forked from rpms/openssl
Add missing patchfile, fix gettable params
Add the patchfile that was committed but not referenced in the spec file. Fix the patch to apply on openssl 3.0.7 and fix the gettable FIPS indicator parameter for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
1bd49c394a
commit
1bd2a0cee3
@ -29,10 +29,10 @@ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 832502a034..e15d208421 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -469,6 +469,7 @@ extern "C" {
|
||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
||||
@@ -477,6 +477,7 @@ extern "C" {
|
||||
#ifdef FIPS_MODULE
|
||||
#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
||||
#endif
|
||||
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||
|
||||
/*
|
||||
@ -99,16 +99,14 @@ index 568452ec56..0a9adb4056 100644
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -410,6 +438,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
NULL, 0),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||
@@ -465,6 +493,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
#ifdef FIPS_MODULE
|
||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||
+ OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
#endif /* FIPS_MODULE */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
||||
index 882cf16125..b4cc0f9237 100644
|
||||
--- a/providers/implementations/kem/rsa_kem.c
|
||||
@ -120,8 +118,7 @@ index 882cf16125..b4cc0f9237 100644
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM *p;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
|
||||
- return ctx != NULL;
|
||||
+
|
||||
+ if (ctx == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
@ -143,7 +140,8 @@ index 882cf16125..b4cc0f9237 100644
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
|
||||
- return ctx != NULL;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
|
10
openssl.spec
10
openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.7
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -175,6 +175,8 @@ Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2175145
|
||||
Patch111: 0111-fips-Use-salt-16-bytes-in-PBKDF2-selftest.patch
|
||||
Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2179331
|
||||
Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
||||
|
||||
License: ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -505,6 +507,12 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11
|
||||
- Add missing reference to patchfile to add explicit FIPS indicator to RSA
|
||||
encryption and RSASVE and fix the gettable parameter list for the RSA
|
||||
asymmetric cipher implementation.
|
||||
Resolves: rhbz#2179379
|
||||
|
||||
* Fri Mar 17 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-10
|
||||
- Add explicit FIPS indicator to RSA encryption and RSASVE
|
||||
Resolves: rhbz#2179379
|
||||
|
Loading…
Reference in New Issue
Block a user