File openssl-kdf-tls-selftest.patch of Package openssl-1_0_0.35258

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-kdf-tls-selftest.patch of Package openssl-1_0_0.35258

Index: openssl-1.0.2p/crypto/fips/fips.h
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/fips.h	2020-12-08 14:20:21.290368009 +0100
+++ openssl-1.0.2p/crypto/fips/fips.h	2020-12-08 14:20:23.058378604 +0100
@@ -107,6 +107,7 @@ extern "C" {
     int FIPS_selftest_drbg(void);
     int FIPS_selftest_drbg_all(void);
     int FIPS_selftest_cmac(void);
+    int FIPS_selftest_tls(void);
     void NONFIPS_selftest_check(void);
 
     void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
Index: openssl-1.0.2p/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/fips_post.c	2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/crypto/fips/fips_post.c	2020-12-08 14:20:23.058378604 +0100
@@ -103,6 +103,8 @@ int FIPS_selftest(void)
         rv = 0;
     if (!FIPS_selftest_ecdh())
         rv = 0;
+    if (!FIPS_selftest_tls())
+        rv = 0;
     return rv;
 }
 
Index: openssl-1.0.2p/crypto/fips/fips_tls_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2p/crypto/fips/fips_tls_selftest.c	2020-12-08 14:20:23.058378604 +0100
@@ -0,0 +1,108 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../ssl/ssl_locl.h"
+
+
+#ifdef OPENSSL_FIPS
+
+#define TLS1_PRF_DGST_SHIFT 10
+#define SSL_HANDSHAKE_MAC_SHA256 0x80
+#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_NUM_IDX 6
+
+extern const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
+extern int ssl_mac_secret_size[SSL_MD_NUM_IDX];
+
+int private_tls1_PRF(long digest_mask,
+                     const void *seed1, int seed1_len,
+                     const void *seed2, int seed2_len,
+                     const void *seed3, int seed3_len,
+                     const void *seed4, int seed4_len,
+                     const void *seed5, int seed5_len,
+                     const unsigned char *sec, int slen,
+                     unsigned char *out1, unsigned char *out2, int olen);
+
+
+int FIPS_selftest_tls(void)
+{
+
+  ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_sha256();
+  ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
+    EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+
+  const char *seed = "seed";
+  const char *secret = "secret";
+  unsigned char out[16], dummy[16];
+  const unsigned char expected[sizeof(out)] = {
+    0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
+    0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
+  };
+  long digest_mask = TLS1_PRF_SHA256;
+  int ret = 1;                  /* success */
+
+  private_tls1_PRF(digest_mask,
+  	   seed, strlen(seed),
+  	   NULL,       0,
+  	   NULL,       0,
+  	   NULL,       0,
+  	   NULL,       0,
+  	   secret, strlen(secret),
+  	   out, dummy, sizeof(out));
+
+  if ( memcmp(out, expected, sizeof(expected))) {
+    ret = 0;                  /* failure */
+  }
+  return ret;
+}
+
+
+#endif
Index: openssl-1.0.2p/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/Makefile	2020-12-08 14:20:23.058378604 +0100
+++ openssl-1.0.2p/crypto/fips/Makefile	2020-12-08 14:21:35.726814065 +0100
@@ -38,14 +38,14 @@ LIBSRC=fips_aes_selftest.c fips_des_self
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
     fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
     fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
-    fips_dh_selftest.c
+    fips_dh_selftest.c fips_tls_selftest.c
 
 LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
     fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
     fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
     fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
     fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
-    fips_dh_selftest.o
+    fips_dh_selftest.o fips_tls_selftest.o
 
 SRC= $(LIBSRC) fips_standalone_hmac.c fips_err.c $(CAVS_SRC)
 
@@ -441,6 +441,21 @@ fips_sha_selftest.o: ../../include/opens
 fips_sha_selftest.o: ../../include/openssl/safestack.h
 fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
+fips_tls_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_tls_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_tls_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_tls_selftest.o: ../../include/openssl/err.h
+fips_tls_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_tls_selftest.o: ../../include/openssl/lhash.h
+fips_tls_selftest.o: ../../include/openssl/obj_mac.h
+fips_tls_selftest.o: ../../include/openssl/objects.h
+fips_tls_selftest.o: ../../include/openssl/opensslconf.h
+fips_tls_selftest.o: ../../include/openssl/opensslv.h
+fips_tls_selftest.o: ../../include/openssl/ossl_typ.h
+fips_tls_selftest.o: ../../include/openssl/safestack.h
+fips_tls_selftest.o: ../../include/openssl/stack.h
+fips_tls_selftest.o: ../../include/openssl/symhacks.h fips_tls_selftest.c
+fips_tls_selftest.o: fips_locl.h
 fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
 fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
Index: openssl-1.0.2p/crypto/evp/digest.c
===================================================================
--- openssl-1.0.2p.orig/crypto/evp/digest.c	2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/crypto/evp/digest.c	2020-12-08 14:20:23.058378604 +0100
@@ -122,6 +122,32 @@
 # include "evp_locl.h"
 #endif
 
+#define TLS1_PRF_DGST_SHIFT 10
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
+#define SSL_MD_NUM_IDX 6
+
+# define SSL_HANDSHAKE_MAC_MD5 0x10
+# define SSL_HANDSHAKE_MAC_SHA 0x20
+# define SSL_HANDSHAKE_MAC_GOST94 0x40
+# define SSL_HANDSHAKE_MAC_SHA256 0x80
+# define SSL_HANDSHAKE_MAC_SHA384 0x100
+
+
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
+      SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
+    SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+    SSL_HANDSHAKE_MAC_SHA384
+};
+
+int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
+    0, 0, 0, 0, 0, 0
+};
+
+const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL
+};
+
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 {
     memset(ctx, '\0', sizeof(*ctx));
@@ -437,3 +463,178 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 
     return 1;
 }
+
+static int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
+{
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
+        return 0;
+    }
+    *mask = ssl_handshake_digest_flag[idx];
+    if (*mask)
+        *md = ssl_digest_methods[idx];
+    else
+        *md = NULL;
+    return 1;
+}
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+                       int sec_len,
+                       const void *seed1, int seed1_len,
+                       const void *seed2, int seed2_len,
+                       const void *seed3, int seed3_len,
+                       const void *seed4, int seed4_len,
+                       const void *seed5, int seed5_len,
+                       unsigned char *out, int olen)
+{
+    int chunk;
+    size_t j;
+    EVP_MD_CTX ctx, ctx_tmp, ctx_init;
+    EVP_PKEY *mac_key;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    OPENSSL_assert(chunk >= 0);
+
+    EVP_MD_CTX_init(&ctx);
+    EVP_MD_CTX_init(&ctx_tmp);
+    EVP_MD_CTX_init(&ctx_init);
+    EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (!mac_key)
+        goto err;
+    if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+        goto err;
+    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+        goto err;
+    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+        goto err;
+    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+        goto err;
+    if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+        goto err;
+    if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+        goto err;
+    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+            goto err;
+        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
+            goto err;
+        if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
+            goto err;
+        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+            goto err;
+        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+            goto err;
+        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+            goto err;
+        if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+            goto err;
+        if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+            goto err;
+
+        if (olen > chunk) {
+            if (!EVP_DigestSignFinal(&ctx, out, &j))
+                goto err;
+            out += j;
+            olen -= j;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_cleanup(&ctx);
+    EVP_MD_CTX_cleanup(&ctx_tmp);
+    EVP_MD_CTX_cleanup(&ctx_init);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_PRF(long digest_mask,
+                    const void *seed1, int seed1_len,
+                    const void *seed2, int seed2_len,
+                    const void *seed3, int seed3_len,
+                    const void *seed4, int seed4_len,
+                    const void *seed5, int seed5_len,
+                    const unsigned char *sec, int slen,
+                    unsigned char *out1, unsigned char *out2, int olen)
+{
+    int len, i, idx, count;
+    const unsigned char *S1;
+    long m;
+    const EVP_MD *md;
+    int ret = 0;
+
+    /* Count number of digests and partition sec evenly */
+    count = 0;
+    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
+            count++;
+    }
+    if (!count) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    len = slen / count;
+    if (count == 1)
+        slen = 0;
+    S1 = sec;
+    memset(out1, 0, olen);
+    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
+            if (!md) {
+                SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                goto err;
+            }
+            if (!tls1_P_hash(md, S1, len + (slen & 1),
+                             seed1, seed1_len, seed2, seed2_len, seed3,
+                             seed3_len, seed4, seed4_len, seed5, seed5_len,
+                             out2, olen))
+                goto err;
+            S1 += len;
+            for (i = 0; i < olen; i++) {
+                out1[i] ^= out2[i];
+            }
+        }
+    }
+    ret = 1;
+ err:
+    return ret;
+}
+
+int private_tls1_PRF(long digest_mask,
+                     const void *seed1, int seed1_len,
+                     const void *seed2, int seed2_len,
+                     const void *seed3, int seed3_len,
+                     const void *seed4, int seed4_len,
+                     const void *seed5, int seed5_len,
+                     const unsigned char *sec, int slen,
+                     unsigned char *out1, unsigned char *out2, int olen)
+{
+    return tls1_PRF(digest_mask,
+                    seed1, seed1_len,
+                    seed2, seed2_len,
+                    seed3, seed3_len,
+                    seed4, seed4_len,
+                    seed5, seed5_len, sec, slen, out1, out2, olen);
+}
Index: openssl-1.0.2p/ssl/t1_enc.c
===================================================================
--- openssl-1.0.2p.orig/ssl/t1_enc.c	2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/ssl/t1_enc.c	2020-12-08 14:20:23.058378604 +0100
@@ -148,150 +148,6 @@
 # include <openssl/des.h>
 #endif
 
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                       int sec_len,
-                       const void *seed1, int seed1_len,
-                       const void *seed2, int seed2_len,
-                       const void *seed3, int seed3_len,
-                       const void *seed4, int seed4_len,
-                       const void *seed5, int seed5_len,
-                       unsigned char *out, int olen)
-{
-    int chunk;
-    size_t j;
-    EVP_MD_CTX ctx, ctx_tmp, ctx_init;
-    EVP_PKEY *mac_key;
-    unsigned char A1[EVP_MAX_MD_SIZE];
-    size_t A1_len;
-    int ret = 0;
-
-    chunk = EVP_MD_size(md);
-    OPENSSL_assert(chunk >= 0);
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_init(&ctx_tmp);
-    EVP_MD_CTX_init(&ctx_init);
-    EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-    if (!mac_key)
-        goto err;
-    if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
-        goto err;
-    if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-        goto err;
-    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-        goto err;
-    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-        goto err;
-    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-        goto err;
-    if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-        goto err;
-    if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-        goto err;
-    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-        goto err;
-
-    for (;;) {
-        /* Reinit mac contexts */
-        if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-            goto err;
-        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
-            goto err;
-        if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
-            goto err;
-        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-            goto err;
-        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-            goto err;
-        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-            goto err;
-        if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-            goto err;
-        if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-            goto err;
-
-        if (olen > chunk) {
-            if (!EVP_DigestSignFinal(&ctx, out, &j))
-                goto err;
-            out += j;
-            olen -= j;
-            /* calc the next A1 value */
-            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
-                goto err;
-        } else {                /* last one */
-
-            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-                goto err;
-            memcpy(out, A1, olen);
-            break;
-        }
-    }
-    ret = 1;
- err:
-    EVP_PKEY_free(mac_key);
-    EVP_MD_CTX_cleanup(&ctx);
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    EVP_MD_CTX_cleanup(&ctx_init);
-    OPENSSL_cleanse(A1, sizeof(A1));
-    return ret;
-}
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_PRF(long digest_mask,
-                    const void *seed1, int seed1_len,
-                    const void *seed2, int seed2_len,
-                    const void *seed3, int seed3_len,
-                    const void *seed4, int seed4_len,
-                    const void *seed5, int seed5_len,
-                    const unsigned char *sec, int slen,
-                    unsigned char *out1, unsigned char *out2, int olen)
-{
-    int len, i, idx, count;
-    const unsigned char *S1;
-    long m;
-    const EVP_MD *md;
-    int ret = 0;
-
-    /* Count number of digests and partition sec evenly */
-    count = 0;
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
-            count++;
-    }
-    if (!count) {
-        /* Should never happen */
-        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    len = slen / count;
-    if (count == 1)
-        slen = 0;
-    S1 = sec;
-    memset(out1, 0, olen);
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
-            if (!md) {
-                SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
-                goto err;
-            }
-            if (!tls1_P_hash(md, S1, len + (slen & 1),
-                             seed1, seed1_len, seed2, seed2_len, seed3,
-                             seed3_len, seed4, seed4_len, seed5, seed5_len,
-                             out2, olen))
-                goto err;
-            S1 += len;
-            for (i = 0; i < olen; i++) {
-                out1[i] ^= out2[i];
-            }
-        }
-    }
-    ret = 1;
- err:
-    return ret;
-}
-
 int private_tls1_PRF(long digest_mask,
                      const void *seed1, int seed1_len,
                      const void *seed2, int seed2_len,
@@ -299,21 +155,15 @@ int private_tls1_PRF(long digest_mask,
                      const void *seed4, int seed4_len,
                      const void *seed5, int seed5_len,
                      const unsigned char *sec, int slen,
-                     unsigned char *out1, unsigned char *out2, int olen)
-{
-    return tls1_PRF(digest_mask,
-                    seed1, seed1_len,
-                    seed2, seed2_len,
-                    seed3, seed3_len,
-                    seed4, seed4_len,
-                    seed5, seed5_len, sec, slen, out1, out2, olen);
-}
+                     unsigned char *out1, unsigned char *out2, int olen);
+
+
 
 static int tls1_generate_key_block(SSL *s, unsigned char *km,
                                    unsigned char *tmp, int num)
 {
     int ret;
-    ret = tls1_PRF(ssl_get_algorithm2(s),
+    ret = private_tls1_PRF(ssl_get_algorithm2(s),
                    TLS_MD_KEY_EXPANSION_CONST,
                    TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
                    SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
@@ -542,7 +392,7 @@ int tls1_change_cipher_state(SSL *s, int
          * In here I set both the read and write key/iv to the same value
          * since only the correct one will be used :-).
          */
-        if (!tls1_PRF(ssl_get_algorithm2(s),
+        if (!private_tls1_PRF(ssl_get_algorithm2(s),
                       exp_label, exp_label_len,
                       s->s3->client_random, SSL3_RANDOM_SIZE,
                       s->s3->server_random, SSL3_RANDOM_SIZE,
@@ -552,7 +402,7 @@ int tls1_change_cipher_state(SSL *s, int
         key = tmp1;
 
         if (k > 0) {
-            if (!tls1_PRF(ssl_get_algorithm2(s),
+            if (!private_tls1_PRF(ssl_get_algorithm2(s),
                           TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
                           s->s3->client_random, SSL3_RANDOM_SIZE,
                           s->s3->server_random, SSL3_RANDOM_SIZE,
@@ -1004,7 +854,7 @@ int tls1_final_finish_mac(SSL *s,
         }
     }
 
-    if (!tls1_PRF(ssl_get_algorithm2(s),
+    if (!private_tls1_PRF(ssl_get_algorithm2(s),
                   str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
                   s->session->master_key, s->session->master_key_length,
                   out, buf2, sizeof(buf2)))
@@ -1177,7 +1027,7 @@ int tls1_generate_master_secret(SSL *s,
     }
 #endif
 
-    tls1_PRF(ssl_get_algorithm2(s),
+    private_tls1_PRF(ssl_get_algorithm2(s),
              TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
              s->s3->client_random, SSL3_RANDOM_SIZE,
              co, col,
@@ -1286,7 +1136,7 @@ int tls1_export_keying_material(SSL *s,
                TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
         goto err1;
 
-    rv = tls1_PRF(ssl_get_algorithm2(s),
+    rv = private_tls1_PRF(ssl_get_algorithm2(s),
                   val, vallen,
                   NULL, 0,
                   NULL, 0,
Index: openssl-1.0.2p/ssl/ssl_ciph.c
===================================================================
--- openssl-1.0.2p.orig/ssl/ssl_ciph.c	2020-12-08 14:20:21.298368058 +0100
+++ openssl-1.0.2p/ssl/ssl_ciph.c	2020-12-08 14:20:23.058378604 +0100
@@ -188,10 +188,8 @@ static STACK_OF(SSL_COMP) *ssl_comp_meth
  * in the ssl_locl.h
  */
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL
-};
 
+extern const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
 /*
  * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
  * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
@@ -202,9 +200,7 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_ID
     EVP_PKEY_HMAC, EVP_PKEY_HMAC
 };
 
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-    0, 0, 0, 0, 0, 0
-};
+extern int ssl_mac_secret_size[SSL_MD_NUM_IDX];
 
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
     SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,

Places

File openssl-kdf-tls-selftest.patch of Package openssl-1_0_0.35258

Places