forked from rpms/openssl
		
	Enforce using EMS in FIPS mode - better alerts
Related: rhbz#2157951
This commit is contained in:
		
							parent
							
								
									05bbcc9920
								
							
						
					
					
						commit
						032dc0839c
					
				| @ -417,3 +417,57 @@ diff -up openssl-3.0.7/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt.xxx op | ||||
|  KDF = TLS1-PRF | ||||
|  Ctrl.digest = digest:SHA256 | ||||
|  Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf | ||||
| diff -up openssl-3.0.7/ssl/t1_enc.c.noems openssl-3.0.7/ssl/t1_enc.c
 | ||||
| --- openssl-3.0.7/ssl/t1_enc.c.noems	2023-05-05 11:15:57.934415272 +0200
 | ||||
| +++ openssl-3.0.7/ssl/t1_enc.c	2023-05-05 11:39:03.578163778 +0200
 | ||||
| @@ -20,6 +20,7 @@
 | ||||
|  #include <openssl/obj_mac.h> | ||||
|  #include <openssl/core_names.h> | ||||
|  #include <openssl/trace.h> | ||||
| +#include <openssl/fips.h>
 | ||||
|   | ||||
|  /* seed1 through seed5 are concatenated */ | ||||
|  static int tls1_PRF(SSL *s, | ||||
| @@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s,
 | ||||
|      } | ||||
|   | ||||
|   err: | ||||
| -    if (fatal)
 | ||||
| -        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
 | ||||
| +    if (fatal) {
 | ||||
| +        /* The calls to this function are local so it's safe to implement the check */
 | ||||
| +        if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
 | ||||
| +            && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
 | ||||
| +            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
 | ||||
| +	else
 | ||||
| +            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
 | ||||
| +    }
 | ||||
|      else | ||||
|          ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); | ||||
|      EVP_KDF_CTX_free(kctx); | ||||
| diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/statem/extensions_srvr.c
 | ||||
| --- openssl-3.0.7/ssl/statem/extensions_srvr.c.noems	2023-05-05 17:14:04.663800271 +0200
 | ||||
| +++ openssl-3.0.7/ssl/statem/extensions_srvr.c	2023-05-05 17:20:33.764599507 +0200
 | ||||
| @@ -11,6 +11,7 @@
 | ||||
|  #include "../ssl_local.h" | ||||
|  #include "statem_local.h" | ||||
|  #include "internal/cryptlib.h" | ||||
| +#include <openssl/fips.h>
 | ||||
|   | ||||
|  #define COOKIE_STATE_FORMAT_VERSION     1 | ||||
|   | ||||
| @@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s
 | ||||
|  EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, | ||||
|                                    X509 *x, size_t chainidx) | ||||
|  { | ||||
| -    if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
 | ||||
| +    if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
 | ||||
| +        if (FIPS_mode()) {
 | ||||
| +            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
 | ||||
| +            return EXT_RETURN_FAIL;
 | ||||
| +        }
 | ||||
|          return EXT_RETURN_NOT_SENT; | ||||
| +    }
 | ||||
|   | ||||
|      if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) | ||||
|              || !WPACKET_put_bytes_u16(pkt, 0)) { | ||||
|  | ||||
| @ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) | ||||
| Summary: Utilities from the general purpose cryptography library with TLS implementation | ||||
| Name: openssl | ||||
| Version: 3.0.7 | ||||
| Release: 16%{?dist} | ||||
| Release: 17%{?dist} | ||||
| Epoch: 1 | ||||
| # We have to remove certain patented algorithms from the openssl source | ||||
| # tarball with the hobble-openssl script which is included below. | ||||
| @ -515,6 +515,10 @@ install -m644 %{SOURCE9} \ | ||||
| %ldconfig_scriptlets libs | ||||
| 
 | ||||
| %changelog | ||||
| * Tue May 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-17 | ||||
| - Enforce using EMS in FIPS mode - better alerts | ||||
|   Related: rhbz#2157951 | ||||
| 
 | ||||
| * Tue May 02 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-16 | ||||
| - Upload new upstream sources without manually hobbling them. | ||||
| - Remove the hobbling script as it is redundant. It is now allowed to ship | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user