public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: use a random seed if the supplied one did not generate valid
Date: Tue, 09 Jun 2026 12:43:53 GMT [thread overview]
Message-ID: <178100903390.1.9804673665605103929.rpms-openssl-f655917cf773@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : f655917cf773c12af1d57cfcddda738a1353ef4a
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2016-11-04T12:10:01+01:00
Stats : +125/-27 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/f655917cf773c12af1d57cfcddda738a1353ef4a?branch=rebase_40beta
Log:
use a random seed if the supplied one did not generate valid
parameters in dsa_builtin_paramgen2()
---
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index fac9fbf..805ee5b 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -331,9 +331,9 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_err.c.fips openssl-1.1.0/crypto/dsa/dsa_er
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
{0, NULL}
-diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_gen.c
---- openssl-1.1.0/crypto/dsa/dsa_gen.c.fips 2016-08-25 17:29:20.000000000 +0200
-+++ openssl-1.1.0/crypto/dsa/dsa_gen.c 2016-09-08 11:37:38.734459917 +0200
+diff -up openssl-1.1.0b/crypto/dsa/dsa_gen.c.fips openssl-1.1.0b/crypto/dsa/dsa_gen.c
+--- openssl-1.1.0b/crypto/dsa/dsa_gen.c.fips 2016-09-26 11:46:05.000000000 +0200
++++ openssl-1.1.0b/crypto/dsa/dsa_gen.c 2016-11-04 11:47:40.258493737 +0100
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -357,7 +357,7 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
if (ret->meth->dsa_paramgen)
return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
-@@ -35,11 +45,30 @@ int DSA_generate_parameters_ex(DSA *ret,
+@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret,
const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
size_t qbits = EVP_MD_size(evpmd) * 8;
@@ -372,23 +372,8 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
+# endif
}
}
-+# ifdef OPENSSL_FIPS
-+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd,
-+ const unsigned char *seed_in, size_t seed_len,
-+ int *counter_ret, unsigned long *h_ret,
-+ BN_GENCB *cb)
-+{
-+ return dsa_builtin_paramgen2(ret, bits, qbits,
-+ evpmd, seed_in, seed_len,
-+ -1, NULL, counter_ret, h_ret, cb);
-+}
-+# endif
-+
- int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
- const EVP_MD *evpmd, const unsigned char *seed_in,
-@@ -301,7 +330,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -301,7 +317,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
@@ -397,7 +382,7 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
unsigned char *seed = NULL, *seed_tmp = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
int mdsize;
-@@ -318,6 +347,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -318,6 +334,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
if (mctx == NULL)
goto err;
@@ -418,7 +403,36 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
-@@ -579,7 +622,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -416,9 +446,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
+ goto err;
+ /* Provided seed didn't produce a prime: error */
+ if (seed_in) {
+- ok = 0;
+- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
+- goto err;
++ /* Different seed_out will indicate that seed_in
++ * did not generate primes.
++ */
++ seed_in = NULL;
+ }
+
+ /* do a callback call */
+@@ -504,11 +535,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
+ if (counter >= (int)(4 * L))
+ break;
+ }
++#if 0
++ /* Cannot happen */
+ if (seed_in) {
+ ok = 0;
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
++#endif
+ }
+ end:
+ if (!BN_GENCB_call(cb, 2, 1))
+@@ -579,7 +613,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
BN_free(ret->g);
ret->g = BN_dup(g);
if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
@@ -427,6 +441,60 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
goto err;
}
if (counter_ret != NULL)
+@@ -597,3 +631,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
+ EVP_MD_CTX_free(mctx);
+ return ok;
+ }
++
++#ifdef OPENSSL_FIPS
++
++int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
++ const EVP_MD *evpmd, const unsigned char *seed_in,
++ size_t seed_len, int idx, unsigned char *seed_out,
++ int *counter_ret, unsigned long *h_ret,
++ BN_GENCB *cb)
++{
++ return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len,
++ idx, seed_out, counter_ret, h_ret, cb);
++}
++
++int FIPS_dsa_paramgen_check_g(DSA *dsa)
++{
++ BN_CTX *ctx;
++ BIGNUM *tmp;
++ BN_MONT_CTX *mont = NULL;
++ int rv = -1;
++
++ ctx = BN_CTX_new();
++ if (ctx == NULL)
++ return -1;
++ BN_CTX_start(ctx);
++ if (BN_cmp(dsa->g, BN_value_one()) <= 0)
++ return 0;
++ if (BN_cmp(dsa->g, dsa->p) >= 0)
++ return 0;
++ tmp = BN_CTX_get(ctx);
++ if (tmp == NULL)
++ goto err;
++ if ((mont=BN_MONT_CTX_new()) == NULL)
++ goto err;
++ if (!BN_MONT_CTX_set(mont,dsa->p,ctx))
++ goto err;
++ /* Work out g^q mod p */
++ if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont))
++ goto err;
++ if (!BN_cmp(tmp, BN_value_one()))
++ rv = 1;
++ else
++ rv = 0;
++ err:
++ BN_CTX_end(ctx);
++ BN_MONT_CTX_free(mont);
++ BN_CTX_free(ctx);
++ return rv;
++}
++
++#endif
diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c
--- openssl-1.1.0/crypto/dsa/dsa_key.c.fips 2016-08-25 17:29:20.000000000 +0200
+++ openssl-1.1.0/crypto/dsa/dsa_key.c 2016-09-08 11:37:38.735459940 +0200
@@ -11397,6 +11465,22 @@ diff -up openssl-1.1.0/crypto/sha/sha512.c.fips openssl-1.1.0/crypto/sha/sha512.
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
+diff -up openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod
+--- openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod.fips 2016-09-26 11:46:06.000000000 +0200
++++ openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod 2016-11-04 12:03:51.544906058 +0100
+@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
+ For lengths under 2048 bits, the length of q is 160 bits; for lengths
+ greater than or equal to 2048 bits, the length of q is set to 256 bits.
+
+-If B<seed> is NULL, the primes will be generated at random.
+-If B<seed_len> is less than the length of q, an error is returned.
++If B<seed> is NULL, or it does not generate primes, the primes will be
++generated at random.
++If B<seed_len> is less than the length of q, an error is returned
++if old DSA parameter generation method is used as a backend.
+
+ DSA_generate_parameters_ex() places the iteration count in
+ *B<counter_ret> and a counter used for finding a generator in
diff -up openssl-1.1.0/include/openssl/crypto.h.fips openssl-1.1.0/include/openssl/crypto.h
--- openssl-1.1.0/include/openssl/crypto.h.fips 2016-08-25 17:29:22.000000000 +0200
+++ openssl-1.1.0/include/openssl/crypto.h 2016-09-08 11:37:38.746460186 +0200
@@ -11536,10 +11620,10 @@ diff -up openssl-1.1.0/include/openssl/evp.h.fips openssl-1.1.0/include/openssl/
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-diff -up openssl-1.1.0/include/openssl/fips.h.fips openssl-1.1.0/include/openssl/fips.h
---- openssl-1.1.0/include/openssl/fips.h.fips 2016-09-08 11:37:38.746460186 +0200
-+++ openssl-1.1.0/include/openssl/fips.h 2016-09-08 11:37:38.746460186 +0200
-@@ -0,0 +1,176 @@
+diff -up openssl-1.1.0b/include/openssl/fips.h.fips openssl-1.1.0b/include/openssl/fips.h
+--- openssl-1.1.0b/include/openssl/fips.h.fips 2016-10-11 10:19:52.091719206 +0200
++++ openssl-1.1.0b/include/openssl/fips.h 2016-11-04 11:22:26.548391059 +0100
+@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
@@ -11590,6 +11674,9 @@ diff -up openssl-1.1.0/include/openssl/fips.h.fips openssl-1.1.0/include/openssl
+ */
+
+#include <openssl/opensslconf.h>
++#include <openssl/dsa.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+# error FIPS is disabled.
@@ -11605,6 +11692,13 @@ diff -up openssl-1.1.0/include/openssl/fips.h.fips openssl-1.1.0/include/openssl
+ int FIPS_selftest_failed(void);
+ int FIPS_selftest_drbg_all(void);
+
++ int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
++ const EVP_MD *evpmd, const unsigned char *seed_in,
++ size_t seed_len, int idx, unsigned char *seed_out,
++ int *counter_ret, unsigned long *h_ret,
++ BN_GENCB *cb);
++ int FIPS_dsa_paramgen_check_g(DSA *dsa);
++
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
diff --git a/openssl.spec b/openssl.spec
index 48fc0d3..15bcdf2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.0b
-Release: 3%{?dist}
+Release: 4%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -425,6 +425,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Fri Nov 4 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-4
+- use a random seed if the supplied one did not generate valid
+ parameters in dsa_builtin_paramgen2()
+
* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-3
- do not break contract on return value when using dsa_builtin_paramgen2()
reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100903390.1.9804673665605103929.rpms-openssl-f655917cf773@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox