-fall-back-to-default-digest.patch + * openssl-fips-fix-odd-rsakeybits.patch + * openssl-fips-rsagen-d-bits.patch + * openssl-fips-selftests_in_nonfips_mode.patch + * openssl-fips_RSA_compute_d_with_lcm.patch + * openssl-fips_disallow_ENGINE_loading.patch + * openssl-fips_disallow_x931_rand_method.patch + * openssl-rsakeygen-minimum-distance.patch + * openssl-urandom-reseeding.patch + +------------------------------------------------------------------- +Tue Mar 8 12:50:28 UTC 2016 - vcizek@suse.com + +- add support for "ciphers" providing no encryption (bsc#937085) + * don't build with -DSSL_FORBID_ENULL + +------------------------------------------------------------------- Old: ---- bsc936563_hack.patch New: ---- openssl-fips-clearerror.patch openssl-fips-dont-fall-back-to-default-digest.patch openssl-fips-fix-odd-rsakeybits.patch openssl-fips-rsagen-d-bits.patch openssl-fips-selftests_in_nonfips_mode.patch openssl-fips_RSA_compute_d_with_lcm.patch openssl-fips_disallow_ENGINE_loading.patch openssl-fips_disallow_x931_rand_method.patch openssl-rsakeygen-minimum-distance.patch openssl-urandom-reseeding.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.kAvHBL/_old 2016-04-22 16:17:20.000000000 +0200 +++ /var/tmp/diff_new_pack.kAvHBL/_new 2016-04-22 16:17:20.000000000 +0200 @@ -73,7 +73,17 @@ Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch -Patch40: bsc936563_hack.patch +# FIPS patches from SLE-12 +Patch50: openssl-fips_disallow_x931_rand_method.patch +Patch51: openssl-fips_disallow_ENGINE_loading.patch +Patch52: openssl-fips_RSA_compute_d_with_lcm.patch +Patch53: openssl-rsakeygen-minimum-distance.patch +Patch54: openssl-urandom-reseeding.patch +Patch55: openssl-fips-rsagen-d-bits.patch +Patch56: openssl-fips-selftests_in_nonfips_mode.patch +Patch57: openssl-fips-fix-odd-rsakeybits.patch +Patch58: openssl-fips-clearerror.patch +Patch59: openssl-fips-dont-fall-back-to-default-digest.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -184,15 +194,21 @@ %patch35 -p1 %patch37 -p1 %patch38 -p1 +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif %patch8 -p1 %patch14 -p1 -#workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728 -%ifarch ppc64le -%patch40 -p1 -%endif cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" @@ -264,7 +280,6 @@ -fno-common \ -DTERMIO \ -DPURIFY \ --DSSL_FORBID_ENULL \ -D_GNU_SOURCE \ -DOPENSSL_NO_BUF_FREELISTS \ $(getconf LFS_CFLAGS) \ ++++++ openssl-fips-clearerror.patch ++++++ Index: openssl-1.0.2g/crypto/o_init.c =================================================================== --- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:54:05.763929573 +0200 +++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:59:08.366168879 +0200 @@ -91,6 +91,7 @@ static void init_fips_mode(void) NONFIPS_selftest_check(); /* drop down to non-FIPS mode if it is not requested */ FIPS_mode_set(0); + ERR_clear_error(); } else { /* abort if selftest failed */ FIPS_selftest_check(); ++++++ openssl-fips-dont-fall-back-to-default-digest.patch ++++++ Index: openssl-1.0.2g/apps/dgst.c =================================================================== --- openssl-1.0.2g.orig/apps/dgst.c 2016-03-01 14:35:53.000000000 +0100 +++ openssl-1.0.2g/apps/dgst.c 2016-04-14 11:04:21.706558132 +0200 @@ -147,7 +147,7 @@ int MAIN(int argc, char **argv) /* first check the program name */ program_name(argv[0], pname, sizeof pname); - md = EVP_get_digestbyname(pname); + md = EVP_get_digestbyname_fips_disabled(pname); argc--; argv++; @@ -235,7 +235,7 @@ int MAIN(int argc, char **argv) macopts = sk_OPENSSL_STRING_new_null(); if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) break; - } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL) + } else if ((m = EVP_get_digestbyname_fips_disabled(&((*argv)[1]))) != NULL) md = m; else break; Index: openssl-1.0.2g/apps/apps.c =================================================================== --- openssl-1.0.2g.orig/apps/apps.c 2016-03-01 14:35:53.000000000 +0100 +++ openssl-1.0.2g/apps/apps.c 2016-04-14 11:04:21.707558145 +0200 @@ -3226,3 +3226,45 @@ int raw_write_stdout(const void *buf, in return write(fileno(stdout), buf, siz); } #endif + + +const EVP_MD *EVP_get_digestbyname_fips_disabled(const char *name) + { + int saved_fips_mode = FIPS_mode(); + EVP_MD *md; + + if (saved_fips_mode) + FIPS_mode_set(0); + + OpenSSL_add_all_digests(); + md=EVP_get_digestbyname(name); + + if (saved_fips_mode && !FIPS_mode_set(saved_fips_mode)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + + return md; + } + +const EVP_CIPHER *EVP_get_cipherbyname_fips_disabled(const char *name) + { + int saved_fips_mode = FIPS_mode(); + EVP_CIPHER *ciph; + + if (saved_fips_mode) + FIPS_mode_set(0); + + OpenSSL_add_all_ciphers(); + ciph=EVP_get_cipherbyname(name); + + if (saved_fips_mode && !FIPS_mode_set(saved_fips_mode)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + + return ciph; + } + Index: openssl-1.0.2g/apps/apps.h =================================================================== --- openssl-1.0.2g.orig/apps/apps.h 2016-03-01 14:35:53.000000000 +0100 +++ openssl-1.0.2g/apps/apps.h 2016-04-14 11:04:21.707558145 +0200 @@ -348,6 +348,9 @@ void print_cert_checks(BIO *bio, X509 *x void store_setup_crl_download(X509_STORE *st); +const EVP_MD *EVP_get_digestbyname_fips_disabled(const char *name); +const EVP_CIPHER *EVP_get_cipherbyname_fips_disabled(const char *name); + # define FORMAT_UNDEF 0 # define FORMAT_ASN1 1 # define FORMAT_TEXT 2 Index: openssl-1.0.2g/apps/enc.c =================================================================== --- openssl-1.0.2g.orig/apps/enc.c 2016-03-01 14:35:05.000000000 +0100 +++ openssl-1.0.2g/apps/enc.c 2016-04-15 13:57:22.782628623 +0200 @@ -150,7 +150,7 @@ int MAIN(int argc, char **argv) do_zlib = 1; #endif - cipher = EVP_get_cipherbyname(pname); + cipher = EVP_get_cipherbyname_fips_disabled(pname); #ifdef ZLIB if (!do_zlib && !base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) @@ -269,7 +269,7 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv, "-non-fips-allow") == 0) non_fips_allow = 1; else if ((argv[0][0] == '-') && - ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { + ((c = EVP_get_cipherbyname_fips_disabled(&(argv[0][1]))) != NULL)) { cipher = c; } else if (strcmp(*argv, "-none") == 0) cipher = NULL; @@ -322,6 +322,10 @@ int MAIN(int argc, char **argv) argv++; } + /* drop out of fips mode if we should allow non-fips algos */ + if (non_fips_allow) + FIPS_mode_set(0); + #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif @@ -338,7 +342,7 @@ int MAIN(int argc, char **argv) goto end; } - if (md && (dgst = EVP_get_digestbyname(md)) == NULL) { + if (md && (dgst = EVP_get_digestbyname_fips_disabled(md)) == NULL) { BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); goto end; } ++++++ openssl-fips-fix-odd-rsakeybits.patch ++++++ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:52:34.187646539 +0200 +++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:53:39.335559301 +0200 @@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa, goto err; bitsp = (bits + 1) / 2; - bitsq = bits - bitsp; + /* Use the same number of bits for p and q, our checks assume it. */ + bitsq = bitsp; /* prepare a maximum for p and q */ /* 0xB504F334 is (sqrt(2)/2)*2^32 */ ++++++ openssl-fips-rsagen-d-bits.patch ++++++ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:23:50.941168136 +0200 +++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:47:56.651757817 +0200 @@ -237,6 +237,12 @@ static int FIPS_rsa_builtin_keygen(RSA * goto err; } + BN_copy(rsa->e, e_value); + + if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) + test = 1; + +retry: /* prepare approximate minimum p and q */ if (!BN_set_word(r0, 0xB504F334)) goto err; @@ -249,12 +255,6 @@ static int FIPS_rsa_builtin_keygen(RSA * if (!BN_lshift(r3, r3, pbits - 100)) goto err; - BN_copy(rsa->e, e_value); - - if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) - test = 1; - - retry: /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: @@ -384,6 +384,8 @@ static int FIPS_rsa_builtin_keygen(RSA * if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx)) goto err; /* d */ + /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */ + /* the LCM part is covered due to the generation by modulo above */ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ ++++++ openssl-fips-selftests_in_nonfips_mode.patch ++++++ Index: openssl-1.0.2g/crypto/fips/fips.c =================================================================== --- openssl-1.0.2g.orig/crypto/fips/fips.c 2016-04-14 10:49:37.460170356 +0200 +++ openssl-1.0.2g/crypto/fips/fips.c 2016-04-14 10:49:47.270307813 +0200 @@ -448,6 +448,44 @@ int FIPS_module_mode_set(int onoff, cons return ret; } +/* In non-FIPS mode, the selftests must succeed if the + * checksum files are present + */ +void NONFIPS_selftest_check(void) + { + int rv; + char *hmacpath; + char path[PATH_MAX+1]; + + if (fips_selftest_fail) + { + /* check if the checksum files are installed */ + rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path)); + if (rv < 0) + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + + hmacpath = make_hmac_path(path); + if (hmacpath == NULL) + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + + if (access(hmacpath, F_OK)) + { + /* no hmac file is present, ignore the failed selftests */ + if (errno == ENOENT) + { + free(hmacpath); + return; + } + /* we fail on any other error */ + } + /* if the file exists, but the selftests failed + (eg wrong checksum), we fail too */ + free(hmacpath); + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + } + /* otherwise ok, selftests were successful */ + } + static CRYPTO_THREADID fips_thread; static int fips_thread_set = 0; Index: openssl-1.0.2g/crypto/fips/fips.h =================================================================== --- openssl-1.0.2g.orig/crypto/fips/fips.h 2016-04-14 10:49:47.270307813 +0200 +++ openssl-1.0.2g/crypto/fips/fips.h 2016-04-14 10:50:45.867128848 +0200 @@ -107,6 +107,7 @@ extern "C" { int FIPS_selftest_drbg(void); int FIPS_selftest_drbg_all(void); int FIPS_selftest_cmac(void); + void NONFIPS_selftest_check(void); void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); Index: openssl-1.0.2g/crypto/o_init.c =================================================================== --- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:49:47.270307813 +0200 +++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:51:31.634770112 +0200 @@ -87,6 +87,8 @@ static void init_fips_mode(void) */ if (buf[0] != '1') { + /* abort if selftest failed and the module is complete */ + NONFIPS_selftest_check(); /* drop down to non-FIPS mode if it is not requested */ FIPS_mode_set(0); } else { ++++++ openssl-fips_RSA_compute_d_with_lcm.patch ++++++ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-13 15:07:34.371851679 +0200 +++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-13 15:18:00.630306031 +0200 @@ -177,6 +177,7 @@ static int FIPS_rsa_builtin_keygen(RSA * BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; BIGNUM local_r0, local_d, local_p; BIGNUM *pr0, *d, *p; + BIGNUM *gcd_p1_q1 = NULL, *lcm_p1_q1 = NULL; BN_CTX *ctx = NULL; int ok = -1; int i; @@ -204,6 +205,8 @@ static int FIPS_rsa_builtin_keygen(RSA * r1 = BN_CTX_get(ctx); r2 = BN_CTX_get(ctx); r3 = BN_CTX_get(ctx); + gcd_p1_q1 = BN_CTX_get(ctx); + lcm_p1_q1 = BN_CTX_get(ctx); if (r3 == NULL) goto err; @@ -372,12 +375,18 @@ static int FIPS_rsa_builtin_keygen(RSA * BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); } else pr0 = r0; - if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) + + /* calculate lcm(p-1,q-1) = (p-1)*(q-1) / gcd(p-1,q-1) */ + if (!BN_gcd(gcd_p1_q1, r1, r2, ctx)) + goto err; /* gcd(p-1,q-1) */ + if (!BN_div(lcm_p1_q1, NULL, pr0, gcd_p1_q1, ctx)) + goto err; + if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx)) goto err; /* d */ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ - + /* set up d for correct BN_FLG_CONSTTIME flag */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; ++++++ openssl-fips_disallow_ENGINE_loading.patch ++++++ Index: openssl-1.0.2g/crypto/engine/eng_all.c =================================================================== --- openssl-1.0.2g.orig/crypto/engine/eng_all.c 2016-04-13 15:04:40.644190904 +0200 +++ openssl-1.0.2g/crypto/engine/eng_all.c 2016-04-13 15:06:04.092468490 +0200 @@ -70,11 +70,6 @@ void ENGINE_load_builtin_engines(void) #ifdef OPENSSL_FIPS OPENSSL_init_library(); if (FIPS_mode()) { - /* We allow loading dynamic engine as a third party - engine might be FIPS validated. - User is disallowed to load non-validated engines - by security policy. */ - ENGINE_load_dynamic(); return; } #endif ++++++ openssl-fips_disallow_x931_rand_method.patch ++++++ Index: openssl-1.0.2g/crypto/fips/fips_rand_lib.c =================================================================== --- openssl-1.0.2g.orig/crypto/fips/fips_rand_lib.c 2016-04-13 15:01:53.236630810 +0200 +++ openssl-1.0.2g/crypto/fips/fips_rand_lib.c 2016-04-13 15:02:48.986482927 +0200 @@ -73,8 +73,6 @@ int FIPS_rand_set_method(const RAND_METH if (!fips_rand_bits) { if (meth == FIPS_drbg_method()) fips_approved_rand_meth = 1; - else if (meth == FIPS_x931_method()) - fips_approved_rand_meth = 2; else { fips_approved_rand_meth = 0; if (FIPS_module_mode()) { ++++++ openssl-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.kAvHBL/_old 2016-04-22 16:17:20.000000000 +0200 +++ /var/tmp/diff_new_pack.kAvHBL/_new 2016-04-22 16:17:20.000000000 +0200 @@ -1,7 +1,7 @@ Index: crypto/bio/b_sock.c =================================================================== ---- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100 -+++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100 +--- crypto/bio/b_sock.c.orig 2016-04-14 11:01:01.957760118 +0200 ++++ crypto/bio/b_sock.c 2016-04-14 11:01:04.759799369 +0200 @@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in } @@ -31,8 +31,8 @@ sa.len.i = (int)sa.len.s; Index: crypto/bio/bss_conn.c =================================================================== ---- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100 -+++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100 +--- crypto/bio/bss_conn.c.orig 2016-04-14 11:01:01.957760118 +0200 ++++ crypto/bio/bss_conn.c 2016-04-14 11:01:04.759799369 +0200 @@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC c->them.sin_addr.s_addr = htonl(l); c->state = BIO_CONN_S_CREATE_SOCKET; @@ -44,9 +44,9 @@ ERR_add_error_data(4, "host=", c->param_hostname, Index: crypto/bio/bss_dgram.c =================================================================== ---- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100 -+++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100 -@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char +--- crypto/bio/bss_dgram.c.orig 2016-04-14 11:01:01.958760132 +0200 ++++ crypto/bio/bss_dgram.c 2016-04-14 11:01:04.760799384 +0200 +@@ -1175,7 +1175,7 @@ static int dgram_sctp_read(BIO *b, char msg.msg_control = cmsgbuf; msg.msg_controllen = 512; msg.msg_flags = 0; @@ -55,7 +55,7 @@ if (n <= 0) { if (n < 0) -@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1800,7 +1800,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -64,7 +64,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1822,7 +1822,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -73,7 +73,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1887,7 +1887,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) fcntl(b->num, F_SETFL, O_NONBLOCK); } @@ -82,7 +82,7 @@ if (is_dry) { fcntl(b->num, F_SETFL, sockflags); -@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1929,7 +1929,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) sockflags = fcntl(b->num, F_GETFL, 0); fcntl(b->num, F_SETFL, O_NONBLOCK); @@ -91,7 +91,7 @@ fcntl(b->num, F_SETFL, sockflags); /* if notification, process and try again */ -@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1949,7 +1949,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_flags = 0; @@ -102,8 +102,8 @@ data->handle_notifications(b, data->notification_context, Index: crypto/bio/bss_file.c =================================================================== ---- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100 -+++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100 +--- crypto/bio/bss_file.c.orig 2016-04-14 11:01:01.958760132 +0200 ++++ crypto/bio/bss_file.c 2016-04-14 11:01:04.760799384 +0200 @@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = { static FILE *file_fopen(const char *filename, const char *mode) { @@ -143,21 +143,21 @@ SYSerr(SYS_F_FOPEN, get_last_sys_error()); Index: crypto/rand/rand_unix.c =================================================================== ---- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100 -+++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100 -@@ -269,7 +269,7 @@ int RAND_poll(void) +--- crypto/rand/rand_unix.c.orig 2016-04-14 11:01:04.761799398 +0200 ++++ crypto/rand/rand_unix.c 2016-04-14 11:02:13.950768594 +0200 +@@ -270,7 +270,7 @@ int RAND_poll(void) for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) { + (n < sizeof(tmpbuf)); i++) { - if ((fd = open(randomfiles[i], O_RDONLY -+ if ((fd = open(randomfiles[i], O_RDONLY|O_CLOEXEC ++ if ((fd = open(randomfiles[i], O_RDONLY | O_CLOEXEC # ifdef O_NONBLOCK | O_NONBLOCK # endif Index: crypto/rand/randfile.c =================================================================== ---- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100 -+++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100 +--- crypto/rand/randfile.c.orig 2016-04-14 11:01:01.959760146 +0200 ++++ crypto/rand/randfile.c 2016-04-14 11:01:04.761799398 +0200 @@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon #ifdef OPENSSL_SYS_VMS in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); ++++++ openssl-rsakeygen-minimum-distance.patch ++++++ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-13 15:18:47.520016582 +0200 +++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-13 15:36:32.309233030 +0200 @@ -465,6 +465,19 @@ static int rsa_builtin_keygen(RSA *rsa, bitsp = (bits + 1) / 2; bitsq = bits - bitsp; + /* prepare a maximum for p and q */ + /* 0xB504F334 is (sqrt(2)/2)*2^32 */ + if (!BN_set_word(r0, 0xB504F334)) + goto err; + if (!BN_lshift(r0, r0, bitsp - 32)) + goto err; + + /* prepare minimum p and q difference */ + if (!BN_one(r3)) + goto err; + if (!BN_lshift(r3, r3, bitsp - 100)) + goto err; + /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) goto err; @@ -489,6 +502,8 @@ static int rsa_builtin_keygen(RSA *rsa, for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; + if (BN_cmp(rsa->p, r0) < 0) + continue; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) @@ -501,21 +516,17 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { - /* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. Check for this and - * bail if it happens 3 times. - */ - unsigned int degenerate = 0; - do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) - goto err; - } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); + /* This function will take care of setting the topmost bit via BN_rand(..,1,1), so + * the maximum distance between p and q is less than 2^bitsq */ + if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + goto err; + if (BN_cmp(rsa->q, r0) < 0) + continue; + /* check for minimum distance between p and q, 2^(bitsp-100) */ + if (!BN_sub(r2, rsa->q, rsa->p)) goto err; - } + if (BN_ucmp(r2, r3) <= 0) + continue; if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) ++++++ openssl-urandom-reseeding.patch ++++++ Index: openssl-1.0.2g/crypto/rand/rand_unix.c =================================================================== --- openssl-1.0.2g.orig/crypto/rand/rand_unix.c 2016-04-15 14:27:32.058784436 +0200 +++ openssl-1.0.2g/crypto/rand/rand_unix.c 2016-04-15 14:27:32.711794567 +0200 @@ -245,7 +245,8 @@ int RAND_poll(void) unsigned long l; pid_t curr_pid = getpid(); # if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - unsigned char tmpbuf[ENTROPY_NEEDED]; + /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */ + unsigned char tmpbuf[1024]; int n = 0; # endif # ifdef DEVRANDOM @@ -268,7 +269,7 @@ int RAND_poll(void) */ for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) { + (n < sizeof(tmpbuf)); i++) { if ((fd = open(randomfiles[i], O_RDONLY # ifdef O_NONBLOCK | O_NONBLOCK @@ -355,7 +356,7 @@ int RAND_poll(void) if (try_read) { r = read(fd, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; # if defined(OPENSSL_SYS_BEOS_R5) @@ -376,7 +377,7 @@ int RAND_poll(void) } while ((r > 0 || (errno == EINTR || errno == EAGAIN)) && usec != 0 - && n < ENTROPY_NEEDED); + && n < sizeof(tmpbuf)); close(fd); } @@ -389,12 +390,12 @@ int RAND_poll(void) * collecting daemon. */ - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; + for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf); egdsocket++) { int r; r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; } Index: openssl-1.0.2g/crypto/rand/md_rand.c =================================================================== --- openssl-1.0.2g.orig/crypto/rand/md_rand.c 2016-04-15 14:27:32.711794567 +0200 +++ openssl-1.0.2g/crypto/rand/md_rand.c 2016-04-15 14:28:18.865510438 +0200 @@ -360,6 +360,10 @@ int ssleay_rand_bytes(unsigned char *buf if (num <= 0) return 1; + /* special rule for /dev/urandom seeding ... seed with as much bytes + * from /dev/urandom as you get out */ + RAND_load_file("/dev/urandom", num); + EVP_MD_CTX_init(&m); /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = Index: openssl-1.0.2g/crypto/fips/fips_drbg_rand.c =================================================================== --- openssl-1.0.2g.orig/crypto/fips/fips_drbg_rand.c 2016-04-15 14:27:32.712794583 +0200 +++ openssl-1.0.2g/crypto/fips/fips_drbg_rand.c 2016-04-15 14:29:30.192616518 +0200 @@ -77,6 +77,11 @@ static int fips_drbg_bytes(unsigned char int rv = 0; unsigned char *adin = NULL; size_t adinlen = 0; + + /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */ + if (count > dctx->min_entropy) + RAND_load_file("/dev/urandom", count - dctx->min_entropy); + CRYPTO_w_lock(CRYPTO_LOCK_RAND); do { size_t rcnt; Index: openssl-1.0.2g/crypto/rand/rand_lib.c =================================================================== --- openssl-1.0.2g.orig/crypto/rand/rand_lib.c 2016-04-15 14:27:32.712794583 +0200 +++ openssl-1.0.2g/crypto/rand/rand_lib.c 2016-04-15 14:30:45.074777402 +0200 @@ -238,7 +238,7 @@ static int drbg_rand_add(DRBG_CTX *ctx, RAND_SSLeay()->add(in, inlen, entropy); if (FIPS_rand_status()) { CRYPTO_w_lock(CRYPTO_LOCK_RAND); - FIPS_drbg_reseed(ctx, NULL, 0); + FIPS_drbg_reseed(ctx, in, inlen); CRYPTO_w_unlock(CRYPTO_LOCK_RAND); } return 1;