ZhuningOS/openssl-3
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for openssl-3

Browse source
This commit is contained in:
zyppe 2024-02-05 14:45:12 +08:00
commit b166a01e49
26 changed files with 3533 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
openssl-3.0.8.tar.gz

1
.openssl-3.metadata Normal file
View file

@ -0,0 +1 @@
3ec911e6930e0e2ebbcc77bb2b36896e7376a2f559156f50f355b0d4f8bc90cb openssl-3.0.8.tar.gz

8
baselibs.conf Normal file
View file

@ -0,0 +1,8 @@
libopenssl3
obsoletes "libopenssl1_1_0-<targettype>"
obsoletes "libopenssl1_1-<targettype>"
libopenssl-3-devel
provides "libopenssl-devel-<targettype> = <version>"
conflicts "otherproviders(libopenssl-devel-<targettype>)"
requires -"openssl-3-<targettype>"
requires "libopenssl3-<targettype> = <version>"

13
fix-config-in-tests.patch Normal file
View file

@ -0,0 +1,13 @@
Index: openssl-3.0.1/test/run_tests.pl
===================================================================
--- openssl-3.0.1.orig/test/run_tests.pl
+++ openssl-3.0.1/test/run_tests.pl
@@ -33,7 +33,7 @@ my $recipesdir = catdir($srctop, "test",
my $libdir = rel2abs(catdir($srctop, "util", "perl"));
my $jobs = $ENV{HARNESS_JOBS} // 1;
-$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl.cnf"));
+$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl3.cnf"));
$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test"));
$ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers"));
$ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines"));

13
openssl-1.1.0-no-html.patch Normal file
View file

@ -0,0 +1,13 @@
Index: openssl-3.0.0-alpha1/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.0.0-alpha1.orig/Configurations/unix-Makefile.tmpl 2020-04-23 22:56:27.365853133 +0200
+++ openssl-3.0.0-alpha1/Configurations/unix-Makefile.tmpl 2020-04-23 22:56:52.474004636 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)

16
openssl-3.0.8.tar.gz.asc Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVZsACgkQ1enkP335
7owJ6BAAk2EnBElYMTM3SuqLDp4fdf2EhSfhxWG45Q9oV8BQ3Th/l8zia/pIOLs7
Pt6MXYhdd6IdVij5HMMR/ZMUJi/YnYG9lhhJ+p4NTHP+Tc4UjHoexJQuDZk9jM6y
zynSONsuIZRAXI4hiJ2Lg5X0iLhEuYBblPUDDdkO8ojTYkEohMQDj4Jt63vVPylV
m+tIDFVfYVQpXnORvy0LNDyjQhDb+gEEnAt8XwpE9FnrvkREHM1WQgmI4+1FLXBc
MaCWoFGEmFRMqxbqEjrtnCCafFcCKGYQnozrdN8VK62xGhDEOwEwjgzW00rm1TIG
eKOp9XOwcZehM5VR622eD/N4A96ET5Q3WOgqc76I8sWmx0lu/PaXl5bZcAeZpG4v
dYI926XSaSsrQ2ADhpgl02vLTVISMejmTNrxZjci0Ce76xjFfcxutD8wppL9Zqg4
dwmpW8+qpgXZ+ABN6qYWsIXVHijJcyJgmFdQdcF/FfjVRxviCncz2i5dyUNUgw6Z
+nLlYNfk+6v0EVIgIA3rw8TGKGom3m1+d41KAMdEAET6n1D/SKbJxCyyYlBBGZBT
7Vd5u2zEjMK4b0Iv81Nq4YsActWk69PULfkYLgRGSvBFtpIn9g9RgV7hKlFTvZ/5
S4A8XH/qrlSk+jb2Bl7qlgyZceDti8Ef6Ktz9YDdH0O133BRxAQ=
=FUbH
-----END PGP SIGNATURE-----

957
openssl-3.changes Normal file
View file

@ -0,0 +1,957 @@
* Thu Jul 20 2023 pmonreal@suse.com
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
* Tue Jul 18 2023 pmonreal@suse.com
- Security fix: [bsc#1213383, CVE-2023-2975]
* AES-SIV implementation ignores empty associated data entries
* Add openssl-CVE-2023-2975.patch
* Mon May 22 2023 otto.hollmann@suse.com
- Security Fix: [CVE-2023-1255, bsc#1210714]
* Input buffer over-read in AES-XTS implementation on 64 bit ARM
* Add openssl-CVE-2023-1255.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
* Mon Apr 3 2023 otto.hollmann@suse.com
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
* Fri Mar 24 2023 otto.hollmann@suse.com
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
* Tue Feb 7 2023 otto.hollmann@suse.com
- Update to version 3.0.8 in SLE15-SP5 [jsc#PED-544]
* Fixed NULL dereference during PKCS7 data verification.
A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.
([bsc#1207541, CVE-2023-0401])
PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
* Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but the public structure definition for GENERAL_NAME incorrectly specified
the type of the x400Address field as ASN1_TYPE. This field is subsequently
interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather
than an ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to
pass arbitrary pointers to a memcmp call, enabling them to read memory
contents or enact a denial of service.
([bsc#1207533, CVE-2023-0286])
* Fixed NULL dereference validating DSA public key.
An invalid pointer dereference on read can be triggered when an
application tries to check a malformed DSA public key by the
EVP_PKEY_public_check() function. This will most likely lead
to an application crash. This function can be called on public
keys supplied from untrusted sources which could allow an attacker
to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function
but applications might call the function if there are additional
security requirements imposed by standards such as FIPS 140-3.
([bsc#1207540, CVE-2023-0217])
* Fixed Invalid pointer dereference in d2i_PKCS7 functions.
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
([bsc#1207539, CVE-2023-0216])
* Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
([bsc#1207536, CVE-2023-0215])
* Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
([bsc#1207538, CVE-2022-4450])
* Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
([bsc#1207534, CVE-2022-4304])
* Fixed X.509 Name Constraints Read Buffer Overflow.
A read buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. The read buffer overrun might
result in a crash which could lead to a denial of service attack.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
([bsc#1207535, CVE-2022-4203])
* Fixed X.509 Policy Constraints Double Locking security issue.
If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup.
([CVE-2022-3996])
* Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and
`OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
`OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and
default to `POINT_CONVERSION_UNCOMPRESSED`) when exporting
`OSSL_PKEY_PARAM_PUB_KEY`, instead of unconditionally using
`POINT_CONVERSION_COMPRESSED` as in previous 3.x releases.
For symmetry, our implementation of `EVP_PKEY_ASN1_METHOD->export_to`
for legacy EC and SM2 keys is also changed similarly to honor the
equivalent conversion format flag as specified in the underlying
`EC_KEY` object being exported to a provider, when this function is
called through `EVP_PKEY_export()`.
* Removed openssl-3-Fix-double-locking-problem.patch,
contained in upstream.
* Rebased openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Update openssl.keyring with key
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte)
* Thu Jan 5 2023 otto.hollmann@suse.com
- Update openssl.keyring:
pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14]
A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
uid Tomáš Mráz <tm@t8m.info>
uid Tomáš Mráz <tomas@arleto.cz>
uid Tomáš Mráz <tomas@openssl.org>
* Wed Jan 4 2023 otto.hollmann@suse.com
- Update to version 3.0.7 in SLE15-SP5 [jsc#PED-544]
- Remove patches (already present in 3.0.7):
* openssl-3-CVE-2022-1343.patch
* openssl-CVE-2022-0778.patch
* openssl-CVE-2022-0778-tests.patch
* openssl-CVE-2022-1292.patch
* openssl-3-Fix-EC-ASM-flag-passing.patch
* openssl-update_expired_certificates.patch
* openssl-3-CVE-2022-3358.patch
* openssl-3-Fix-SHA-SHAKE-and-KECCAK-ASM-flag-passing.patch
* openssl-3-CVE-2022-3602_2.patch
* openssl-3-CVE-2022-3602_1.patch
* openssl-CVE-2022-2097.patch
* openssl-3-CVE-2022-1434.patch
* openssl-3-CVE-2022-1473.patch
* openssl-3-Fix-file-operations-in-c_rehash.patch
- Enable tests: test_req test_verify_store test_ca test_ssl_old
* Wed Dec 14 2022 otto.hollmann@suse.com
- Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996]
* Add patch: openssl-3-Fix-double-locking-problem.patch
* Tue Nov 1 2022 otto.hollmann@suse.com
- Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
* Fixed two buffer overflows in punycode decoding functions.
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])
An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])
* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
that ignore the CRT parameters.
* Fixed a regression introduced in 3.0.6 version raising errors on some stack
operations.
* Fixed a regression introduced in 3.0.6 version not refreshing the certificate
data to be signed before signing the certificate.
* Added RIPEMD160 to the default provider.
* Ensured that the key share group sent or accepted for the key exchange
is allowed for the protocol version.
* Tue Nov 1 2022 otto.hollmann@suse.com
- Update to 3.0.6: [bsc#1204226, CVE-2022-3358]
* OpenSSL supports creating a custom cipher via the legacy
EVP_CIPHER_meth_new() function and associated function calls. This function
was deprecated in OpenSSL 3.0 and application authors are instead encouraged
to use the new provider mechanism in order to implement custom ciphers.
* OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
EVP_CipherInit_ex2() functions (as well as other similarly named encryption
and decryption initialisation functions). Instead of using the custom cipher
directly it incorrectly tries to fetch an equivalent cipher from the
available providers. An equivalent cipher is found based on the NID passed
to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID
for a given cipher. However it is possible for an application to incorrectly
pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When
NID_undef is used in this way the OpenSSL encryption/decryption
initialisation function will match the NULL cipher as being equivalent and
will fetch this from the available providers. This will succeed if the
default provider has been loaded (or if a third party provider has been
loaded that offers this cipher). Using the NULL cipher means that the
plaintext is emitted as the ciphertext.
* Applications are only affected by this issue if they call
EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to
an encryption/decryption initialisation function. Applications that only use
SSL/TLS are not impacted by this issue. ([CVE-2022-3358])
* Fix LLVM vs Apple LLVM version numbering confusion that caused build
failures on MacOS 10.11
* Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT
bn_ops flag. This was causing heap corruption on that platform.
* Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send
a ticket
* Correctly handle a retransmitted ClientHello in DTLS
* Fixed detection of ktls support in cross-compile environment on Linux
* Fixed some regressions and test failures when running the 3.0.0 FIPS
provider against 3.0.x
* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
* Fix UWP builds by defining VirtualLock
* For known safe primes use the minimum key length according to RFC 7919.
Longer private key sizes unnecessarily raise the cycles needed to compute
the shared secret without any increase of the real security. This fixes a
regression from 1.1.1 where these shorter keys were generated for the known
safe primes.
* Added the loongarch64 target
* Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
only passed to the FIPS provider and not to the default or legacy provider.
* Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit
lane assignment in CTR mode") for 64bit targets only, since it is reportedly
2-17%% slower and the silicon errata only affects 32bit targets. The new
algorithm is still used for 32 bit targets.
* Added a missing header for memcmp that caused compilation failure on some
platforms
* Wed Sep 14 2022 brunopitrus@hotmail.com
- Do not make libopenssl3-32bit obsolete libopenssl1_1-32bit.
They are independent libraries and can be installed simultaneously.
* Thu Jul 21 2022 pmonreal@suse.com
- Update to 3.0.5:
* The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
SSL/TLS servers or other servers using 2048 bit RSA private keys running
on machines supporting AVX512IFMA instructions of the X86_64 architecture
are affected by this issue. [bsc#1201148, CVE-2022-2274]
* AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected. [bsc#1201099, CVE-2022-2097]
- Rebase patches:
* openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Mon Jul 18 2022 pmonreal@suse.com
- Update to 3.0.4: [bsc#1199166, bsc#1200550, CVE-2022-1292, CVE-2022-2068]
* In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection
have been fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
* Case insensitive string comparison no longer uses locales.
It has instead been directly implemented.
* Mon Jul 18 2022 pmonreal@suse.com
- Update to 3.0.3:
* Case insensitive string comparison is reimplemented via new locale-agnostic
comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for
comparison. The previous implementation had problems when the Turkish locale
was used.
* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292]
* Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer
certificate on an OCSP response. The bug caused the function in the case
where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
response (meaning a successful verification) even in the case where the
response signing certificate fails to verify.
It is anticipated that most users of 'OCSP_basic_verify' will not use the
OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be 0.
This issue also impacts the command line OpenSSL "ocsp" application. When
verifying an ocsp response with the "-no_cert_checks" option the command line
application will report that the verification is successful even though it
has in fact failed. In this case the incorrect successful response will also
be accompanied by error messages showing the failure and contradicting the
apparently successful result. [bsc#1199167, CVE-2022-1343]
* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key. This made the MAC key trivially predictable.
An attacker could exploit this issue by performing a man-in-the-middle attack
to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
that the modified data would still pass the MAC integrity check.
Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
endpoint will always be rejected by the recipient and the connection will
fail at that point. Many application protocols require data to be sent from
the client to the server first. Therefore, in such a case, only an OpenSSL
3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
[bsc#1199168, CVE-2022-1434]
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries.
This function is used when decoding certificates or keys. If a long lived
process periodically decodes certificates or keys its memory usage will
expand without bounds and the process might be terminated by the operating
system causing a denial of service. Also traversing the empty hash table
entries will take increasingly more time. Typically such long lived processes
might be TLS clients or TLS servers configured to accept client certificate
authentication. [bsc#1199169, CVE-2022-1473]
* The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report
the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other
statistics are no longer supported. For compatibility, these statistics are
still listed in the output but are now always reported as zero.
* Thu Jun 2 2022 jsikes@suse.com
- Added openssl-update_expired_certificates.patch
* Openssl failed tests because of expired certificates.
* bsc#1185637
* Sat Mar 19 2022 pmonreal@suse.com
- Enable zlib compression support [bsc#1195149]
* Fri Mar 18 2022 pmonreal@suse.com
- Add crypto-policies support.
* Fix some tests that couldn't find the openssl3.cnf location
* Rebase patch:
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Tue Mar 15 2022 pmonreal@suse.com
- Update to 3.0.2: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Made the AES constant time code for no-asm configurations
optional due to the resulting 95%% performance degradation.
The AES constant time code can be enabled, for no assembly
builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
* Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to
use empty passphrase strings.
* The negative return value handling of the certificate
verification callback was reverted. The replacement is to set
the verification retry state with the SSL_set_retry_verify()
function.
* Rebase openssl-use-versioned-config.patch
* Tue Feb 22 2022 pmonreal@suse.com
- Keep CA_default and tsa_config1 default paths in openssl3.cnf
- Rebase patches:
* openssl-Override-default-paths-for-the-CA-directory-tree.patch
* openssl-use-versioned-config.patch
* Tue Feb 1 2022 danilo.spinella@suse.com
- Fix conflict with openssl and libressl
* Fri Jan 28 2022 simonf.lees@suse.com
- Remove /etc/pki/CA from the [jsc#SLE-17856, jsc#SLE-19044]
openssl-Override-default-paths-for-the-CA-directory-tree.patch
- Remove unused patches
* Fri Jan 21 2022 simonf.lees@suse.com
- Ship openssl-3 as binary names [jsc#SLE-17856, jsc#SLE-19044]
- Use openssl3.cnf
* openssl-use-versioned-config.patch
* fix-config-in-tests.patch
- Support crypto policies
* openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* openssl-Override-default-paths-for-the-CA-directory-tree.patch
- Remove obsolets, not ready to force an upgrade yet
* Thu Jan 13 2022 pmonreal@suse.com
- Update to 3.0.1: [bsc#1193740, CVE-2021-4044]
* RNDR and RNDRRS support in provider functions to provide
random number generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS
version does not include the renegotiation mechanism. This
avoids confusion between that scenario versus when the TLS
version includes secure renegotiation but the peer lacks
support for it.
* The default SSL/TLS security level has been changed from 1 to 2.
RSA, DSA and DH keys of 1024 bits and above and less than 2048
bits and ECC keys of 160 bits and above and less than 224 bits
were previously accepted by default but are now no longer
allowed. By default TLS compression was already disabled in
previous OpenSSL versions. At security level 2 it cannot be
enabled.
* The SSL_CTX_set_cipher_list family functions now accept
ciphers using their IANA standard names.
* The PVK key derivation function has been moved from
b2i_PVK_bio_ex() into the legacy crypto provider as an
EVP_KDF. Applications requiring this KDF will need to load
the legacy crypto provider.
* The various OBJ_* functions have been made thread safe.
* CCM8 cipher suites in TLS have been downgraded to security
level zero because they use a short authentication tag which
lowers their strength.
* Subject or issuer names in X.509 objects are now displayed
as UTF-8 strings by default.
* Parallel dual-prime 1536/2048-bit modular exponentiation
for AVX512_IFMA capable processors.
* Tue Sep 7 2021 pmonreal@suse.com
- Update to 3.0.0
* The full list of changes since version 1.1.1 can be found in:
https://github.com/openssl/openssl/blob/master/CHANGES.md#openssl-30
* OpenSSL 3.0 wiki: https://wiki.openssl.org/index.php/OpenSSL_3.0
* The Migration guide:
https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod
* Thu Jul 29 2021 pmonreal@suse.com
- Update to 3.0.0 Beta 2
* The ERR_GET_FUNC() function was removed. With the loss of
meaningful function codes, this function can only cause problems
for calling applications.
* While a callback function set via 'SSL_CTX_set_cert_verify_callback()'
is not allowed to return a value > 1, this is no more taken as
failure.
* Deprecated the obsolete X9.31 RSA key generation related
functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(),
and BN_X931_generate_prime_ex().
- Remove openssl-ppc64-fix-build.patch fixed upstream
* Mon Jul 5 2021 pmonreal@suse.com
- Update to 3.0.0 Beta 1
* Add a configurable flag to output date formats as ISO 8601.
Does not change the default date format.
* Version of MSVC earlier than 1300 could get link warnings, which
could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049
was set. Support for this flag has been removed.
* Rework and make DEBUG macros consistent. Remove unused
- DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing
category and use it for printing reference counts. Rename
- DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG. Fix BN_DEBUG_RAND so it
compiles and, when set, force DEBUG_RAND to be set also. Rename
engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
* The public definitions of conf_method_st and conf_st have been
deprecated. They will be made opaque in a future release.
* Many functions in the EVP_ namespace that are getters of values
from implementations or contexts were renamed to include get or
get0 in their names. Old names are provided as macro aliases for
compatibility and are not deprecated.
* PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen()
into the legacy crypto provider as an EVP_KDF. Applications requiring
this KDF will need to load the legacy crypto provider. This includes
these PBE algorithms which use this KDF:
- NID_pbeWithMD2AndDES_CBC - NID_pbeWithMD5AndDES_CBC
- NID_pbeWithSHA1AndRC2_CBC - NID_pbeWithMD2AndRC2_CBC
- NID_pbeWithMD5AndRC2_CBC - NID_pbeWithSHA1AndDES_CBC
* Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and
BIO_debug_callback() functions.
- Fix build on ppc and ppc64
* Add openssl-ppc64-fix-build.patch
* See https://github.com/openssl/openssl/issues/15923
* Fri Jun 11 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 17
* Added migration guide to man7
* Implemented support for fully "pluggable" TLSv1.3 groups
* Added convenience functions for generating asymmetric key pairs.
* Added a proper HTTP client supporting GET with optional redirection,
POST, arbitrary request and response content types, TLS, persistent
connections, connections via HTTP(s) proxies, connections and
exchange via user-defined BIOs (allowing implicit connections), and
timeout checks.
* Mon May 10 2021 jsikes@suse.com
- Update to 3.0.0. Alpha 16
* Mark pop/clear error stack in der2key_decode_p8
* Sat May 1 2021 jsikes@suse.com
- Update to 3.0.0 Alpha 15
* The default manual page suffix ($MANSUFFIX) has been changed to "ossl"
* Added support for Kernel TLS (KTLS). In order to use KTLS, support for it
must be compiled in using the "enable-ktls" compile time option. It must
also be enabled at run time using the SSL_OP_ENABLE_KTLS option.
* The error return values from some control calls (ctrl) have changed.
One significant change is that controls which used to return -2 for
invalid inputs, now return -1 indicating a generic error condition instead.
* Removed EVP_PKEY_set_alias_type().
* All of these low level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and
RSA_test_flags.
* All of these RSA flags have been deprecated without replacement:
RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
RSA_METHOD_FLAG_NO_CHECK.
* These low level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated. Use
EVP_PKEY_is_a() to determine the type of a key. There is no replacement for
setting these flags.
* These low level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
* The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
* Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking
change from previous OpenSSL versions.
Unlike in previous OpenSSL versions, this means that applications must not
call 'EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)' to get SM2 computations.
The 'EVP_PKEY_set_alias_type' function has now been removed.
* Parameter and key generation is also reworked to make it possible
to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
SM2 keys directly and must not create an EVP_PKEY_EC key first.
* Mon Apr 19 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 14
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
* Wed Apr 14 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 13
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This
may mean that an error can occur in EVP_PKEY_derive_set_peer() rather than
during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
* Fri Feb 19 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 12
* The SRP APIs have been deprecated. The old APIs do not work via
providers, and there is no EVP interface to them. Unfortunately
there is no replacement for these APIs at this time.
* Add a compile time option to prevent the caching of provider
fetched algorithms. This is enabled by including the
no-cached-fetch option at configuration time.
* Combining the Configure options no-ec and no-dh no longer
disables TLSv1.3. Typically if OpenSSL has no EC or DH algorithms
then it cannot support connections with TLSv1.3. However OpenSSL
now supports "pluggable" groups through providers.
* The undocumented function X509_certificate_type() has been
deprecated; applications can use X509_get0_pubkey() and
X509_get0_signature() to get the same information.
* Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
functions. They are identical to BN_rand() and BN_rand_range()
respectively.
* The default key generation method for the regular 2-prime RSA keys
was changed to the FIPS 186-4 B.3.6 method (Generation of Probable
Primes with Conditions Based on Auxiliary Probable Primes). This
method is slower than the original method.
* Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex()
functions. They are replaced with the BN_check_prime() function
that avoids possible misuse and always uses at least 64 rounds of
the Miller-Rabin primality test.
* Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
as they are not useful with non-deprecated functions.
* Fri Feb 12 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 11
* Deprecated the obsolete X9.31 RSA key generation related
functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(),
and BN_X931_generate_prime_ex().
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_*().
These were used to collect all necessary data to form a HTTP
request, and to perform the HTTP transfer with that request.
With OpenSSL 3.0, the type is OSSL_HTTP_REQ_CTX, and the
deprecated functions are replaced with OSSL_HTTP_REQ_CTX_*().
* Validation of SM2 keys has been separated from the validation of
regular EC keys, allowing to improve the SM2 validation process
to reject loaded private keys that are not conforming to the SM2
ISO standard. In particular, a private scalar 'k' outside the
range '1 <= k < n-1' is now correctly rejected.
* Behavior of the 'pkey' app is changed, when using the '-check'
or '-pubcheck' switches: a validation failure triggers an early
exit, returning a failure exit status to the parent process.
* Changed behavior of SSL_CTX_set_ciphersuites() and
SSL_set_ciphersuites() to ignore unknown ciphers.
* All of the low level EC_KEY functions have been deprecated.
* Functions that read and write EC_KEY objects and that assign or
obtain EC_KEY objects from an EVP_PKEY are also deprecated.
* Added the '-copy_extensions' option to the 'x509' command for use
with '-req' and '-x509toreq'. When given with the 'copy' or
'copyall' argument, all extensions in the request are copied to
the certificate or vice versa.
* Added the '-copy_extensions' option to the 'req' command for use
with '-x509'. When given with the 'copy' or 'copyall' argument,
all extensions in the certification request are copied to the
certificate.
* The 'x509', 'req', and 'ca' commands now make sure that X.509v3
certificates they generate are by default RFC 5280 compliant in
the following sense: There is a subjectKeyIdentifier extension
with a hash value of the public key and for not self-signed certs
there is an authorityKeyIdentifier extension with a keyIdentifier
field or issuer information identifying the signing key. This is
done unless some configuration overrides the new default behavior,
such as 'subjectKeyIdentifier = none' and 'authorityKeyIdentifier
= none'.
* Sat Jan 9 2021 pmonreal@suse.com
- Update to 3.0.0 Alpha 10 (CVE-2020-1971)
* See full changelog: www.openssl.org/news/changelog.html
* Fixed NULL pointer deref in the GENERAL_NAME_cmp function
This function could crash if both GENERAL_NAMEs contain an
EDIPARTYNAME. If an attacker can control both items being
compared then this could lead to a possible denial of service
attack. OpenSSL itself uses the GENERAL_NAME_cmp function for
two purposes:
1) Comparing CRL distribution point names between an available
CRL and a CRL distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches
the timestamp authority name (exposed via the API functions
TS_RESP_verify_response and TS_RESP_verify_token)
* The -cipher-commands and -digest-commands options of the
command line utility list has been deprecated. Instead use
the -cipher-algorithms and -digest-algorithms options.
* Additionally functions that read and write DH objects such as
d2i_DHparams, i2d_DHparams, PEM_read_DHparam, PEM_write_DHparams
and other similar functions have also been deprecated.
Applications should instead use the OSSL_DECODER and OSSL_ENCODER
APIs to read and write DH files.
* Thu Dec 17 2020 pmonreal@suse.com
- Update to 3.0.0 Alpha 9
* See also https://www.openssl.org/news/changelog.html
* Deprecated all the libcrypto and libssl error string loading
functions. Calling these functions is not necessary since
OpenSSL 1.1.0, as OpenSSL now loads error strings automatically.
* The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as
well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been
deprecated. These are used to set the Diffie-Hellman (DH) parameters that
are to be used by servers requiring ephemeral DH keys. Instead applications
should consider using the built-in DH parameters that are available by
calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto().
* The -crypt option to the passwd command line tool has been removed.
* The -C option to the x509, dhparam, dsaparam, and ecparam commands
has been removed.
* Added several checks to X509_verify_cert() according to requirements in
RFC 5280 in case 'X509_V_FLAG_X509_STRICT' is set (which may be done by
using the CLI option '-x509_strict'):
- The basicConstraints of CA certificates must be marked critical.
- CA certificates must explicitly include the keyUsage extension.
- If a pathlenConstraint is given the key usage keyCertSign must be allowed.
- The issuer name of any certificate must not be empty.
- The subject name of CA certs, certs with keyUsage crlSign,
and certs without subjectAlternativeName must not be empty.
- If a subjectAlternativeName extension is given it must not be empty.
- The signatureAlgorithm field and the cert signature must be consistent.
- Any given authorityKeyIdentifier and any given subjectKeyIdentifier
must not be marked critical.
- The authorityKeyIdentifier must be given for X.509v3 certs
unless they are self-signed.
- The subjectKeyIdentifier must be given for all X.509v3 CA certs.
* Certificate verification using X509_verify_cert() meanwhile rejects EC keys
with explicit curve parameters (specifiedCurve) as required by RFC 5480.
* Thu Nov 5 2020 pmonreal@suse.com
- Update to 3.0.0 Alpha 8
* Add support for AES Key Wrap inverse ciphers to the EVP layer.
The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
"AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV"
and "AES-256-WRAP-PAD-INV". The inverse ciphers use AES decryption
for wrapping, and AES encryption for unwrapping.
* Deprecated EVP_PKEY_set1_tls_encodedpoint() and
EVP_PKEY_get1_tls_encodedpoint(). These functions were previously
used by libssl to set or get an encoded public key in/from an
EVP_PKEY object. With OpenSSL 3.0 these are replaced by the more
generic functions EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_encoded_public_key(). The old versions have been
converted to deprecated macros that just call the new functions.
* The security callback, which can be customised by application
code, supports the security operation SSL_SECOP_TMP_DH. This is
defined to take an EVP_PKEY in the "other" parameter. In most
places this is what is passed. All these places occur server side.
However there was one client side call of this security operation
and it passed a DH object instead. This is incorrect according to
the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
of the other locations. Therefore this client side call has been
changed to pass an EVP_PKEY instead.
* Added new option for 'openssl list', '-providers', which will
display the list of loaded providers, their names, version and
status. It optionally displays their gettable parameters.
* Deprecated pthread fork support methods. These were unused so no
replacement is required. OPENSSL_fork_prepare(),
OPENSSL_fork_parent() and OPENSSL_fork_child().
- Remove openssl-AES_XTS.patch fixed upstream
* Fri Oct 16 2020 pmonreal@suse.com
- Fix build on ppc* architectures
* Fix tests failing: 30-test_acvp.t and 30-test_evp.t
* https://github.com/openssl/openssl/pull/13133
- Add openssl-AES_XTS.patch for ppc64, ppc64le and aarch64
* Fri Oct 16 2020 pmonreal@suse.com
- Re-enable test 81-test_cmp_cli.t fixed upstream
* Thu Oct 15 2020 pmonreal@suse.com
- Update to 3.0.0 Alpha 7
* Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public
interface. Their functionality remains unchanged.
* Deprecated EVP_PKEY_set_alias_type(). This function was previously
needed as a workaround to recognise SM2 keys. With OpenSSL 3.0, this key
type is internally recognised so the workaround is no longer needed.
* Deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() & introduced
EVP_PKEY_CTX_set1_rsa_keygen_pubexp(), which is now preferred.
* Changed all "STACK" functions to be macros instead of inline functions.
Macro parameters are still checked for type safety at compile time via
helper inline functions.
* Remove the RAND_DRBG API:
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()).
Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.
* Added the options '-crl_lastupdate' and '-crl_nextupdate' to 'openssl ca',
allowing the 'lastUpdate' and 'nextUpdate' fields in the generated CRL to
be set explicitly.
* 'PKCS12_parse' now maintains the order of the parsed certificates
when outputting them via '*ca' (rather than reversing it).
- Update openssl-DEFAULT_SUSE_cipher.patch
* Fri Aug 7 2020 callumjfarmer13@gmail.com
- Removed 0001-Fix-typo-for-SSL_get_peer_certificate.patch:
contained in upstream.
- Update to 3.0.0 Alpha 6
* Added util/check-format.pl for checking adherence to the coding guidelines.
* Allow SSL_set1_host() and SSL_add1_host() to take IP literal addresses
as well as actual hostnames.
* The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configuring DTLS-based contexts, and
conversely, silently ignore DTLS protocol version bounds when configuring
TLS-based contexts. The commands can be repeated to set bounds of both
types. The same applies with the corresponding "min_protocol" and
"max_protocol" command-line switches, in case some application uses both TLS
and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds. Previously
attempts to apply bounds to these protocol versions would result in an
error. Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.
* Mon Jul 20 2020 vcizek@suse.com
- Fix linking when the deprecated SSL_get_per_certificate() is in use
* https://github.com/openssl/openssl/pull/12468
* add 0001-Fix-typo-for-SSL_get_peer_certificate.patch
* Fri Jul 17 2020 pmonrealgonzalez@suse.com
- Update to 3.0.0 Alpha 5
* Deprecated the 'ENGINE' API. Engines should be replaced with
providers going forward.
* Reworked the recorded ERR codes to make better space for system errors.
To distinguish them, the macro 'ERR_SYSTEM_ERROR()' indicates
if the given code is a system error (true) or an OpenSSL error (false).
* Reworked the test perl framework to better allow parallel testing.
* Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and
AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported.
* 'Configure' has been changed to figure out the configuration target if
none is given on the command line. Consequently, the 'config' script is
now only a mere wrapper. All documentation is changed to only mention
'Configure'.
* Added a library context that applications as well as other libraries can use
to form a separate context within which libcrypto operations are performed.
- There are two ways this can be used:
1) Directly, by passing a library context to functions that take
such an argument, such as 'EVP_CIPHER_fetch' and similar algorithm
fetching functions.
2) Indirectly, by creating a new library context and then assigning
it as the new default, with 'OPENSSL_CTX_set0_default'.
- All public OpenSSL functions that take an 'OPENSSL_CTX' pointer,
apart from the functions directly related to 'OPENSSL_CTX', accept
NULL to indicate that the default library context should be used.
- Library code that changes the default library context using
'OPENSSL_CTX_set0_default' should take care to restore it with a
second call before returning to the caller.
* The security strength of SHA1 and MD5 based signatures in TLS has been
reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
working at the default security level of 1 and instead requires security
level 0. The security level can be changed either using the cipher string
with @SECLEVEL, or calling SSL_CTX_set_security_level().
* The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced. If that option is
set, openssl cleanses (zeroize) plaintext bytes from internal buffers
after delivering them to the application. Note, the application is still
responsible for cleansing other copies (e.g.: data received by SSL_read(3)).
- Update openssl-ppc64-config.patch
* Fri Jun 26 2020 vcizek@suse.com
- Update to 3.0.0 Alpha 4
* general improvements to the built-in providers, the providers API and the internal plumbing and the provider-aware mechanisms for libssl
* general improvements and fixes in the CLI apps
* support for Automated Cryptographic Validation Protocol (ACVP) tests
* fully pluggable TLS key exchange capability from providers
* finalization of the Certificate Management Protocol (CMP) contribution, adding an impressive amount of tests for the new features
* default to the newer SP800-56B compliant algorithm for RSA keygen
* provider-rand: PRNG functionality backed by providers
* refactored naming scheme for dispatched functions (#12222)
* fixes for various issues
* extended and improved test coverage
* additions and improvements to the documentations
- Fix license: Apache-2.0
- temporarily disable broken 81-test_cmp_cli.t test
* https://github.com/openssl/openssl/issues/12324
* Thu Jun 4 2020 vcizek@suse.com
- Update to 3.0.0 Alpha 3
* general improvements to the built-in providers, the providers API and the internal plumbing and the provider-aware mechanisms for libssl;
* general improvements and fixes in the CLI apps;
* cleanup of the EC API:
EC_METHOD became an internal-only concept, and functions using or returning EC_METHOD arguments have been deprecated;
EC_POINT_make_affine() and EC_POINTs_make_affine() have been deprecated in favor of automatic internal handling of conversions when needed;
EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and EC_KEY_precompute_mult() have been deprecated, as such precomputation data is now rarely used;
EC_POINTs_mul() has been deprecated, as for cryptographic applications EC_POINT_mul() is enough.
* the CMS API got support for CAdES-BES signature verification;
* introduction of a new SSL_OP_IGNORE_UNEXPECTED_EOF option;
* improvements to the RSA OAEP support;
* FFDH support in the speed app;
* CI: added external testing through the GOST engine;
* fixes for various issues;
* extended and improved test coverage;
* additions and improvements to the documentations.
* Sat May 23 2020 jengelh@inai.de
- Use find -exec +. Replace 'pwd' by simply $PWD.
- Drop Obsoletes on libopenssl1*. libopenssl3 has a new SONAME and
does not conflict with anything previously.
* Wed May 20 2020 vcizek@suse.com
- Obsolete openssl 1.1
- Update baselibs.conf
- Set man page permissions to 644
* Fri May 15 2020 vcizek@suse.com
- Update to 3.0.0 Alpha 2
* general improvements to the built-in providers, the providers API and the internal plumbing;
* the removal of legacy API functions related to FIPS mode, replaced by new provider-based mechanisms;
* the addition of a new cmp app for RFC 4210;
* extended and improved test coverage;
* improvements to the documentations;
* fixes for various issues.
- drop obsolete version.patch
* Thu Apr 23 2020 vcizek@suse.com
- Initial packaging 3.0.0 Alpha 1
* Major Release
OpenSSL 3.0 is a major release and consequently any application
that currently uses an older version of OpenSSL will at the
very least need to be recompiled in order to work with the new version.
It is the intention that the large majority of applications will
work unchanged with OpenSSL 3.0 if those applications previously
worked with OpenSSL 1.1.1. However this is not guaranteed and
some changes may be required in some cases.
* Providers and FIPS support
Providers collect together and make available algorithm implementations.
With OpenSSL 3.0 it is possible to specify, either programmatically
or via a config file, which providers you want to use for any given application
* Low Level APIs
Use of the low level APIs have been deprecated.
* Legacy Algorithms
Some cryptographic algorithms that were available via the EVP APIs
are now considered legacy and their use is strongly discouraged.
These legacy EVP algorithms are still available in OpenSSL 3.0 but not by default.
If you want to use them then you must load the legacy provider.
* Engines and "METHOD" APIs
The ENGINE API and any function that creates or modifies custom "METHODS"
are being deprecated in OpenSSL 3.0
Authors and maintainers of external engines are strongly encouraged to
refactor their code transforming engines into providers using
the new Provider API and avoiding deprecated methods.
* Versioning Scheme
The OpenSSL versioning scheme has changed with the 3.0 release.
The new versioning scheme has this format: MAJOR.MINOR.PATCH
The patch level is indicated by the third number instead of a letter
at the end of the release version number.
A change in the second (MINOR) number indicates that new features may have been added.
OpenSSL versions with the same major number are API and ABI compatible.
If the major number changes then API and ABI compatibility is not guaranteed.
* Other major new features
Implementation of the Certificate Management Protocol (CMP, RFC 4210)
also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
A proper HTTP(S) client in libcrypto supporting GET and POST,
redirection, plain and ASN.1-encoded contents, proxies, and timeouts
EVP_KDF APIs have been introduced for working with Key Derivation Functions
EVP_MAC APIs have been introduced for working with MACs
Support for Linux Kernel TLS

253
openssl-3.spec Normal file
View file

@ -0,0 +1,253 @@
#
# spec file for package openssl-3
#
# Copyright (c) 2022-2023 ZhuningOS
#
%define ssletcdir %{_sysconfdir}/ssl
%define sover 3
%define _rname openssl
Name: openssl-3
# Don't forget to update the version in the "openssl" package!
Version: 3.0.8
Release: 150500.5.8.1
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
URL: https://www.openssl.org/
Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
# to get mtime of file:
Source1: %{name}.changes
Source2: baselibs.conf
Source3: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
# https://www.openssl.org/about/
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
Source4: %{_rname}.keyring
Source5: showciphers.c
# PATCH-FIX-OPENSUSE: do not install html mans as it takes ages
Patch1: openssl-1.1.0-no-html.patch
Patch2: openssl-truststore.patch
Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch
# Patches for crypto-policies
Patch7: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch
# use openssl3.cnf
Patch9: openssl-use-versioned-config.patch
Patch10: fix-config-in-tests.patch
# PATCH-FIX-UPSTREAM: bsc#1209624, CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints
Patch11: openssl-CVE-2023-0464.patch
# PATCH-FIX-UPSTREAM: bsc#1209878, CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored
Patch12: openssl-CVE-2023-0465.patch
# PATCH-FIX-UPSTREAM: bsc#1209873, CVE-2023-0466 Certificate policy check not enabled
Patch13: openssl-CVE-2023-0466.patch
# PATCH-FIX-UPSTREAM: bsc#1210714, CVE-2023-1255: Input buffer over-read in AES-XTS implementation on 64 bit ARM
Patch14: openssl-CVE-2023-1255.patch
# PATCH-FIX-UPSTREAM: bsc#1211430, CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
Patch15: openssl-CVE-2023-2650.patch
# PATCH-FIX-UPSTREAM: bsc#1213383, CVE-2023-2975 AES-SIV ignores empty data entries
Patch16: openssl-CVE-2023-2975.patch
# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
Patch17: openssl-CVE-2023-3446.patch
Patch18: openssl-CVE-2023-3446-test.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
# Add requires for ct_log_list.cnf{,.dist}
Requires: openssl
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
Requires: crypto-policies
%endif
%description
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl3
Summary: Secure Sockets and Transport Layer Security
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
Requires: crypto-policies
%endif
Recommends: ca-certificates-mozilla
%description -n libopenssl3
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl-3-devel
Summary: Development files for OpenSSL
Requires: libopenssl3 = %{version}
Requires: pkgconfig(zlib)
Recommends: %{name} = %{version}
# We need to have around only the exact version we are able to operate with
Conflicts: libopenssl-devel < %{version}
Conflicts: libopenssl-devel > %{version}
Conflicts: libressl-devel
Conflicts: ssl-devel
%description -n libopenssl-3-devel
This subpackage contains header files for developing applications
that want to make use of the OpenSSL C API.
%package doc
Summary: Additional Package Documentation
Conflicts: openssl-doc
Provides: openssl-doc = %{version}
Obsoletes: openssl-doc < %{version}
BuildArch: noarch
%description doc
This package contains optional documentation provided in addition to
this package's base documentation.
%prep
%autosetup -p1 -n %{_rname}-%{version}
%build
%ifarch armv5el armv5tel
export MACHINE=armv5el
%endif
%ifarch armv6l armv6hl
export MACHINE=armv6l
%endif
./config \
no-idea \
no-ec2m \
enable-rfc3779 \
%ifarch x86_64 aarch64 ppc64le
enable-ec_nistp_64_gcc_128 \
%endif
enable-camellia \
zlib \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
%{optflags} \
-Wa,--noexecstack \
-Wl,-z,relro,-z,now \
-fno-common \
-DTERMIO \
-DPURIFY \
-D_GNU_SOURCE \
-DOPENSSL_NO_BUF_FREELISTS \
$(getconf LFS_CFLAGS) \
-Wall \
--with-rand-seed=getrandom \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config
# Show build configuration
perl configdata.pm --dump
# util/mkdef.pl crypto update
%make_build depend
%make_build all
%check
# We must revert patch8 before running tests, otherwise they will fail.
patch -p1 -R < %{P:8}
export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
# export HARNESS_VERBOSE=yes
LD_LIBRARY_PATH="$PWD" make TESTS='-test_evp_fetch_prov -test_tsa' test -j1
# show ciphers
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install
%make_install %{?_smp_mflags}
# Kill static libs
rm -f %{buildroot}%{_libdir}/lib*.a
# Remove the cnf.dist
rm -f %{buildroot}%{_sysconfdir}/ssl/openssl3.cnf.dist
mkdir %{buildroot}/%{_datadir}/ssl-3
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl-3/
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
mkdir %{buildroot}/%{_datadir}/ssl
# Rename binary
mv %{buildroot}%{_bindir}/%{_rname} %{buildroot}%{_bindir}/%{name}
# Avoid file conflicts with man pages from other packages
pushd %{buildroot}/%{_mandir}
find . -type f -exec chmod 644 {} +
# Some man pages now contain spaces. This makes several
# scripts go havoc, among them /usr/sbin/Check.
# Replace spaces by underscores
# for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
touch $OLDPWD/filelist.doc $OLDPWD/filelist
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do
if test -L $i ; then
LDEST=`readlink $i`
rm -f $i ${i}ssl
ln -sf ${LDEST}ssl-3 ${i}ssl-3
else
mv $i ${i}ssl-3
fi
case "$i" in
*.1)
# These are the pages mentioned in openssl(1). They go into the main package.
echo %doc %{_mandir}/${i}ssl-3%{?ext_man} >> $OLDPWD/filelist;;
*)
# The rest goes into the openssl-doc package.
echo %doc %{_mandir}/${i}ssl-3%{?ext_man} >> $OLDPWD/filelist.doc;;
esac
done
popd
mv %{buildroot}%{_bindir}/c_rehash %{buildroot}%{_bindir}/c_rehash-3
# They are provided by openssl package
rm %{buildroot}%{ssletcdir}/ct_log_list.cnf*
# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} +
# Place showciphers.c for %%doc macro
cp %{SOURCE5} .
%post -n libopenssl3 -p /sbin/ldconfig
%postun -n libopenssl3 -p /sbin/ldconfig
%files -n libopenssl3
%license LICENSE.txt
%{_libdir}/libssl.so.%{sover}
%{_libdir}/libcrypto.so.%{sover}
%{_libdir}/engines-%{sover}
%dir %{_libdir}/ossl-modules
#%%{_libdir}/ossl-modules/fips.so
%{_libdir}/ossl-modules/legacy.so
%files -n libopenssl-3-devel
%{_includedir}/%{_rname}/
%{_includedir}/ssl
%{_libdir}/libssl.so
%{_libdir}/libcrypto.so
%{_libdir}/pkgconfig/libcrypto.pc
%{_libdir}/pkgconfig/libssl.pc
%{_libdir}/pkgconfig/openssl.pc
%files doc -f filelist.doc
%doc doc/* demos
%doc showciphers.c
%files -f filelist
%doc CHANGE*
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl3.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl-3
%{_datadir}/ssl-3/misc
%{_bindir}/c_rehash-3
%{_bindir}/%{name}
%changelog

305
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Normal file
View file

@ -0,0 +1,305 @@
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 10:16:46 +0200
Subject: Add support for PROFILE=SYSTEM system default cipherlist
(was openssl-1.1.1-system-cipherlist.patch)
---
Configurations/unix-Makefile.tmpl | 5 ++
Configure | 11 ++++
doc/man1/openssl-ciphers.pod.in | 9 +++
include/openssl/ssl.h.in | 5 ++
ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++++++++-----
ssl/ssl_lib.c | 4 -
test/cipherlist_test.c | 2
util/libcrypto.num | 1
8 files changed, 110 insertions(+), 14 deletions(-)
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
+
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
--- a/Configure
+++ b/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -387,6 +391,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -989,6 +994,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+=item B<PROFILE=SYSTEM>
+
+The list of enabled cipher suites will be loaded from the system crypto policy
+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
+See also L<update-crypto-policies(8)>.
+This is the default behavior unless an application explicitly sets a cipher
+list. If used in a cipher list configuration value this string must be at the
+beginning of the cipher list, otherwise it will not be recognized.
+
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -210,6 +210,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
+# ifdef SYSTEM_CIPHERS_FILE
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+# else
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
+# endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c
return ret;
}
+#ifdef SYSTEM_CIPHERS_FILE
+static char *load_system_str(const char *suffix)
+{
+ FILE *fp;
+ char buf[1024];
+ char *new_rules;
+ const char *ciphers_path;
+ unsigned len, slen;
+
+ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ ciphers_path = SYSTEM_CIPHERS_FILE;
+ fp = fopen(ciphers_path, "r");
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
+ /* cannot open or file is empty */
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
+ }
+
+ if (fp)
+ fclose(fp);
+
+ slen = strlen(suffix);
+ len = strlen(buf);
+
+ if (buf[len - 1] == '\n') {
+ len--;
+ buf[len] = 0;
+ }
+ if (buf[len - 1] == '\r') {
+ len--;
+ buf[len] = 0;
+ }
+
+ new_rules = OPENSSL_malloc(len + slen + 1);
+ if (new_rules == 0)
+ return NULL;
+
+ memcpy(new_rules, buf, len);
+ if (slen > 0) {
+ memcpy(&new_rules[len], suffix, slen);
+ len += slen;
+ }
+ new_rules[len] = 0;
+
+ return new_rules;
+}
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1452,15 +1499,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
+#ifdef SYSTEM_CIPHERS_FILE
+ char *new_rules = NULL;
+
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
+ char *p = rule_str + 14;
+
+ new_rules = load_system_str(p);
+ rule_str = new_rules;
+ }
+#endif
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ goto err;
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
- return NULL;
+ goto err;
/*
* To reduce the work to do we only want to process the compiled
@@ -1482,7 +1539,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1548,8 +1605,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1593,9 +1649,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1628,8 +1683,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1637,10 +1691,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules); /* Not needed anymore */
+#endif
+
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1692,6 +1749,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*cipher_list = cipherstack;
return cipherstack;
+
+err:
+ OPENSSL_free(co_list);
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules);
+#endif
+ return NULL;
+
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
- OSSL_default_cipher_list(), ctx->cert);
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -3285,7 +3285,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
- OSSL_default_cipher_list(), ret->cert)
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -246,7 +246,9 @@ end:
int setup_tests(void)
{
+#ifndef SYSTEM_CIPHERS_FILE
ADD_TEST(test_default_cipherlist_implicit);
+#endif
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1;
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5428,3 +5428,4 @@ EVP_PKEY_CTX_get0_provider
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:

814
openssl-CVE-2023-0464.patch Normal file
View file

@ -0,0 +1,814 @@
From 8481ba26a84d6d9c5b54c2b3773b3923a684d8b2 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 8 Mar 2023 15:28:20 +1100
Subject: [PATCH 1/3] x509: excessive resource use verifying policy constraints
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Fixes CVE-2023-0464
---
CHANGES.md | 9
crypto/x509/pcy_local.h | 8
crypto/x509/pcy_node.c | 12
crypto/x509/pcy_tree.c | 36
test/recipes/80-test_policy_tree.t | 41 +
test/recipes/80-test_policy_tree_data/large_leaf.pem | 11
test/recipes/80-test_policy_tree_data/large_policy_tree.pem | 434 ++++++++++++
test/recipes/80-test_policy_tree_data/small_leaf.pem | 11
test/recipes/80-test_policy_tree_data/small_policy_tree.pem | 70 +
9 files changed, 618 insertions(+), 14 deletions(-)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,15 @@ breaking changes, and mappings for the l
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
+ * Limited the number of nodes created in a policy tree to mitigate
+ against CVE-2023-0464. The default limit is set to 1000 nodes, which
+ should be sufficient for most installations. If required, the limit
+ can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
+ time define to a desired maximum number of nodes or zero to allow
+ unlimited growth.
+
+ *Paul Dale*
+
* Fixed NULL dereference during PKCS7 data verification.
A NULL pointer can be dereferenced when signatures are being
--- a/crypto/x509/pcy_local.h
+++ b/crypto/x509/pcy_local.h
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
};
struct X509_POLICY_TREE_st {
+ /* The number of nodes in the tree */
+ size_t node_count;
+ /* The maximum number of nodes in the tree */
+ size_t node_maximum;
+
/* This is the tree 'level' data */
X509_POLICY_LEVEL *levels;
int nlevel;
@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
+ X509_POLICY_TREE *tree,
+ int extra_data);
void ossl_policy_node_free(X509_POLICY_NODE *node);
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
--- a/crypto/x509/pcy_node.c
+++ b/crypto/x509/pcy_node.c
@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree)
+ X509_POLICY_TREE *tree,
+ int extra_data)
{
X509_POLICY_NODE *node;
+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+ return NULL;
+
node = OPENSSL_zalloc(sizeof(*node));
if (node == NULL) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
node->data = data;
node->parent = parent;
- if (level) {
+ if (level != NULL) {
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
if (level->anyPolicy)
goto node_error;
@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
}
- if (tree) {
+ if (extra_data) {
if (tree->extra_data == NULL)
tree->extra_data = sk_X509_POLICY_DATA_new_null();
if (tree->extra_data == NULL){
@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
}
+ tree->node_count++;
if (parent)
parent->nchild++;
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -14,6 +14,17 @@
#include "pcy_local.h"
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
static void expected_print(BIO *channel,
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
int indent)
@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **
return X509_PCY_TREE_INTERNAL;
}
+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
/*
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
*
@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **
if ((data = ossl_policy_data_new(NULL,
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
goto bad_tree;
- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
ossl_policy_data_free(data);
goto bad_tree;
}
@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **
* Return value: 1 on success, 0 otherwise
*/
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data)
+ X509_POLICY_DATA *data,
+ X509_POLICY_TREE *tree)
{
X509_POLICY_LEVEL *last = curr - 1;
int i, matched = 0;
@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
if (ossl_policy_node_match(last, node, data->valid_policy)) {
- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
return 0;
matched = 1;
}
}
if (!matched && last->anyPolicy) {
- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
return 0;
}
return 1;
@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509
* Return value: 1 on success, 0 otherwise.
*/
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache)
+ const X509_POLICY_CACHE *cache,
+ X509_POLICY_TREE *tree)
{
int i;
@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_L
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
/* Look for matching nodes in previous level */
- if (!tree_link_matching_nodes(curr, data))
+ if (!tree_link_matching_nodes(curr, data, tree))
return 0;
}
return 1;
@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLIC
/* Curr may not have anyPolicy */
data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
ossl_policy_data_free(data);
return 0;
}
@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEV
/* Finally add link to anyPolicy */
if (last->anyPolicy &&
ossl_policy_level_add_node(curr, cache->anyPolicy,
- last->anyPolicy, NULL) == NULL)
+ last->anyPolicy, tree, 0) == NULL)
return 0;
return 1;
}
@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
| POLICY_DATA_FLAG_EXTRA_NODE;
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
- tree);
+ tree, 1);
}
if (!tree->user_policies) {
tree->user_policies = sk_X509_POLICY_NODE_new_null();
@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TRE
for (i = 1; i < tree->nlevel; i++, curr++) {
cache = ossl_policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
+ if (!tree_link_nodes(curr, cache, tree))
return X509_PCY_TREE_INTERNAL;
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
--- /dev/null
+++ b/test/recipes/80-test_policy_tree.t
@@ -0,0 +1,41 @@
+#! /usr/bin/env perl
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use OpenSSL::Test qw/:DEFAULT srctop_file with data_file/;
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Glob;
+
+setup("test_policy_tree");
+
+plan tests => 2;
+
+# The small pathological tree is expected to work
+my $small_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
+ "small_policy_tree.pem");
+my $small_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
+ "small_leaf.pem");
+
+ok(run(app(["openssl", "verify", "-CAfile", $small_chain,
+ "-policy_check", $small_leaf])),
+ "test small policy tree");
+
+# The large pathological tree is expected to fail
+my $large_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
+ "large_policy_tree.pem");
+my $large_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
+ "large_leaf.pem");
+
+ok(!run(app(["openssl", "verify", "-CAfile", $large_chain,
+ "-policy_check", $large_leaf])),
+ "test large policy tree");
--- /dev/null
+++ b/test/recipes/80-test_policy_tree_data/large_leaf.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmTCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE
+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEp6Qe
+jrN6A0ZjqaFbX/zO01aVYXH5kthBDTEO/fU4H0CdwqrfyMsFrObwssrTJcsmSFKP
+x1FYr8wT2wCACs19lqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t
+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49
+BAMCA0gAMEUCIDGT8SVBkWJEZ2EzXm8M895NrNRmfc8uoheP0KKv+ndHAiEA2Onr
+20J+zTaR7vONY/1DleMm7fGY3UxTobSHSvOKbfY=
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem
@@ -0,0 +1,434 @@
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgyLz1C0dD
+ib5J/QmoE4d+Nf5yvvlzjVZHWIu7iCMEqK67cnA1RtMp1d0xdiNQS6si3ExNPBF+
+ELdkP0E6x26Jo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSs+ml5upH1h25oUB0Ep4vd
+SUdZ/DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAOME8j1/cMogNnuNCb0O
+RIOE9pLP4je78KJiP8CZm0iOAiALr8NI67orD/VpfRptkjCmOd7rTWMVOOJfBr6N
+VJFLjw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIdzU/FF3Y
+rTsTX04fRIN2yrZwxvOAfZ6DuEgKRxEimJx1nCyETuMmfDowm52mx/Cyk08xorp8
+PhGEbacMd9kio4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSwok/8RfJbVGTzyF5jhWLc
+hO7pcDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgYVF7bXxUuOzAZF6SmeIJ
+s+iL15bLSQ2rW7QDc6QYp9MCIAup6YokIcr8JaGttHmLaKbASQLxYDGHhfFIVZuI
+BDvT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ38Llxxj32
+H3NN4Z1V8IuRKXLNhdU4z+NbT1rahusEyAHF+z9VTjim+HHfqFKV1QyNOJZ4rMA9
+J/gODWsNCT4po4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS11YgFNKTx3a6kssIijnA9
+DiOhoTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAJXNZHMpvlnMfxhcG6EF
+Vw1pEXJ+iZnWT+Yu02a2zhamAiAiOKNhALBw/iKhQrwLo0cdx6UEfUKbaqTSGiax
+tHUylA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo81HWQ/we
+egmoO/LMntQK1VQ9YzU627nblv/XWoOjEd/tBeE8+Un4jUnhZqNrP2TAzy48jEaT
+1DShCQNQGek7o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6/F38QgbZSHib0W1XtMfs
+4O5DTDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgXMYCQWi5/6iQw+zqyEav
+CE7kOfTpm9GN4bZX5Eau5AACIQD0rDZwsjWf6hI2Hn8IlpwYVVC9bpxrAM/JmYuu
+79V/uw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARsPMjOkmzJ
+2jwT30mKUvAFYVgOlgcoXxYr61p54mbQMmmH49ABmJQMu5rjwjwYlYA3UzbEN9ki
+hMsJz/4JIrJGo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQeflZRWUze+7jne9MkYYy5
+iWFgJDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAIN6BjMnPlixl3i6Z1Xa
+pZQt52MOCHPm0XzXDn2XlC9+AiAn146u8rbppdEGMFr21vfFZaktwEb0cZkC9fBp
+S1uKwQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBBjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVmpozZzxX
+f6rFinkqS0y8sfbOwcM0gNuR0x83mmZH5+a8W4ug5W80QiBaS3rHtwTsFHpCeQKq
+eJvfb/esgJu8o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQPuF2sXR0vOHJynh57qefK
++h7RGDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgDX0jHPq1alZoMbPDmbZp
+QYuM9UQagQ5KJgVU1B0Mh2ECIQCtdyfT2h5jZvz3lLKkQ9a6LddIuqsyNKDAxbpb
+PlBOOA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBBzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgODAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASb+9fN9RLe
+SHGynsKXhLWGhIS/kZ6Yl97+h23xpjLaZUOzhn5VafXdmLrQ4BmqSMHqIKzcc8IB
+STV3NwO4NxPBo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTBF9x+MrsyqoCaTQ2kB7Bn
+tpK2qDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAI37Di/5MrSj2clr+2pX
+iXzeDIvlaxzVetyH3ibUZZBSAiA41aPIssHi9evv2mZonEvXY8g+DKbh/3L2mSub
+/AyLoA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICETCCAbagAwIBAgIBCDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgOTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRS12/zEP
+RUNye9SLadN4xK+xfTwyXfxeC+jam+J98lOMcHz6abnLpk5tJ7wab4Pkygsbj1V2
+STxeW+YH23dto4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQYpYFLhosbir7KoyYdehsQ
+6DdLfzAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAPTCN+zWFG2cFzJ+nlfg
+JMY4U2e3vqTQmFeBXYlBASb9AiEA0KvsyNwloF1YeeaYcP5iHoRGRo8UMD3QWKEE
+vWI14Uk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbegAwIBAgIBCTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBYxFDASBgNV
+BAMTC1BvbGljeSBDQSA5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoR4udEgt
+usb9f946+Xznm7Q3OaW4DTZjO7wqX1I+27zDp0JrUbCZwtm0Cw+pYkG5kPpNcFTK
+7yG3YgqM1sT+6aOB8jCB7zAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjgtOHvFBcUQ03AKUbvuJ
+IWO5lzUwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwcQYD
+VR0hBGowaDAYBgpghkgBZQMCATABBgpghkgBZQMCATABMBgGCmCGSAFlAwIBMAEG
+CmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwATAYBgpghkgBZQMC
+ATACBgpghkgBZQMCATACMAoGCCqGSM49BAMCA0cAMEQCICIboTAzG1DvCY/0tA/o
+l18zrW9qKVnt4mxih5JQe4fOAiBOF2ZeUT2/ZtdFhZmg+zl/fGrQ1xEx09/S956k
+Ig4S9Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBCjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLxetqJp
+VR6apJytboxFCCooQ7jVcc7yoHhjlH8HsaJS3GrWpyMgiqOfyWt4KFMynKkgCU1K
+1QcU9aC5BfRQpyWjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD6etMtD6Qpa7TjVQBgV
+/4PhZP4DMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA+5uiOjJoq5nU7lKN
+rZtBdYNqUKvHuYB+jiNEfWvxx2cCIFZEJCGw8fzqkAyGWkLe10w8PUzPM64nh757
+pEtxCzZh
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBCzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPQuXEeo
+BrbyENdz9HqAoWMSQx1BErsUcQaneq3L0/VHHJBPKihb8s4nB/2yZaEarr8LFAvi
+ofx+4egydkP0mJ+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIoC4qL79Uy3+m26Y+ch
++sE6gCOMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAx/vMDhaH4EYTM2v9
+GeM1xTP9pNRgak69JQLKLu1VM1YCIF1RYC8Fma5Bc0cZAYY+Gj7dEf9qHj1TODA5
+C9es2CPY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICETCCAbigAwIBAgIBDDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlEv73o
+ej8Xvc3UodhSHkech80DbuBKdeldOTrRp6ZaVUP3vMgjNUJkh4WkvP3UVTe5SV4D
+zQXDIiwAEJu+zdmjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCAn0wYXyRdliJOBFvvJ
+eZoGTiyOMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiAo2PPmLBZpcT0bst/C
+SXvnl3gztIZu89O1MKsNwFcM9QIgIzqZx/o9MF/fP7zbLWErVcUQViOGiCRBLVh7
+ppb7CoA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBDTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB8mgAoN
+rmFo937IBKXKuxHedUjOL7y3cpDYD1H3C4HRDBQDVOL31lC5kJUhS4HBLvJQwebR
+2kW35E3AnhbY/oKjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBGbO20Xp/q0fPChjLHL
+WuJwSNc1MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA3qGzdevdYfmiSBj9
+t9oE8hfEP+APqGiStlOLKD6xVK0CIQDq9cVa2KXMEz7YwmMO3lxoQFDPEXftbRaC
+edFB7q/YXg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBDjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHDiOMtx
+5sfJs/WDnw0xS5NYlkbgy2eOZHAmC/jhRp6cjShZrr2/S4IJsH8B2VMcYAHgum6a
+eMjqWFIMxIjN5xyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOWtYUeAPk66m0o6Z7ax
+1RN42wmkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA+AcazVKKPfqkpcJw
+rkXWIyZrTe+1PNETQzaJCooGNGkCIQDdfHf1I78e+ogaDcjkDe0s3R9VhkvjCty6
+uKKFtNGHMQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBDzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKCkdSYz
++zyHItG2rQSyCh018b4bu9Zrw8nzkCBgkT2IyycNtpabYkWhxcEL29ZFqBnB+l7N
+5fYmHl5CmflJPh+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNanrmjMEN3PndPGeucm
+mST9ucNWMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiAFt48yhTTv0rP29N8H
+yRhAQGfnV4t1b8JucixLSfe32QIhAOef6iiwLxbBOMUn5ZN/WAK5TERem6DLSzWN
+/PTXHAAt
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICETCCAbigAwIBAgIBEDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5txyDp
+DfRsIyYPTAQ+fuxk08E3/tpChVWoog4XQvod61wcUO1/nhoTGNKZZOhN5uhKWJWb
+1futz+XxV2QxTCyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHSlcxgh3gxgVag1JvAk
+zbHlgMbEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiA9Ee47PnxqW0QmELB+
+dd90Fz8wcQFZlNmkPW4Oq2xr/wIgGlxfutQq7l3TU5hyyO0Lh01AHn2DC5KPFPwE
+l8S9VeY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBETAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJvlQKB
+gJZ+Tysa6iwhllPXCeJrkan6WUm+oqOIY02/SpI5Mba1Kwg73Fsswx3Eywt8sxA2
+4fiaqwg+xZoil06jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM/udZ1ib8qDfShdfdfX
+8gL6w7VMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA6kK7vAYF2TPXzywn
++SDLsiGbU6Sj8aTtsJZf9DmhKr4CIQCt4FfI7IWinqNlURXe4HSBPsekcQkOpwjK
+PuJRx3fuFw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBEjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMTkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEerejCw
+gAy7GecLVbQw6eL8k1cGWwLt+wl3sn8he8fA0I+KoFfcOCgtvOF59RMXnjZ1+7OC
+kz3mNDVSbKY6KO2jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM0OUOtOKTcTMRXGQwbw
+GOoLCOEYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAziPsm2dArB/3ILqm
+04mZl8/DX6dB4EmU+FPF2UpAeLwCIQCofc27tisg3L1mPNeiwZ26+rDe5SdixiUc
+S3KWOJ1cTg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBEzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAxOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPmB5spr
+C64/21ssufcbshGnQtAWbk2o2l+ej6pMMPIZhmNyvM450L3dFX12UBNcaERCABmr
+BEJL7IubGWE9CVOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJCh/1mh0Hl2+LE0osUv
+OJCmV3IYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAtxMIkO4xCRSQCU6d
+0jt+Go4xj/R4bQFWbZrlS9+fYUECICuWAgT3evhoo34o04pU84UaYOvO5V0GJsTt
+hrS1v3hT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBFDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHdvTDYo
+M/padIV3LdTnrzwMy1HSTeJ2aTUalkVV17uL2i3C51rWM2pl+qlRordq6W2GboMz
+/+78HhKMcCrMWKCjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAbZN0eSPw3MyvWIEix6
+GnYRIiFkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAlaapLXHwGNkeEwc0
+jsY2XhuR3RlVhD4T2k/QyJRQ0s0CIQD5E+e+5QTe5s+534Lwcxe2iFb3oFm+8g81
+OBVtfmSMGg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBFTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTu8R5Y
+7Po4W05hWperfod6mXezwWgAVk2RW2EG2vy4NeZeML2EFhg2geNc6N5Goep9t7pn
+d+BtORRvR75oCDijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNs0d2vXsRj3YYsBrWDo
+jrvcEA+eMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBB603Ui+L60FcUWPrB
+Ch06hmgle2u0P07Go/XjTk00ZQIhALGhNArJFEY0gu+XUtyKEZt7BZ0/sh5dtLDP
+xkRgR6Wh
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBFjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPXpzC9/
+KGblQyjhdcS0a8KBPAiS7c0n+V0i9JItbyze38Ncrctp0wIGHZLjRoB4DZYX1I8e
+K5C7KVeUPEE9eOGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFISsw9orkX/cBVWcK5KA
+//kldz8HMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA1gazdApLS91ql8Am
+4gb4Ku7Lgll4jV+BrLkbABE2cI0CIQCEH1GUJ6ARJB1GdcHrPyaLgeZ5jV2p63UW
+UV2QL6aETA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBFzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKdweprb
+RZmuUk4og1Xa9Skb1vu7jsLozlm9CtDhKLbJ+cDX/VeKj/b8FuvakBO3L1QV5XU0
+iFswsIVBVZ3m+TyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPgcEbHfKHt0o/PCS0kD
+XWW9XkqMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA9XDj0w5qMS/tLlr9
+Z2j8JtVR4M7pF/Wx2U43vmPFJEACIBAlAiUnCm1Nfj16t2cojrW+m2t1cU80ihmj
+Ld1U+dRD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICETCCAbigAwIBAgIBGDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAq2PphK
+4oVsc+ml3zskBLiMa+dz64k+PrrfKIGSG2Ri5Du/orj0dO9639LeCkkMwWpXAfSx
+wxHHQX0I1KwsudGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEqcfkso+ynKq2eFaJy8
+mzNBdN2PMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiBZ71jDD33HFFqMkLAW
+gTAGMmzh9b/vZ8jAclPDKHRghQIgf2GBOF1eEF8Ino9F1n1ia5c3EryvXnvVoklw
+cjMIQ5g=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBGTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJRoDkj7
+iDlIygt4YmMgw4pizu2sx4436MGtw5fFHhjy7T+pPMGjYFg3dixxUOu1NHORpdJq
+8Y7SN8p8Y0XsDpijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOutMoKSOv5lEGZaqYZM
+zNFwpX3KMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAks62lsAHmN6xkZsF
+6ocGONpH/XmHLpoO6RfMoRCnWkICIFNFD+W6pSSvdDB96sn8jnZ7W/Y0hyLzscBO
+WtkzqqJJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBGjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE3seRj5
+LVNKi9sZk7qv5cBVUG8BLXXfDRUhCUzT10YAU1J0yd2wmLTbwPyYm65GaecvAHSR
+SExOzX6bC35nNt6jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNx5XhDdoflDgPrW/HyU
+tCokuJ0AMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEApAQVb0KQedyAw1SJ
+J8At4uxxm2b8W13s6ENapxw+lwwCIQC7326NFPsDjbfBKhFDQhCIMkAkYq2wzRJ7
+ubTwkdT19g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBGzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC+FQF2E
+TrZ4YGNyxFxzpTQBjlu9QUrwgHzabAn47toqRkWUGAS68jBfSdR+j2c7/oehQHhO
+relHcbQilhZnh4ijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIOlwsa4FjZWhzQYTAY3
+c2TSYhsEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAwxNBi+8baAU76yng
++XvMpY62aqPO4bAe/uedaxBb2jMCIQDJHXqibgIAm1T4/YHimllVlLQudQL5OkbF
+Krj3uVHtBg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBHDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMjkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmhjGvk
+C3QfSVdY5zuHEY4Rf3eKVro6vcKymgdBPFjjDggZNktR3OMnayCabJB51g2VL7Fg
+MegdwzJWzPvQreyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEvevGIfitXek0IStYIR
+5ne2SkJwMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBzlv0TggDJWUWx0UHl
+cqxuMpoNdy+ifizQIlcjWcrzvgIhAJdQfkPaZdc4/j/HfGaVNN9InJuBWGrPYU6A
+iwsSB0jY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEzCCAbigAwIBAgIBHTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMzAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAyOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCrC5p+Z
+ywMukm1LRuXeJ5V1M6V+8A8PjqB3tgHVeEn973HOfia8lt2/7EoKaLKzP8A7D3eC
+aBJUmTgHauaolYOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGG5D5h1FRA+aZMbSXfZ
+Mp8pjYUEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAnI2IhyXtBCRiv+Xs
+EzsO497oVf1U8SJiVR8SaEx0gzgCIQC0+un/Hcb0OWvpvoeHKcRi7e8SZkX+vn2i
+u+KsPqlfzA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBHjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAzMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHg1qbhT
+bpV0agLQkk6di7EdwrrqIn7yCiBCfPwoDI7czY1bHwkR2E8EdrG4ZLBHHFXYNHau
+kEo9nueljxbA6MGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGXSqDk/Zov8a62kkXDr
+8YhtqdkTMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA1D2Fm3D8REQtj8o4
+ZrnDyWam0Rx6cEMsvmeoafOBUeUCIBW0IoUYmF46faRQWKN7R8wnvbjUw0bxztzy
+okUR5Pma
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEjCCAbigAwIBAgIBHzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg
+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV
+BAMTDFBvbGljeSBDQSAzMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIwGMmHl
+/QJSpu6KHakSe4gkf3L+NpsrtQpxu6sNfmSjO++dGv6sj2v3+DZNeyagVUJRVHaD
+IZzpoyVVrBBO6vijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA+f9g1sP2kM5sOT/8Ge
+IDKq5FcUMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG
+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD
+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAvQlbAmF3pS041Zo2
+eHrxMO3j8thB+XqHU8RatCZ60WACIG1vUFPH7UwzTTann7Sgp4s+Gd/jLOkrJnEk
+W3De9dSX
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/recipes/80-test_policy_tree_data/small_leaf.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmjCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE
+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER7oh
+z+MnwilNhyEB2bZTuYBpeiwW4QlpYZU6b/8uWOldyMXCaPmaXwY60nrMznfFJX6F
+h8dC6XIzvQmjUMdSoqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t
+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49
+BAMCA0kAMEYCIQC2km5juUULIRYsRgHuLFEiABBR0pDAyTbl9LRjlkSeEQIhAO9b
+ye60dMNbhY1OOzrr4mDRv0tuNmbGBErcFs61YZkC
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/recipes/80-test_policy_tree_data/small_policy_tree.pem
@@ -0,0 +1,70 @@
+-----BEGIN CERTIFICATE-----
+MIICETCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQu7GyNFjN6
+Sqwk1CZAt+lzTC/Us6ZkO5nsmb8yAuPb6RJ0A2LvUbsmZea+UyBFq3VuEbbuCoeE
+KRbKkS6wefAzo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQkJvfn8gFHIXVTBJ4hrtP
+ypA9QTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhALn6/b3H+jLusJE5QiaS
+PiwrLcl+NDguWCnxo0c6AfduAiEApkXUN+7vRfXeFFd9CfA1BnTW3eUzBOsukZoN
+zaj+utk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+p+A+K6MI
+R3eVP/+2O7lam32HU10frEKpyQslZAabYJwkc9iq5WatMbTMPQibuOIWHFl02uJ8
+cxGKy/Hke8P5o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSSOt6HCXw+L/4uzJsInqqA
+XrWt8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgS/vh3osFy+q1MLuVnAdg
+gMINfiIJw1+3zbYsJYlNhWgCICu6Qgzee4NwIrJagcdVA0RAfnCOo6wfvikpl0ts
+EepA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQONHKgpAJ6
+vE41FYBekpLzybpBQp/gUmgRPKrcL0z4lLTDjCG3j6yIbZma8u2bPM1MBXw5otZ7
+xVFhQ1AkZIOco4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ69465BL89BXORf4sSnneU
+exkm0jAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPK9PqPxgme9x6TPFh2z
+vv+qVEM2WxOTdRKOPgUYzCp9AiBl8qO3szv5jNDzb0fRIqVp37v9yBjWcgO9Wl02
+QDCpGw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICETCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASLrUP7BFi7
++LE2uDVCZ2Z2HK6BpL/kjBbwKkLxlJe+LqNolzu53b8+WtHwrvPPVkD9t3KMdWXU
+K7NtHYgXUz07o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS0kaY2oJVEBLtjkqI8pXsv
+eqm3VDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAJuTMvMUda4Y29V1Tm5O
+jCqBThR2NwdQfnET1sjch3Q7AiEA7nEudfXKMljjz608aWtafTkw5V5I2/SbuUKr
+vjprfIo=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ9RuYVzUGB
+FkAEM9kHe9xynDo/NcsiaAO3+E2u7jJQQN50d6hVEDHf9961omldhKhP4HTNfhqj
+VMIHKGMhXCgKo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVrjWaVjkfMpilq5tGZ4zZ
+iJtaSDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPVgPpACX2ylQMEMSntw
+izxKHTSPhXuF6IHhNHRz7KFnAiB8y/QcF7N2iXNZEqffWSkVted/XOw3Xrck0sJ6
+4eXNcw==
+-----END CERTIFICATE-----

239
openssl-CVE-2023-0465.patch Normal file
View file

@ -0,0 +1,239 @@
From d62826121bd53b1b9f51d094729843dba36d11f1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2023 15:22:40 +0000
Subject: [PATCH 1/5] Generate some certificates with the certificatePolicies
extension
Related-to: CVE-2023-0465
---
CHANGES.md | 12 ++++++++++++
NEWS.md | 5 +++++
crypto/x509/x509_vfy.c | 12 ++++++++++--
test/certs/ca-pol-cert.pem | 19 +++++++++++++++++++
test/certs/ee-cert-policies-bad.pem | 20 ++++++++++++++++++++
test/certs/ee-cert-policies.pem | 20 ++++++++++++++++++++
test/certs/mkcert.sh | 9 +++++++--
test/certs/setup.sh | 6 ++++++
test/recipes/25-test_verify.t | 13 ++++++++++++-
9 files changed, 111 insertions(+), 5 deletions(-)
create mode 100644 test/certs/ca-pol-cert.pem
create mode 100644 test/certs/ee-cert-policies-bad.pem
create mode 100644 test/certs/ee-cert-policies.pem
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,12 +30,22 @@ breaking changes, and mappings for the l
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
+ * Fixed an issue where invalid certificate policies in leaf certificates are
+ silently ignored by OpenSSL and other certificate policy checks are skipped
+ for that certificate. A malicious CA could use this to deliberately assert
+ invalid certificate policies in order to circumvent policy checking on the
+ certificate altogether.
+ ([CVE-2023-0465])
+
+ *Matt Caswell*
+
* Limited the number of nodes created in a policy tree to mitigate
against CVE-2023-0464. The default limit is set to 1000 nodes, which
should be sufficient for most installations. If required, the limit
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
time define to a desired maximum number of nodes or zero to allow
unlimited growth.
+ ([CVE-2023-0464])
*Paul Dale*
@@ -19587,6 +19597,8 @@ ndif
<!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,9 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+ * Fixed handling of invalid certificate policies in leaf certificates
+ ([CVE-2023-0465])
+ * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
* Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
* Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
@@ -1430,6 +1433,8 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *
goto memerr;
/* Invalid or inconsistent extensions */
if (ret == X509_PCY_TREE_INVALID) {
- int i;
+ int i, cbcalled = 0;
/* Locate certificates with bad extensions and notify callback. */
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
X509 *x = sk_X509_value(ctx->chain, i);
+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
+ cbcalled = 1;
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
}
+ if (!cbcalled) {
+ /* Should not be able to get here */
+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* The callback ignored the error so we return success */
return 1;
}
if (ret == X509_PCY_TREE_FAILURE) {
--- /dev/null
+++ b/test/certs/ca-pol-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTIzMDMwODEyMjMxNloYDzIxMjMwMzA5MTIyMzE2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaN7MHkwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8GA1UdIwQYMBaAFI71Ja8em2uE
+PXyAmslTnE1y96NSMBkGA1UdIAQSMBAwDgYMKwYBBAGBgVy8+0cBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBbE+MO9mewWIUY2kt85yhl0oZtvVxbn9K2Hty59ItwJGRNfzx7
+Ge7KgawkvNzMOXmj6qf8TpbJnf41ZLWdRyVZBVyIwrAKIVw1VxfGh8aEifHKN97H
+unZkBPcUkAhUJSiC1BOD/euaMYqOi8QwiI702Q6q1NBY1/UKnV/ZIBLecnqfj9vZ
+7T0wKxrwGYBztP4pNcxCmBoD9Dg+Dx3ZElo0WXyO4SOh/BgrsKJHKyhbuTpjrI/g
+DhcINRp6+lIzuFBtJ67+YXnAEspb3lKMk0YL/LXrCNF2scdmNfOPwHi+OKBqt69C
+9FJyWFEMxx2qm/ENE9sbOswgJRnKkaAqHBHx
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/certs/ee-cert-policies-bad.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMzAzMDgxMjIzMzJaGA8yMTIzMDMwOTEyMjMzMlowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjgakwgaYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H
+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w
+bGUwKQYDVR0gBCIwIDAOBgwrBgEEAYGBXLz7RwEwDgYMKwYBBAGBgVy8+0cBMA0G
+CSqGSIb3DQEBCwUAA4IBAQArwtwNO++7kStcJeMg3ekz2D/m/8UEjTA1rknBjQiQ
+P0FK7tNeRqus9i8PxthNWk+biRayvDzaGIBV7igpDBPfXemDgmW9Adc4MKyiQDfs
+YfkHi3xJKvsK2fQmyCs2InVDaKpVAkNFcgAW8nSOhGliqIxLb0EOLoLNwaktou0N
+XQHmRzY8S7aIr8K9Qo9y/+MLar+PS4h8l6FkLLkTICiFzE4/wje5S3NckAnadRJa
+QpjwM2S6NuA+tYWuOcN//r7BSpW/AZKanYWPzHMrKlqCh+9o7sthPd72+hObG9kx
+wSGdzfStNK1I1zM5LiI08WtXCvR6AfLANTo2x1AYhSxF
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/certs/ee-cert-policies.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMzAzMDgxMjIzMjNaGA8yMTIzMDMwOTEyMjMyM1owGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjgZkwgZYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H
+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w
+bGUwGQYDVR0gBBIwEDAOBgwrBgEEAYGBXLz7RwEwDQYJKoZIhvcNAQELBQADggEB
+AGbWslmAAdMX3+5ChcnFrX+NqDGoyhb3PTgWdtlQB5qtWdIt4rSxN50OcQxFTX0D
+QOBabSzR0DDKrgfBe4waL19WsdEvR9GyO4M7ASze/A3IEZue9C9k0n7Vq8zDaAZl
+CiR/Zqo9nAOuhKHMgmC/NjUlX7STv5pJVgc4SH8VEKmSRZDmNihaOalUtK5X8/Oa
+dawKxsZcaP5IKnOEPPKjtVNJxBu5CXywJHsO0GcoDEnEx1/NLdFoJ6WFw8NuTyDK
+NGLq2MHEdyKaigHQlptEs9bXyu9McJjzbx0uXj3BenRULASreccFej0L1RU6jDlk
+D3brBn24UISaFRZoB7jsjok=
+-----END CERTIFICATE-----
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -119,11 +119,12 @@ genca() {
local OPTIND=1
local purpose=
- while getopts p: o
+ while getopts p:c: o
do
case $o in
p) purpose="$OPTARG";;
- *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2
+ c) certpol="$OPTARG";;
+ *) echo "Usage: $0 genca [-p EKU][-c policyoid] cn keyname certname cakeyname cacertname" >&2
return 1;;
esac
done
@@ -146,6 +147,10 @@ genca() {
if [ -n "$NC" ]; then
exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
fi
+ if [ -n "$certpol" ]; then
+ exts=$(printf "%s\ncertificatePolicies = %s\n" "$exts" "$certpol")
+ fi
+
csr=$(req "$key" "CN = $cn") || return 1
echo "$csr" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -440,3 +440,9 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed44
# critical id-pkix-ocsp-no-check extension
./mkcert.sh geneeextra server.example ee-key ee-cert-ocsp-nocheck ca-key ca-cert "1.3.6.1.5.5.7.48.1.5=critical,DER:05:00"
+
+# certificatePolicies extension
+./mkcert.sh genca -c "1.3.6.1.4.1.16604.998855.1" "CA" ca-key ca-pol-cert root-key root-cert
+./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1"
+# We can create a cert with a duplicate policy oid - but its actually invalid!
+./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1"
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 164;
+plan tests => 166;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -516,3 +516,14 @@ SKIP: {
ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])),
'Mixed key + cert file test');
}
+
+# Certificate Policies
+ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"],
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
+ "-explicit_policy"),
+ "Certificate policy");
+
+ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
+ "-explicit_policy"),
+ "Bad certificate policy");

81
openssl-CVE-2023-0466.patch Normal file
View file

@ -0,0 +1,81 @@
From f079bca52e6abf58d32cc003f32a3ab3c6781f44 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 21 Mar 2023 16:15:47 +0100
Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
The function was incorrectly documented as enabling policy checking.
Fixes: CVE-2023-0466
---
CHANGES.md | 8 ++++++++
NEWS.md | 2 ++
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
3 files changed, 17 insertions(+), 2 deletions(-)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,13 @@ breaking changes, and mappings for the l
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
+ * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
+ that it does not enable policy checking. Thanks to David Benjamin for
+ discovering this issue.
+ ([CVE-2023-0466])
+
+ *Tomáš Mráz*
+
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are skipped
for that certificate. A malicious CA could use this to deliberately assert
@@ -19597,6 +19604,7 @@ ndif
<!-- Links -->
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+ * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
* Fixed handling of invalid certificate policies in leaf certificates
([CVE-2023-0465])
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
@@ -1433,6 +1434,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -98,8 +98,9 @@ B<trust>.
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
B<t>. Normally the current time is used.
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
-by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
+Contrary to preexisting documentation of this function it does not enable
+policy checking.
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
by default) and sets the acceptable policy set to B<policies>. Any existing
@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() fu
The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
+enabling policy checking however the implementation has never done this.
+The documentation was changed to align with the implementation.
+
=head1 COPYRIGHT
Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.

85
openssl-CVE-2023-1255.patch Normal file
View file

@ -0,0 +1,85 @@
From 72dfe46550ee1f1bbfacd49f071419365bc23304 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 17 Apr 2023 16:51:20 +0200
Subject: [PATCH] aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
Original author: Nevine Ebeid (Amazon)
Fixes: CVE-2023-1255
The buffer overread happens on decrypts of 4 mod 5 sizes.
Unless the memory just after the buffer is unmapped this is harmless.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20759)
---
CHANGES.md | 10 ++++++++++
NEWS.md | 3 +++
crypto/aes/asm/aesv8-armx.pl | 4 +++-
3 files changed, 16 insertions(+), 1 deletion(-)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,15 @@ breaking changes, and mappings for the l
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
+ happens if the buffer size is 4 mod 5. This can trigger a crash of an
+ application using AES-XTS decryption if the memory just after the buffer
+ being decrypted is not mapped.
+ Thanks to Anton Romanov (Amazon) for discovering the issue.
+ ([CVE-2023-1255])
+
+ *Nevine Ebeid*
+
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to David Benjamin for
discovering this issue.
@@ -19604,6 +19613,7 @@ ndif
<!-- Links -->
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,8 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
+ ([CVE-2023-1255])
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
* Fixed handling of invalid certificate policies in leaf certificates
([CVE-2023-0465])
@@ -1434,6 +1436,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
.align 4
.Lxts_dec_tail4x:
add $inp,$inp,#16
- vld1.32 {$dat0},[$inp],#16
+ tst $tailcnt,#0xf
veor $tmp1,$dat1,$tmp0
vst1.8 {$tmp1},[$out],#16
veor $tmp2,$dat2,$tmp2
@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
veor $tmp4,$dat4,$tmp4
vst1.8 {$tmp3-$tmp4},[$out],#32
+ b.eq .Lxts_dec_abort
+ vld1.32 {$dat0},[$inp],#16
b .Lxts_done
.align 4
.Lxts_outer_dec_tail:

121
openssl-CVE-2023-2650.patch Normal file
View file

@ -0,0 +1,121 @@
From ceeda53145a4bd32ec564d506adc7aac96ebd27c Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 12 May 2023 10:00:13 +0200
Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
---
CHANGES.md | 27 +++++++++++++++++++++++++++
NEWS.md | 4 ++++
crypto/objects/obj_dat.c | 19 +++++++++++++++++++
3 files changed, 50 insertions(+)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,32 @@ breaking changes, and mappings for the l
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
+ * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
+ OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
+
+ OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+ numeric text form. For gigantic sub-identifiers, this would take a very
+ long time, the time complexity being O(n^2) where n is the size of that
+ sub-identifier. ([CVE-2023-2650])
+
+ To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
+ IDENTIFIER to canonical numeric text form if the size of that OBJECT
+ IDENTIFIER is 586 bytes or less, and fail otherwise.
+
+ The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
+ IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
+ most 128 sub-identifiers, and that the maximum value that each sub-
+ identifier may have is 2^32-1 (4294967295 decimal).
+
+ For each byte of every sub-identifier, only the 7 lower bits are part of
+ the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
+ these restrictions may occupy is 32 * 128 / 7, which is approximately 586
+ bytes.
+
+ Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+
+ *Richard Levitte*
+
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5. This can trigger a crash of an
application using AES-XTS decryption if the memory just after the buffer
@@ -19613,6 +19639,7 @@ ndif
<!-- Links -->
+[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,8 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+ * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
+ IDENTIFIER sub-identities. ([CVE-2023-2650])
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
([CVE-2023-1255])
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
@@ -1436,6 +1438,8 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+
+[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len,
first = 1;
bl = NULL;
+ /*
+ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+ *
+ * > 3.5. OBJECT IDENTIFIER values
+ * >
+ * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+ * > numbers. For the SMIv2, each number in the list is referred to as a
+ * > sub-identifier, there are at most 128 sub-identifiers in a value,
+ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+ * > decimal).
+ *
+ * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+ * i.e. 586 bytes long.
+ *
+ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+ */
+ if (len > 586)
+ goto err;
+
while (len > 0) {
l = 0;
use_bn = 0;

57
openssl-CVE-2023-2975.patch Normal file
View file

@ -0,0 +1,57 @@
From 00e2f5eea29994d19293ec4e8c8775ba73678598 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 4 Jul 2023 17:30:35 +0200
Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode
The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.
The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.
Fixes CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
---
.../implementations/ciphers/cipher_aes_siv.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index 45010b90db..b396c8651a 100644
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
if (!ossl_prov_is_running())
return 0;
- if (inl == 0) {
- *outl = 0;
- return 1;
- }
+ /* Ignore just empty encryption/decryption call and not AAD. */
+ if (out != NULL) {
+ if (inl == 0) {
+ if (outl != NULL)
+ *outl = 0;
+ return 1;
+ }
- if (outsize < inl) {
- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
- return 0;
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
}
if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
--
2.34.1

60
openssl-CVE-2023-3446-test.patch Normal file
View file

@ -0,0 +1,60 @@
From 8a62fd996cb1c22383ec75b4155d54dec4a1b0ee Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 7 Jul 2023 14:39:48 +0100
Subject: [PATCH] Add a test for CVE-2023-3446
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b)
---
test/dhtest.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/test/dhtest.c b/test/dhtest.c
index 7b587f3cfa8f..f8dd8f3aa722 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -73,7 +73,7 @@ static int dh_test(void)
goto err1;
/* check fails, because p is way too small */
- if (!DH_check(dh, &i))
+ if (!TEST_true(DH_check(dh, &i)))
goto err2;
i ^= DH_MODULUS_TOO_SMALL;
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
@@ -124,6 +124,17 @@ static int dh_test(void)
/* We'll have a stale error on the queue from the above test so clear it */
ERR_clear_error();
+ /* Modulus of size: dh check max modulus bits + 1 */
+ if (!TEST_true(BN_set_word(p, 1))
+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
+ goto err3;
+
+ /*
+ * We expect no checks at all for an excessively large modulus
+ */
+ if (!TEST_false(DH_check(dh, &i)))
+ goto err3;
+
/*
* II) key generation
*/
@@ -138,7 +149,7 @@ static int dh_test(void)
goto err3;
/* ... and check whether it is valid */
- if (!DH_check(a, &i))
+ if (!TEST_true(DH_check(a, &i)))
goto err3;
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)

71
openssl-CVE-2023-3446.patch Normal file
View file

@ -0,0 +1,71 @@
From 1fa20cf2f506113c761777127a38bce5068740eb Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 6 Jul 2023 16:36:35 +0100
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.
There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.
An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().
CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
---
crypto/dh/dh_check.c | 6 ++++++
include/openssl/dh.h | 6 +++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 0b391910d6b3..84a926998e9b 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
if (nid != NID_undef)
return 1;
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
if (!DH_check_params(dh, ret))
return 0;
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index b97871eca7fa..36420f51d89e 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
# include <openssl/dherr.h>
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
+
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
# endif
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024

64
openssl-DEFAULT_SUSE_cipher.patch Normal file
View file

@ -0,0 +1,64 @@
Index: openssl-3.0.0-alpha7/ssl/ssl_ciph.c
===================================================================
--- openssl-3.0.0-alpha7.orig/ssl/ssl_ciph.c
+++ openssl-3.0.0-alpha7/ssl/ssl_ciph.c
@@ -1592,7 +1592,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
ok = 1;
rule_p = rule_str;
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+ &head, &tail, ca_list, c);
+ rule_p += 12;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
&head, &tail, ca_list, c);
rule_p += 7;
Index: openssl-3.0.0-alpha7/test/recipes/99-test_suse_default_ciphers.t
===================================================================
--- /dev/null
+++ openssl-3.0.0-alpha7/test/recipes/99-test_suse_default_ciphers.t
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT/;
+use OpenSSL::Test::Utils;
+
+setup("test_default_ciphersuites");
+
+plan tests => 6;
+
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
+
+foreach my $cipherlist (@cipher_suites) {
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
+ "openssl ciphers works with ciphersuite $cipherlist");
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
+ "$cipherlist should contain TLSv1.3 ciphers\n");
+}
+
Index: openssl-3.0.0-alpha7/include/openssl/ssl.h.in
===================================================================
--- openssl-3.0.0-alpha7.orig/include/openssl/ssl.h.in
+++ openssl-3.0.0-alpha7/include/openssl/ssl.h.in
@@ -189,6 +189,11 @@ extern "C" {
*/
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
/*
* This is the default set of TLSv1.3 ciphersuites
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()

42
openssl-Override-default-paths-for-the-CA-directory-tree.patch Normal file
View file

@ -0,0 +1,42 @@
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:17:26 +0200
Subject: Override default paths for the CA directory tree
Also add default section to load crypto-policies configuration
for TLS.
It needs to be reverted before running tests.
(was openssl-1.1.1-conf-paths.patch)
---
apps/openssl.cnf | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
Index: openssl-3.0.1/apps/openssl.cnf
===================================================================
--- openssl-3.0.1.orig/apps/openssl.cnf
+++ openssl-3.0.1/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
# List of providers to load
[provider_sect]
@@ -71,6 +73,13 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]

13
openssl-no-date.patch Normal file
View file

@ -0,0 +1,13 @@
Index: openssl-1.1.1-pre1/util/mkbuildinf.pl
===================================================================
--- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl 2018-02-13 16:31:28.011389734 +0100
+++ openssl-1.1.1-pre1/util/mkbuildinf.pl 2018-02-13 16:31:51.539764582 +0100
@@ -28,7 +28,7 @@ print <<"END_OUTPUT";
*/
#define PLATFORM "platform: $platform"
-#define DATE "built on: $date"
+#define DATE ""
/*
* Generate compiler_flags as an array of individual characters. This is a

22
openssl-pkgconfig.patch Normal file
View file

@ -0,0 +1,22 @@
Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.1-pre3.orig/Configurations/unix-Makefile.tmpl 2018-03-20 15:20:03.037124698 +0100
+++ openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl 2018-03-20 15:21:04.206084731 +0100
@@ -843,7 +843,7 @@ libcrypto.pc:
echo 'Version: '$(VERSION); \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(LIB_EX_LIBS)'; \
- echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc
libssl.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -860,7 +860,7 @@ libssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
- echo 'Cflags: -I$${includedir}' ) > libssl.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libssl.pc
openssl.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \

32
openssl-ppc64-config.patch Normal file
View file

@ -0,0 +1,32 @@
Index: openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
===================================================================
--- openssl-3.0.0-alpha5.orig/util/perl/OpenSSL/config.pm
+++ openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
@@ -525,14 +525,19 @@ EOF
return { target => "linux-ppc64" } if $KERNEL_BITS eq '64';
my %config = ();
- if (!okrun('echo __LP64__',
- 'gcc -E -x c - 2>/dev/null',
- 'grep "^__LP64__" 2>&1 >/dev/null') ) {
- %config = ( cflags => [ '-m32' ],
- cxxflags => [ '-m32' ] );
- }
- return { target => "linux-ppc",
- %config };
+ # ##
+ # if (!okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null', 'grep "^__LP64__" 2>&1 >/dev/null') ) { %config = ( cflags => [ '-m32' ], cxxflags => [ '-m32' ] ); }
+ # return { target => "linux-ppc",
+ # %config };
+ # ##
+ if (okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null',
+ 'grep "^__LP64__" 2>&1 >/dev/null') )
+ {
+ return { target => "linux-ppc", %config };
+ } else {
+ return { target => "linux-ppc64", %config };
+ }
+ ##
}
],
[ 'ppc64le-.*-linux2', { target => "linux-ppc64le" } ],

17
openssl-truststore.patch Normal file
View file

@ -0,0 +1,17 @@
Don't use the legacy /etc/ssl/certs directory anymore but rather the
p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
Index: openssl-1.1.1-pre1/include/internal/cryptlib.h
===================================================================
--- openssl-1.1.1-pre1.orig/include/internal/cryptlib.h 2018-02-13 14:48:12.000000000 +0100
+++ openssl-1.1.1-pre1/include/internal/cryptlib.h 2018-02-13 16:30:11.738161984 +0100
@@ -59,8 +59,8 @@ DEFINE_LHASH_OF(MEM);
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
-# define X509_CERT_DIR OPENSSLDIR "/certs"
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+# define X509_CERT_DIR "/var/lib/ca-certificates/openssl"
+# define X509_CERT_FILE "/var/lib/ca-certificates/ca-bundle.pem"
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf"
# else

127
openssl-use-versioned-config.patch Normal file
View file

@ -0,0 +1,127 @@
From 300d2b56166aee85d9ce4c1275da1ad79c876e31 Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Tue, 5 Oct 2021 12:10:42 +0200
Subject: [PATCH] Updates the conf file to openssl11.cnf Resolves:
rhbz#1947584, rhbz#2003123 Signed-off-by: Sahana Prasad <sahana@redhat.com>
Refactored for SUSE by Simon Lees sflees@suse.de
Index: openssl-3.0.2/include/internal/cryptlib.h
===================================================================
--- openssl-3.0.2.orig/include/internal/cryptlib.h
+++ openssl-3.0.2/include/internal/cryptlib.h
@@ -61,7 +61,7 @@ DEFINE_STACK_OF(EX_CALLBACK)
typedef struct mem_st MEM;
DEFINE_LHASH_OF(MEM);
-# define OPENSSL_CONF "openssl.cnf"
+# define OPENSSL_CONF "openssl3.cnf"
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
Index: openssl-3.0.2/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.0.2.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.0.2/Configurations/unix-Makefile.tmpl
@@ -675,14 +675,14 @@ install_ssldirs:
: {- output_on() if windowsdll(); "" -}; \
fi; \
done
- @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
- @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
- @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
- @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
- @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
- $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
- cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
- chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
+ @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf.dist"
+ @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf.new
+ @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf.new
+ @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf.dist
+ @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl3.cnf" ]; then \
+ $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf"; \
+ cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf; \
+ chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl3.cnf; \
fi
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
@cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
@@ -1136,7 +1136,7 @@ lint:
generate_apps:
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
- < apps/openssl.cnf > apps/openssl-vms.cnf )
+ < apps/openssl3.cnf > apps/openssl-vms.cnf )
generate_crypto_bn:
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
@@ -1374,7 +1374,7 @@ tar:
# Helper targets #####################################################
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl.cnf
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl3.cnf
$(BLDDIR)/util/opensslwrap.sh: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
@@ -1382,7 +1382,7 @@ $(BLDDIR)/util/opensslwrap.sh: Makefile
ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
fi
-$(BLDDIR)/apps/openssl.cnf: Makefile
+$(BLDDIR)/apps/openssl3.cnf: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
mkdir -p "$(BLDDIR)/apps"; \
ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
Index: openssl-3.0.2/Configure
===================================================================
--- openssl-3.0.2.orig/Configure
+++ openssl-3.0.2/Configure
@@ -56,7 +56,7 @@ EOF
# directories bin, lib, include, share/man, share/doc/openssl
# This becomes the value of INSTALLTOP in Makefile
# (Default: /usr/local)
-# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys.
+# --openssldir OpenSSL data area, such as openssl3.cnf, certificates and keys.
# If it's a relative directory, it will be added on the directory
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
Index: openssl-3.0.2/doc/HOWTO/certificates.txt
===================================================================
--- openssl-3.0.2.orig/doc/HOWTO/certificates.txt
+++ openssl-3.0.2/doc/HOWTO/certificates.txt
@@ -16,7 +16,7 @@ Certificate authorities should read http
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
/usr/local/ssl/ or somewhere else. By default the file is named
-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
+openssl3.cnf and is described at https://www.openssl.org/docs/apps/config.html.
You can specify a different configuration file using the
'-config {file}' argument with the commands shown below.
Index: openssl-3.0.2/doc/man3/OPENSSL_config.pod
===================================================================
--- openssl-3.0.2.orig/doc/man3/OPENSSL_config.pod
+++ openssl-3.0.2/doc/man3/OPENSSL_config.pod
@@ -17,7 +17,7 @@ see L<openssl_user_macros(7)>:
=head1 DESCRIPTION
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
+OPENSSL_config() configures OpenSSL using the standard B<openssl3.cnf> and
reads from the application section B<appname>. If B<appname> is NULL then
the default section, B<openssl_conf>, will be used.
Errors are silently ignored.
Index: openssl-3.0.2/INSTALL.md
===================================================================
--- openssl-3.0.2.orig/INSTALL.md
+++ openssl-3.0.2/INSTALL.md
@@ -567,7 +567,7 @@ is an objective.
### no-autoload-config
-Don't automatically load the default `openssl.cnf` file.
+Don't automatically load the default `openssl3.cnf` file.
Typically OpenSSL will automatically load a system config file which configures
default SSL options.

94
openssl.keyring Normal file
View file

@ -0,0 +1,94 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
Comment: Richard Levitte <levitte@lp.se>
Comment: Richard Levitte <levitte@openssl.org>
Comment: Richard Levitte <richard@levitte.org>
xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx
5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl
G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr
94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B
iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD
F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW
Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ
DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH
3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+
y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L
732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB
zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8
PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q
CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt
hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845
+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5
cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA
dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b
6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7
zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66
M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1
DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ
N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb
jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB
AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu
jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX
jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY
TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd
x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv
nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue
W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r
d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy
nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp
G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6
JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI
uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX
lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v
cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ
AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj
h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh
4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd
ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1
C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6
MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA
nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4
+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY
k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9
fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W
3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF
IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD
AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp
5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y
dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl
vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO
e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04
QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5
1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6
u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8
La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0
S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA
zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35
wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw
azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj
U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV
9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk
HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM
el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1
nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt
c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ
Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+
sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh
ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz
5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB
AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr
2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M
oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn
a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5
WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp
zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7
9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3
WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA
WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/
pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7
Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV
/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY=
=1H60
-----END PGP PUBLIC KEY BLOCK-----

27
showciphers.c Normal file
View file

@ -0,0 +1,27 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
int main() {
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int i;
const char *p;
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
return 1;
ssl = SSL_new(ctx);
if (ssl == NULL)
return 1;
sk = SSL_get_ciphers(ssl);
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
printf("%s\n", p);
}
return 0;
}