From a571c9c58d7204312b338590ccbc2e8ea931d1c9 Mon Sep 17 00:00:00 2001 From: Jin Jiu Date: Tue, 26 Sep 2023 22:54:24 +0800 Subject: [PATCH 1/7] Move the EC_POINT_from_string to ec_lib.c to make it more generic. --- .github/workflows/ci.yml | 2 +- Configure | 7 +++++ crypto/ec/ec_elgamal_crypt.c | 55 ----------------------------------- crypto/ec/ec_lib.c | 56 ++++++++++++++++++++++++++++++++++++ crypto/zkp/common/zkp_util.h | 2 -- include/openssl/ec.h | 24 +++++++++------- util/libcrypto.num | 2 +- 7 files changed, 78 insertions(+), 70 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1c45718c..4334e66a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -256,7 +256,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: config - run: CC=clang ./config --strict-warnings enable-ssl-trace enable-zlib enable-zlib-dynamic enable-fips enable-ec_elgamal enable-twisted_ec_elgamal enable-paillier && perl configdata.pm --dump + run: CC=clang ./config --strict-warnings enable-ssl-trace enable-zlib enable-zlib-dynamic enable-ec_elgamal enable-twisted_ec_elgamal enable-paillier && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/Configure b/Configure index 9e8ead4ee..2067a6680 100755 --- a/Configure +++ b/Configure @@ -1125,6 +1125,13 @@ if (!defined($disabled{'ec_elgamal'})) { $config{api}=$apitable->{"1.1.1"}; } +if (!defined($disabled{'twisted_ec_elgamal'})) { + die "twisted_ec_elgamal only supports api with 1.1.1\n" + if ($config{api} && $config{api} != $apitable->{"1.1.1"}); + die "twisted_ec_elgamal depends on ec_elgamal\n" + if (defined($disabled{'ec_elgamal'})); +} + if (!defined($disabled{'bulletproofs'})) { die "bulletproofs only supports api with 1.1.1\n" if ($config{api} && $config{api} != $apitable->{"1.1.1"}); diff --git a/crypto/ec/ec_elgamal_crypt.c b/crypto/ec/ec_elgamal_crypt.c index ebfc27f8d..697e47c63 100644 --- a/crypto/ec/ec_elgamal_crypt.c +++ b/crypto/ec/ec_elgamal_crypt.c @@ -9,66 +9,11 @@ #include "ec_elgamal.h" #include -#include #include DEFINE_STACK_OF(EC_KEY) DEFINE_STACK_OF(EC_POINT) -#define HASH_TO_EC_POINT_TRY_COUNT 1000 - -/* - * Functions for convert string to ec_point on the elliptic curve. - * This implementation belongs to the ad-hoc method, but it is also the - * recommended implementation in the mcl library, the google open source project - * and the cryptography conference paper. - * \param group underlying EC_GROUP object - * \param r EC_POINT object for the result - * \param str string pointer - * \param len length of the string - * \return 1 on success and 0 if an error occurred - */ -int EC_POINT_from_string(const EC_GROUP *group, EC_POINT *r, - const unsigned char *str, size_t len) -{ - int ret = 0, i = 0; - unsigned char hash_res[SHA256_DIGEST_LENGTH]; - unsigned char *p = (unsigned char *)str; - BN_CTX *bn_ctx = NULL; - BIGNUM *x; - - memset(hash_res, 0, sizeof(hash_res)); - - if ((bn_ctx = BN_CTX_new_ex(group->libctx)) == NULL) - goto end; - - BN_CTX_start(bn_ctx); - if ((x = BN_CTX_get(bn_ctx)) == NULL) - goto end; - - do { - if (!SHA256(p, len, hash_res)) - goto end; - - BN_bin2bn(hash_res, SHA256_DIGEST_LENGTH, x); - - p = &hash_res[0]; - len = sizeof(hash_res); - - if(EC_POINT_set_compressed_coordinates(group, r, x, 0, bn_ctx) == 1) { - ret = 1; - break; - } - - ERR_clear_error(); - } while (i++ < HASH_TO_EC_POINT_TRY_COUNT); - -end: - BN_CTX_end(bn_ctx); - BN_CTX_free(bn_ctx); - return ret; -} - /** Creates a new EC_ELGAMAL_CTX object * \param key EC_KEY to use * \param h EC_POINT object pointer diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 26a23afad..e92f582db 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -24,6 +24,8 @@ #include "internal/nelem.h" #include "ec_local.h" +#define HASH_TO_EC_POINT_TRY_COUNT 1000 + /* functions for EC_GROUP objects */ EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, @@ -978,6 +980,60 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) return t; } +#ifndef FIPS_MODULE +/* + * Functions for convert string to ec_point on the elliptic curve. + * This implementation belongs to the ad-hoc method, but it is also the + * recommended implementation in the mcl library, the google open source project + * and the cryptography conference paper. + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param str string pointer + * \param len length of the string + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_from_string(const EC_GROUP *group, EC_POINT *r, + const unsigned char *str, size_t len) +{ + int ret = 0, i = 0; + unsigned char hash_res[SHA256_DIGEST_LENGTH]; + unsigned char *p = (unsigned char *)str; + BN_CTX *bn_ctx = NULL; + BIGNUM *x; + + memset(hash_res, 0, sizeof(hash_res)); + + if ((bn_ctx = BN_CTX_new_ex(group->libctx)) == NULL) + goto end; + + BN_CTX_start(bn_ctx); + if ((x = BN_CTX_get(bn_ctx)) == NULL) + goto end; + + do { + if (!SHA256(p, len, hash_res)) + goto end; + + BN_bin2bn(hash_res, SHA256_DIGEST_LENGTH, x); + + p = &hash_res[0]; + len = sizeof(hash_res); + + if(EC_POINT_set_compressed_coordinates(group, r, x, 0, bn_ctx) == 1) { + ret = 1; + break; + } + + ERR_clear_error(); + } while (i++ < HASH_TO_EC_POINT_TRY_COUNT); + +end: + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} +#endif + #ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) { diff --git a/crypto/zkp/common/zkp_util.h b/crypto/zkp/common/zkp_util.h index b0a49551a..f6663e259 100644 --- a/crypto/zkp/common/zkp_util.h +++ b/crypto/zkp/common/zkp_util.h @@ -117,5 +117,3 @@ STACK_OF(EC_POINT) *zkp_stack_of_point_decode(const unsigned char *in, int *len, # endif #endif - - diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 9254b85db..156c4a4b6 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -661,6 +661,19 @@ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); */ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +#ifndef FIPS_MODULE +/* + * Functions for convert string to ec_point on the elliptic curve. + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param str string pointer + * \param len length of the string + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_from_string(const EC_GROUP *group, EC_POINT *r, + const unsigned char *str, size_t len); +#endif + /** Sets a point to infinity (neutral element) * \param group underlying EC_GROUP object * \param point EC_POINT to set to infinity @@ -2050,17 +2063,6 @@ size_t EC_ELGAMAL_MR_CIPHERTEXT_encode(EC_ELGAMAL_MR_CTX *ctx, unsigned char *ou int EC_ELGAMAL_MR_CIPHERTEXT_decode(EC_ELGAMAL_MR_CTX *ctx, EC_ELGAMAL_MR_CIPHERTEXT *r, unsigned char *in, size_t size); -/* - * Functions for convert string to ec_point on the elliptic curve. - * \param group underlying EC_GROUP object - * \param r EC_POINT object for the result - * \param str string pointer - * \param len length of the string - * \return 1 on success and 0 if an error occurred - */ -int EC_POINT_from_string(const EC_GROUP *group, EC_POINT *r, - const unsigned char *str, size_t len); - # endif # endif diff --git a/util/libcrypto.num b/util/libcrypto.num index 7e48891a5..27a7e2693 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5431,7 +5431,7 @@ ENGINE_get_bn_meth 5715 3_0_3 EXIST::FUNCTION:BN_METHOD,ENG ENGINE_set_default_bn_meth 5716 3_0_3 EXIST::FUNCTION:BN_METHOD,ENGINE ENGINE_get_default_bn_meth 5717 3_0_3 EXIST::FUNCTION:BN_METHOD,ENGINE EC_ELGAMAL_DECRYPT_TABLE_new_ex 5718 3_0_3 EXIST::FUNCTION:EC,EC_ELGAMAL -EC_POINT_from_string 5719 3_0_3 EXIST::FUNCTION:EC,EC_ELGAMAL +EC_POINT_from_string 5719 3_0_3 EXIST::FUNCTION:EC PAILLIER_CTX_set_engine 5720 3_0_3 EXIST::FUNCTION:ENGINE,PAILLIER EVP_sm4_gcm 5721 3_0_3 EXIST::FUNCTION:SM4 EVP_sm4_ccm 5722 3_0_3 EXIST::FUNCTION:SM4 From 331adf0c11cff6196084054a5cad51934b3f4395 Mon Sep 17 00:00:00 2001 From: Jin Jiu Date: Sat, 30 Sep 2023 21:44:37 +0800 Subject: [PATCH 2/7] Fixed the compilation issue of Speed Test. --- crypto/ec/ec_elgamal_encode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_elgamal_encode.c b/crypto/ec/ec_elgamal_encode.c index 1a07880b1..b616521ff 100644 --- a/crypto/ec/ec_elgamal_encode.c +++ b/crypto/ec/ec_elgamal_encode.c @@ -492,7 +492,7 @@ size_t EC_ELGAMAL_MR_CIPHERTEXT_encode(EC_ELGAMAL_MR_CTX *ctx, unsigned char *ou int EC_ELGAMAL_MR_CIPHERTEXT_decode(EC_ELGAMAL_MR_CTX *ctx, EC_ELGAMAL_MR_CIPHERTEXT *r, unsigned char *in, size_t size) { - int ret = 0, len; + int ret = 0, len = 0; size_t point_len; unsigned char *p = in, zero[128]; BN_CTX *bn_ctx = NULL; From 886334b99d6182873d2ccabb76a8a4934681d456 Mon Sep 17 00:00:00 2001 From: K1 Date: Mon, 9 Oct 2023 15:01:51 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BC=96=E8=AF=91?= =?UTF-8?q?=E5=91=8A=E8=AD=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crypto/pem/pem_lib.c | 6 +++--- crypto/txt_db/txt_db.c | 3 --- crypto/x509/x_name.c | 8 ++------ ssl/statem_ntls/ntls_statem_clnt.c | 7 +++---- ssl/statem_ntls/ntls_statem_srvr.c | 7 +++---- test/testutil/driver.c | 5 +---- 6 files changed, 12 insertions(+), 24 deletions(-) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index f984e9ea9..b81ef2185 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -810,7 +810,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; + int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -824,7 +824,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, return 0; } - for (line = 0; ; line++) { + while(1) { flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 6744c0353..437b1b9c1 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -21,7 +21,6 @@ TXT_DB *TXT_DB_read(BIO *in, int num) { TXT_DB *ret = NULL; int esc = 0; - long ln = 0; int i, add, n; int size = BUFSIZE; int offset = 0; @@ -61,7 +60,6 @@ TXT_DB *TXT_DB_read(BIO *in, int num) } buf->data[offset] = '\0'; BIO_gets(in, &(buf->data[offset]), size - offset); - ln++; if (buf->data[offset] == '\0') break; if ((offset == 0) && (buf->data[0] == '#')) @@ -80,7 +78,6 @@ TXT_DB *TXT_DB_read(BIO *in, int num) p += add; n = 0; pp[n++] = p; - i = 0; f = buf->data; esc = 0; diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index bed2d049b..1e62f4130 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -499,9 +499,7 @@ int X509_NAME_set(X509_NAME **xn, const X509_NAME *name) int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) { char *s, *c, *b; - int l, i; - - l = 80 - 2 - obase; + int i; b = X509_NAME_oneline(name, NULL, 0); if (b == NULL) @@ -527,12 +525,10 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) if (BIO_write(bp, ", ", 2) != 2) goto err; } - l--; } if (*s == '\0') break; s++; - l--; } OPENSSL_free(b); diff --git a/ssl/statem_ntls/ntls_statem_clnt.c b/ssl/statem_ntls/ntls_statem_clnt.c index 8e8bddc80..5a7faada9 100644 --- a/ssl/statem_ntls/ntls_statem_clnt.c +++ b/ssl/statem_ntls/ntls_statem_clnt.c @@ -1,6 +1,6 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2022 The Tongsuo Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023 The Tongsuo Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1241,7 +1241,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate_ntls(SSL *s, PACKET *pkt) unsigned long cert_list_len, cert_len; X509 *x = NULL; const unsigned char *certstart, *certbytes; - size_t chainidx; unsigned int context = 0; if ((s->session->peer_chain = sk_X509_new_null()) == NULL) { @@ -1256,7 +1255,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate_ntls(SSL *s, PACKET *pkt) SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } - for (chainidx = 0; PACKET_remaining(pkt); chainidx++) { + while (PACKET_remaining(pkt)) { if (!PACKET_get_net_3(pkt, &cert_len) || !PACKET_get_bytes(pkt, &certbytes, cert_len)) { SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_R_CERT_LENGTH_MISMATCH); diff --git a/ssl/statem_ntls/ntls_statem_srvr.c b/ssl/statem_ntls/ntls_statem_srvr.c index 5fb7f4af1..798b0f83b 100644 --- a/ssl/statem_ntls/ntls_statem_srvr.c +++ b/ssl/statem_ntls/ntls_statem_srvr.c @@ -1,6 +1,6 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2022 The Tongsuo Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023 The Tongsuo Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2086,7 +2086,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate_ntls(SSL *s, PACKET *pkt) const unsigned char *certstart, *certbytes; STACK_OF(X509) *sk = NULL; PACKET spkt; - size_t chainidx; SSL_SESSION *new_sess = NULL; /* @@ -2107,7 +2106,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate_ntls(SSL *s, PACKET *pkt) goto err; } - for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) { + while (PACKET_remaining(&spkt) > 0) { if (!PACKET_get_net_3(&spkt, &l) || !PACKET_get_bytes(&spkt, &certbytes, l)) { SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_R_CERT_LENGTH_MISMATCH); diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 564809406..c72126490 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -336,8 +336,6 @@ int run_tests(const char *test_prog_name) num_failed++; test_case_count++; } else { - int num_failed_inner = 0; - verdict = TEST_SKIP_CODE; set_test_title(all_tests[i].test_case_name); if (all_tests[i].subtest) { @@ -368,7 +366,6 @@ int run_tests(const char *test_prog_name) v = all_tests[i].param_test_fn(j); if (v == 0) { - ++num_failed_inner; verdict = 0; } else if (v != TEST_SKIP_CODE && verdict != 0) { verdict = 1; From c5d294145570c2d879bff7d0ccddf9753b059e6d Mon Sep 17 00:00:00 2001 From: Jin Jiu Date: Wed, 8 Nov 2023 15:44:07 +0800 Subject: [PATCH 4/7] Move zkp-test to daily-test --- .github/workflows/ci.yml | 4 +--- .github/workflows/run-checker-daily.yml | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4334e66a0..f7cb3064c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -378,7 +378,7 @@ jobs: - name: check dirty run: test $(git status --porcelain | wc -l) -eq "0" - zkp-test: + zkp-build-test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -386,8 +386,6 @@ jobs: run: CC=clang ./config --strict-warnings --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY enable-ec_elgamal enable-twisted_ec_elgamal enable-bulletproofs enable-nizk enable-zkp-gadget && perl configdata.pm --dump - name: make run: make -s -j4 - - name: make test - run: make test - name: make clean run: make clean - name: check dirty diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 01fbeb190..c2cafe3ee 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -116,6 +116,9 @@ jobs: enable-ntls, enable-smtc enable-smtc-debug, enable-ntls enable-smtc enable-smtc-debug, + enable-ec_elgamal enable-twisted_ec_elgamal, + enable-bulletproofs, + enable-bulletproofs enable-nizk enable-zkp-gadget enable-ec_elgamal enable-twisted_ec_elgamal, -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING ] runs-on: ubuntu-latest From a69fd1da62e55621e6db0580370e66214c6132a9 Mon Sep 17 00:00:00 2001 From: K1 Date: Thu, 26 Oct 2023 17:41:21 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E9=9A=8F=E6=9C=BA=E6=95=B0=E7=86=B5?= =?UTF-8?q?=E6=BA=90=E5=A2=9E=E5=8A=A0=E7=B3=BB=E7=BB=9F=E6=97=B6=E9=97=B4?= =?UTF-8?q?(RTC)=E6=96=B9=E6=A1=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 通过反复获取系统时间(real-time clock)来产生不可预测的数据。 算法依赖于在执行代码或读写内存时,受缓存未命中、系统中断、调度等多个 因素影响,导致消耗的时间不确定,从而每次获取的系统时间也不确定。 具体包括2个方案: 1.执行特定代码后,获取系统时间。 2.读写特定内存后,获取系统时间。 --- .github/workflows/ci.yml | 2 +- CHANGES | 2 + Configure | 2 +- crypto/info.c | 3 + .../implementations/rands/seeding/rand_unix.c | 73 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f7cb3064c..e9b6af681 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -185,7 +185,7 @@ jobs: - name: modprobe tls run: sudo modprobe tls - name: config - run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-ntls enable-optimize-chacha-choose enable-status enable-crypto-mdebug-count enable-cert-compression enable-delegated-credential enable-bn-method && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-ntls enable-optimize-chacha-choose enable-status enable-crypto-mdebug-count enable-cert-compression enable-delegated-credential enable-bn-method --with-rand-seed=getrandom,rtc && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/CHANGES b/CHANGES index 6aa6d1f59..d6079fe1d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Changes between 8.4.0 and 8.5.0 [xx XXX xxxx] + *) 随机数熵源增加系统时间(RTC)方案 + *) 增加商用密码检测和认证Provider,包括身份认证、完整性验证、算法自测试、随机数自检、 熵源健康测试;增加mod应用,包括生成SMTC配置、自测试功能 diff --git a/Configure b/Configure index 2067a6680..40eebb90b 100755 --- a/Configure +++ b/Configure @@ -793,7 +793,7 @@ my %cmdvars = (); # Stores FOO='blah' type arguments my %unsupported_options = (); my %deprecated_options = (); # If you change this, update apps/version.c -my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom); +my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtc); my @seed_sources = (); while (@argvcopy) { diff --git a/crypto/info.c b/crypto/info.c index 5c6b4983f..69142d396 100644 --- a/crypto/info.c +++ b/crypto/info.c @@ -151,6 +151,9 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings) #endif #ifdef OPENSSL_RAND_SEED_OS add_seeds_string("os-specific"); +#endif +#ifdef OPENSSL_RAND_SEED_RTC + add_seeds_string("real-time-clock"); #endif seed_sources = seeds; } diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index fede8441d..6fb13195a 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -48,6 +48,7 @@ # include # include # include +# include static uint64_t get_time_stamp(void); static uint64_t get_timer_bits(void); @@ -101,6 +102,7 @@ static uint64_t get_timer_bits(void); # undef OPENSSL_RAND_SEED_RDTSC # undef OPENSSL_RAND_SEED_RDCPU # undef OPENSSL_RAND_SEED_EGD +# undef OPENSSL_RAND_SEED_RTC #endif #if defined(OPENSSL_SYS_UEFI) && !defined(OPENSSL_RAND_SEED_NONE) @@ -604,6 +606,67 @@ void ossl_rand_pool_keep_random_devices_open(int keep) # endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */ +# if defined(OPENSSL_RAND_SEED_RTC) +static size_t ossl_prov_acquire_entropy_from_rtc1(RAND_POOL *pool) +{ + size_t i, k, bytes_needed; + struct timespec ts; + unsigned char v; + + bytes_needed = ossl_rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); + + for (i = 0; i < bytes_needed; i++) { + /* + * burn some cpu; hope for interrupts, cache collisions, bus + * interference, etc. + */ + for (k = 0; k < 99; k++) + ts.tv_nsec = random(); + + /* sleep for 1/65536 of a second (15 us). */ + ts.tv_sec = 0; + ts.tv_nsec = 15000; + nanosleep(&ts, NULL); + + /* Get wall clock time, take 8 bits. */ + clock_gettime(CLOCK_REALTIME, &ts); + v = (unsigned char)(ts.tv_nsec & 0xFF); + ossl_rand_pool_add(pool, &v, sizeof(v), 2); + } + return ossl_rand_pool_entropy_available(pool); +} + +static size_t ossl_prov_acquire_entropy_from_rtc2(RAND_POOL *pool) +{ + size_t i, k, bytes_needed; + struct timespec ts; + unsigned char v; + + bytes_needed = ossl_rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); + + for (i = 0; i < bytes_needed; i++) { + long buf[100]; + /* + * burn some cpu; hope for interrupts, cache collisions, bus + * interference, etc. + */ + for (k = 1; k < OSSL_NELEM(buf); k++) + buf[k] = buf[k-1] ^ random(); + + /* sleep for 1/65536 of a second (15 us). */ + ts.tv_sec = 0; + ts.tv_nsec = 15000; + nanosleep(&ts, NULL); + + /* Get wall clock time, take 8 bits. */ + clock_gettime(CLOCK_REALTIME, &ts); + v = (unsigned char)(ts.tv_nsec & 0xFF); + ossl_rand_pool_add(pool, &v, sizeof(v), 2); + } + return ossl_rand_pool_entropy_available(pool); +} +# endif + /* * Try the various seeding methods in turn, exit when successful. * @@ -741,6 +804,16 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool) } # endif +# if defined(OPENSSL_RAND_SEED_RTC) + entropy_available = ossl_prov_acquire_entropy_from_rtc1(pool); + if (entropy_available > 0) + return entropy_available; + + entropy_available = ossl_prov_acquire_entropy_from_rtc2(pool); + if (entropy_available > 0) + return entropy_available; +# endif + return ossl_rand_pool_entropy_available(pool); # endif } From 652f0e5dc127979cec4822565144fa6da27c3984 Mon Sep 17 00:00:00 2001 From: K1 Date: Tue, 24 Oct 2023 21:42:15 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E4=BF=AE=E5=A4=8DTLS=201.3=E4=BD=BF?= =?UTF-8?q?=E7=94=A8=E5=95=86=E5=AF=86=E5=A5=97=E4=BB=B6=E6=97=B6=E6=9C=AA?= =?UTF-8?q?=E4=B8=A5=E6=A0=BC=E9=81=B5=E5=BE=AARFC=208998=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixed #491 强制遵循RFC 8998时: 当使用商密套件且加载双证书时,修复未选择SM2证书问题; 收到CertificateVerify需要检查签名算法,如果不是sm2sig_sm3,应该alert。 修复TLS 1.3商密套件trace,unknown问题; SSL conf中增加Trace配置项,Trace设置为on时,可以输出TLS消息,方便定位问题。 --- ssl/ssl_conf.c | 35 +++++++++++++ ssl/t1_lib.c | 38 ++++++++++++++ ssl/t1_trce.c | 2 + test/helpers/ssl_test_ctx.c | 1 + test/ssl-tests/30-tls13-sm.cnf | 86 ++++++++++++++++++++++++++++++- test/ssl-tests/30-tls13-sm.cnf.in | 62 ++++++++++++++++++++++ 6 files changed, 223 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 4d7689af6..bd223c29b 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -864,6 +864,38 @@ static int cmd_Enable_sign_by_dc(SSL_CONF_CTX *cctx, const char *value) } #endif +#ifndef OPENSSL_NO_SSL_TRACE +static void trace_cb(int write_p, int version, int content_type, + const void *buf, size_t msglen, SSL *ssl, void *arg) +{ + BIO *bio = NULL; + if (arg == NULL) { + bio = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + if (bio == NULL) + return; + + arg = bio; + } + + SSL_trace(write_p, version, content_type, buf, msglen, ssl, arg); + + BIO_free(bio); +} + +static int cmd_Trace(SSL_CONF_CTX *cctx, const char *value) +{ + if (strcmp(value, "on") == 0) { + if (cctx->ctx) + SSL_CTX_set_msg_callback(cctx->ctx, trace_cb); + + if (cctx->ssl) + SSL_set_msg_callback(cctx->ssl, trace_cb); + } + + return 1; +} +#endif + typedef struct { int (*cmd) (SSL_CONF_CTX *cctx, const char *value); const char *str_file; @@ -986,6 +1018,9 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Enable_verify_peer_by_dc, "Enable_verify_peer_by_dc", 0), SSL_CONF_CMD_STRING(Enable_sign_by_dc, "Enable_sign_by_dc", 0), #endif +#ifndef OPENSSL_NO_SSL_TRACE + SSL_CONF_CMD_STRING(Trace, "Trace", 0), +#endif }; /* Supported switches: must match order of switches in ssl_conf_cmds */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7c83f7c60..97505f63e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1475,6 +1475,25 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) if (pkeyid == -1) return -1; if (SSL_IS_TLS13(s)) { +#ifndef OPENSSL_NO_SM2 + /* + * RFC 8998 requires that if TLS_SM4_GCM_SM3 or TLS_SM4_CCM_SM3 was + * choosen, the only valid signature algorithm MUST be "sm2sig_sm3". + */ + if (s->enable_sm_tls13_strict == 1) { + const SSL_CIPHER *cipher = s->s3.tmp.new_cipher; + + if (cipher != NULL && (cipher->id == TLS1_3_CK_SM4_GCM_SM3 + || cipher->id == TLS1_3_CK_SM4_CCM_SM3)) { + if (sig != TLSEXT_SIGALG_sm2sig_sm3) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } + } + } +#endif + /* Disallow DSA for TLS 1.3 */ if (pkeyid == EVP_PKEY_DSA) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); @@ -3192,6 +3211,25 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) continue; +#ifndef OPENSSL_NO_SM2 + /* + * RFC 8998 requires that + * if the server chooses TLS_SM4_GCM_SM3 or TLS_SM4_CCM_SM3, + * the only valid signature algorithm present in + * "signature_algorithms" extension MUST be "sm2sig_sm3". + */ + if (SSL_IS_TLS13(s) && s->enable_sm_tls13_strict == 1 && s->server) { + const SSL_CIPHER *cipher = s->s3.tmp.new_cipher; + + if (cipher != NULL && + (cipher->id == TLS1_3_CK_SM4_GCM_SM3 + || cipher->id == TLS1_3_CK_SM4_CCM_SM3)) { + if (lu->sigalg != TLSEXT_SIGALG_sm2sig_sm3) + continue; + } + } +#endif + tmppkey = (pkey != NULL) ? pkey : s->cert->pkeys[lu->sig_idx].privatekey; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 5926b5d33..83e6958cf 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -311,6 +311,8 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0x1305, "TLS_AES_128_CCM_8_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, + {0x00C6, "TLS_SM4_GCM_SM3"}, + {0x00C7, "TLS_SM4_CCM_SM3"}, #ifndef OPENSSL_NO_NTLS {0xE011, "ECDHE_SM4_CBC_SM3"}, {0xE051, "ECDHE_SM4_GCM_SM3"}, diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 03dcf724e..0a93618b9 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -163,6 +163,7 @@ static const test_enum ssl_alerts[] = { {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL}, {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED}, {"CertificateExpired", SSL_AD_CERTIFICATE_EXPIRED}, + {"IllegalParameter", SSL_AD_ILLEGAL_PARAMETER}, }; __owur static int parse_alert(int *alert, const char *value) diff --git a/test/ssl-tests/30-tls13-sm.cnf b/test/ssl-tests/30-tls13-sm.cnf index e4b3826c4..e66e953b8 100644 --- a/test/ssl-tests/30-tls13-sm.cnf +++ b/test/ssl-tests/30-tls13-sm.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 21 +num_tests = 23 test-0 = 0-test ciphersuites TLS_SM4_GCM_SM3 test-1 = 1-test series of ciphersuites includes TLS_SM4_GCM_SM3 @@ -23,6 +23,8 @@ test-17 = 17-test client success when enable sm_tls13_strict with SM2 key_share test-18 = 18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher test-19 = 19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3 test-20 = 20-test client auth success when both enable sm_tls13_strict +test-21 = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 +test-22 = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 # =========================================================== [0-test ciphersuites TLS_SM4_GCM_SM3] @@ -680,3 +682,85 @@ ExpectedHRR = Yes ExpectedResult = Success +# =========================================================== + +[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] +ssl_conf = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl + +[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] +server = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server +client = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client + +[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Ciphersuites = TLS_SM4_GCM_SM3 +Enable_sm_tls13_strict = on +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +SM2.Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt +SM2.PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem +VerifyMode = Require + +[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] +Certificate = ${ENV::TEST_CERTS_DIR}/sm2-first-crt.pem +CipherString = DEFAULT +Ciphersuites = TLS_SM4_GCM_SM3 +Enable_sm_tls13_strict = on +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-first-key.pem +SignatureAlgorithms = rsa_pss_rsae_sha256:sm2sig_sm3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt +VerifyMode = Peer + +[test-21] +ExpectedCipher = TLS_SM4_GCM_SM3 +ExpectedResult = Success +ExpectedServerCertType = SM2 + + +# =========================================================== + +[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] +ssl_conf = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl + +[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] +server = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server +client = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client + +[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] +Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt +CipherString = DEFAULT +Ciphersuites = TLS_SM4_GCM_SM3 +Enable_sm_tls13_strict = off +Groups = SM2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key +SignatureAlgorithms = rsa_pss_rsae_sha256:sm2sig_sm3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem +VerifyMode = Require + +[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] +CipherString = DEFAULT +Ciphersuites = TLS_SM4_GCM_SM3 +Enable_sm_tls13_strict = on +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +SM2.Certificate = ${ENV::TEST_CERTS_DIR}/sm2-first-crt.pem +SM2.PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-first-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt +VerifyMode = Peer + +[test-22] +ExpectedClientAlert = IllegalParameter +ExpectedResult = ClientFail + + diff --git a/test/ssl-tests/30-tls13-sm.cnf.in b/test/ssl-tests/30-tls13-sm.cnf.in index 869a599e3..e645a6806 100644 --- a/test/ssl-tests/30-tls13-sm.cnf.in +++ b/test/ssl-tests/30-tls13-sm.cnf.in @@ -475,4 +475,66 @@ our @tests = ( "ExpectedHRR" => "Yes", }, }, + + { + name => "test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Ciphersuites" => "TLS_SM4_GCM_SM3", + "SM2.Certificate" => test_pem("sm2-leaf.crt"), + "SM2.PrivateKey" => test_pem("sm2-leaf.key"), + "RSA.Certificate" => test_pem("servercert.pem"), + "RSA.PrivateKey" => test_pem("serverkey.pem"), + "Enable_sm_tls13_strict" => "on", + "VerifyMode" => "Require", + "VerifyCAFile" => test_pem("sm2-root-cert.pem"), + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Ciphersuites" => "TLS_SM4_GCM_SM3", + "SignatureAlgorithms" => "rsa_pss_rsae_sha256:sm2sig_sm3", + "Enable_sm_tls13_strict" => "on", + "VerifyCAFile" => test_pem("sm2-chain-ca.crt"), + "Certificate" => test_pem("sm2-first-crt.pem"), + "PrivateKey" => test_pem("sm2-first-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedCipher" => "TLS_SM4_GCM_SM3", + "ExpectedServerCertType" =>, "SM2", + }, + }, + + { + name => "test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Ciphersuites" => "TLS_SM4_GCM_SM3", + "SignatureAlgorithms" => "rsa_pss_rsae_sha256:sm2sig_sm3", + "Groups" => "SM2", + "Certificate" => test_pem("sm2-leaf.crt"), + "PrivateKey" => test_pem("sm2-leaf.key"), + "Enable_sm_tls13_strict" => "off", + "VerifyMode" => "Require", + "VerifyCAFile" => test_pem("sm2-root-cert.pem"), + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Ciphersuites" => "TLS_SM4_GCM_SM3", + "Enable_sm_tls13_strict" => "on", + "SM2.Certificate" => test_pem("sm2-first-crt.pem"), + "SM2.PrivateKey" => test_pem("sm2-first-key.pem"), + "RSA.Certificate" => test_pem("ee-client-chain.pem"), + "RSA.PrivateKey" => test_pem("ee-key.pem"), + "VerifyCAFile" => test_pem("sm2-chain-ca.crt"), + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "IllegalParameter", + }, + }, ); From 60b7ac364ebefeef2bb0d77b7db59e5569caeb3c Mon Sep 17 00:00:00 2001 From: zhangjingqiang Date: Mon, 13 Nov 2023 18:54:34 +0800 Subject: [PATCH 7/7] mention g3proxy and g3bench in readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index bdbf7a48d..ef572cb38 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,8 @@ * [Angie](https://angie.software/en/), Angie是一个可以替换掉NGINX的新型Web服务器,我们建议使用铜锁的用户优先选择Angie (We highly recommend you to replace NGINX with Angie to enable Tongsuo's functionality) * Apache APISIX * Tengine +* [g3proxy](https://github.com/bytedance/g3/tree/master/g3proxy),正向代理&基础反向代理 +* [g3bench](https://github.com/bytedance/g3/tree/master/g3bench),HTTPS/H2/TLS握手等压测 商业应用 (Commercial Application)