jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Adding changes to patch files from source-git sync

Browse Source 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2023-07-31 10:04:55 +02:00
parent 9409bc7044
commit 1eb7adc383
25 changed files with 1863 additions and 2527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0004-Override-default-paths-for-the-CA-directory-tree.patch
View File

@ -1,21 +1,21 @@
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:17:26 +0200
Subject: Override default paths for the CA directory tree
From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 04/35]
0004-Override-default-paths-for-the-CA-directory-tree.patch
Also add default section to load crypto-policies configuration
for TLS.
It needs to be reverted before running tests.
(was openssl-1.1.1-conf-paths.patch)
Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch
Patch-id: 4
Patch-status: |
# Override default paths for the CA directory tree
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/CA.pl.in | 2 +-
apps/openssl.cnf | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
apps/openssl.cnf | 13 +++++++++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c0afb96716..d6a5fabd16 100644
index f029470005..729f104a7e 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
@ -27,10 +27,11 @@ index c0afb96716..d6a5fabd16 100644
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 8141ab20cd..3956235fda 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
@ -39,7 +40,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
# List of providers to load
[provider_sect]
@@ -64,6 +66,13 @@ default = default_sect
@@ -71,6 +73,13 @@ default = default_sect
[default_sect]
# activate = 1
@ -53,7 +54,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
####################################################################
[ ca ]
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c
@@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
@ -62,7 +63,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
@ -71,3 +72,6 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
--
2.41.0

154
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -1,25 +1,30 @@
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 10:16:46 +0200
Subject: Add support for PROFILE=SYSTEM system default cipherlist
From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 07/35]
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
(was openssl-1.1.1-system-cipherlist.patch)
Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch-id: 7
Patch-status: |
# Add support for PROFILE=SYSTEM system default cipherlist
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
Configurations/unix-Makefile.tmpl | 5 ++
Configure | 10 +++-
Configure | 11 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++----
ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 +
util/libcrypto.num | 1 +
8 files changed, 110 insertions(+), 14 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 9f369edf0e..c52389f831 100644
index f29cdc7f38..c0df026de3 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
@ -30,7 +35,7 @@ index 9f369edf0e..c52389f831 100644
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
@ -38,11 +43,54 @@ index 9f369edf0e..c52389f831 100644
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff --git a/Configure b/Configure
index 456995240b..93be83be94 100755
--- a/Configure
+++ b/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -387,6 +391,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -989,6 +994,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index b4ed3e51d5..2122e6bdfd 100644
index 658730ec53..04e66bcebe 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@ -59,10 +107,10 @@ index b4ed3e51d5..2122e6bdfd 100644
"High" encryption cipher suites. This currently means those with key lengths
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index f9a61609e4..c6f95fed3f 100644
index f03f52fbd8..0b6de603e2 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -209,6 +209,11 @@ extern "C" {
@@ -208,6 +208,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
@ -75,10 +123,10 @@ index f9a61609e4..c6f95fed3f 100644
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b1d3f7919e..f7cc7fed48 100644
index 93de9cf8fd..a5e60e8839 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret;
}
@ -132,7 +180,7 @@ index b1d3f7919e..f7cc7fed48 100644
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
@ -153,14 +201,14 @@ index b1d3f7919e..f7cc7fed48 100644
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ goto err;
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
- return NULL;
+ goto err;
/*
* To reduce the work to do we only want to process the compiled
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
@ -169,7 +217,7 @@ index b1d3f7919e..f7cc7fed48 100644
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@ -179,7 +227,7 @@ index b1d3f7919e..f7cc7fed48 100644
}
/*
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
@ -190,7 +238,7 @@ index b1d3f7919e..f7cc7fed48 100644
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
@ -200,7 +248,7 @@ index b1d3f7919e..f7cc7fed48 100644
}
/*
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@ -216,7 +264,7 @@ index b1d3f7919e..f7cc7fed48 100644
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack;
return cipherstack;
@ -232,10 +280,10 @@ index b1d3f7919e..f7cc7fed48 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..48d491219a 100644
index f12ad6d034..a059bcd83b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
@ -244,7 +292,7 @@ index d14d5819ba..48d491219a 100644
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
@ -254,10 +302,10 @@ index d14d5819ba..48d491219a 100644
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 380f0727fc..6922a87c30 100644
index 2d166e2b46..4ff2aa12d6 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -244,7 +244,9 @@ end:
@@ -246,7 +246,9 @@ end:
int setup_tests(void)
{
@ -268,56 +316,14 @@ index 380f0727fc..6922a87c30 100644
ADD_TEST(test_default_cipherlist_clear);
return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 404a706fab..e81fa9ec3e 100644
index 406392a7d9..9cb8a4dda2 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
@@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--
2.26.2
2.41.0
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -385,6 +389,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -987,6 +992,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";

40
0008-Add-FIPS_mode-compatibility-macro.patch
View File

@ -1,20 +1,22 @@
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 26 Nov 2020 14:00:16 +0100
Subject: Add FIPS_mode() compatibility macro
From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
The macro calls EVP_default_properties_is_fips_enabled() on the
default context.
Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch-id: 8
Patch-status: |
# Add FIPS_mode() compatibility macro
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
include/openssl/crypto.h.in | 1 +
include/openssl/fips.h | 25 +++++++++++++++++++++++++
test/property_test.c | 13 +++++++++++++
3 files changed, 39 insertions(+)
include/openssl/fips.h | 26 ++++++++++++++++++++++++++
test/property_test.c | 14 ++++++++++++++
2 files changed, 40 insertions(+)
create mode 100644 include/openssl/fips.h
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
new file mode 100644
index 0000000000..c64f0f8e8f
index 0000000000..4162cbf88e
--- /dev/null
+++ b/include/openssl/fips.h
@@ -0,0 +1,26 @@
@ -44,13 +46,14 @@ index 0000000000..c64f0f8e8f
+}
+# endif
+#endif
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
@@ -488,6 +488,19 @@ static int test_property_list_to_string(
diff --git a/test/property_test.c b/test/property_test.c
index 45b1db3e85..8894c1c1cb 100644
--- a/test/property_test.c
+++ b/test/property_test.c
@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i)
return ret;
}
+#include <openssl/fips.h>
+static int test_downstream_FIPS_mode(void)
+{
@ -67,7 +70,7 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1
int setup_tests(void)
{
ADD_TEST(test_property_string);
@@ -500,6 +512,7 @@ int setup_tests(void)
@@ -690,6 +703,7 @@ int setup_tests(void)
ADD_TEST(test_property);
ADD_TEST(test_query_cache_stochastic);
ADD_TEST(test_fips_mode);
@ -75,3 +78,6 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
return 1;
}
--
2.41.0

38
0009-Add-Kernel-FIPS-mode-flag-support.patch
View File

@ -1,7 +1,23 @@
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
@@ -12,6 +12,41 @@
From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-id: 9
Patch-status: |
# Add check to see if fips flag is enabled in kernel
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++
include/internal/provider.h | 3 +++
2 files changed, 39 insertions(+)
diff --git a/crypto/context.c b/crypto/context.c
index e294ea1512..51002ba79a 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -16,6 +16,41 @@
#include "internal/provider.h"
#include "crypto/context.h"
@ -43,7 +59,7 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock, *rand_crngt_lock;
OSSL_EX_DATA_GLOBAL global;
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
@@ -336,6 +371,7 @@ static int default_context_inited = 0;
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
@ -51,10 +67,11 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
goto err;
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 18937f84c7..1446bf7afb 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
const OSSL_DISPATCH *in);
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
@ -64,3 +81,6 @@ diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/incl
# ifdef __cplusplus
}
# endif
--
2.41.0

85
0010-Add-changes-to-ectest-and-eccurve.patch
View File

@ -1,10 +1,29 @@
diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
--- ./crypto/ec/ec_curve.c.remove-ec 2023-03-13 16:50:09.278933578 +0100
+++ ./crypto/ec/ec_curve.c 2023-03-21 12:38:57.696531941 +0100
@@ -32,38 +32,6 @@ typedef struct {
From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-id: 10
Patch-status: |
# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# that new modifications made to these files by upstream are not lost.
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_curve.c | 844 -------------------------------------------
test/ectest.c | 174 +--------
2 files changed, 8 insertions(+), 1010 deletions(-)
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index b5b2f3342d..d32a768fe6 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -30,38 +30,6 @@ typedef struct {
} EC_CURVE_DATA;
/* the nist prime curves */
static const struct {
EC_CURVE_DATA h;
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 24 * 6];
-} _EC_NIST_PRIME_192 = {
- {
@ -35,11 +54,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 28 * 6];
} _EC_NIST_PRIME_224 = {
{
@@ -200,187 +168,6 @@ static const struct {
}
};
@ -228,10 +245,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 32 * 6];
@@ -423,294 +210,6 @@ static const struct {
@@ -421,294 +208,6 @@ static const struct {
#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct {
EC_CURVE_DATA h;
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 14 * 6];
-} _EC_SECG_PRIME_112R1 = {
- {
@ -518,11 +537,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
} _EC_SECG_PRIME_256K1 = {
{
@@ -745,102 +244,6 @@ static const struct {
}
};
@ -626,10 +643,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
#endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M
@@ -2238,198 +1641,6 @@ static const struct {
@@ -2236,198 +1639,6 @@ static const struct {
*/
#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 20 * 6];
-} _EC_brainpoolP160r1 = {
- {
@ -820,12 +839,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
} _EC_brainpoolP256r1 = {
{
@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[
@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = {
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
@ -834,7 +851,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[
@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = {
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
@ -860,7 +877,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[
@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = {
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
@ -879,7 +896,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[
@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = {
{NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
"X9.62 curve over a 163 bit binary field"},
# endif
@ -902,7 +919,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
# ifndef OPENSSL_NO_EC2M
/* IPSec curves */
{NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[
@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = {
"\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
# endif
/* brainpool curves */
@ -921,9 +938,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
"RFC 5639 curve over a 256 bit prime field"},
{NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
diff -up ./test/ectest.c.remove-ec ./test/ectest.c
--- ./test/ectest.c.remove-ec 2023-03-13 18:39:30.544642912 +0100
+++ ./test/ectest.c 2023-03-20 07:27:26.403212965 +0100
diff --git a/test/ectest.c b/test/ectest.c
index afef85b0e6..4890b0555e 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -175,184 +175,26 @@ static int prime_field_tests(void)
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
@ -1125,3 +1143,6 @@ diff -up ./test/ectest.c.remove-ec ./test/ectest.c
ADD_ALL_TESTS(cardinality_test, crv_len);
ADD_TEST(prime_field_tests);
#ifndef OPENSSL_NO_EC2M
--
2.41.0

76
0011-Remove-EC-curves.patch
View File

@ -1,7 +1,26 @@
diff -up ./apps/speed.c.ec-curves ./apps/speed.c
--- ./apps/speed.c.ec-curves 2023-03-14 04:44:12.545437892 +0100
+++ ./apps/speed.c 2023-03-14 04:48:28.606729067 +0100
@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1];
From e65f698d59fc71300d3e49492f9ef899b7209e5f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 11/35] 0011-Remove-EC-curves.patch
Patch-name: 0011-Remove-EC-curves.patch
Patch-id: 11
Patch-status: |
# remove unsupported EC curves
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/speed.c | 8 +---
crypto/evp/ec_support.c | 76 ------------------------------------
test/acvp_test.inc | 9 -----
test/ecdsatest.h | 17 --------
test/recipes/15-test_genec.t | 27 -------------
5 files changed, 1 insertion(+), 136 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index cace25eda1..d527f12f18 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_DH */
enum ec_curves_t {
@ -10,7 +29,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
#ifndef OPENSSL_NO_EC2M
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
@@ -376,8 +376,6 @@ enum ec_curves_t {
@@ -395,8 +395,6 @@ enum ec_curves_t {
};
/* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
@ -19,7 +38,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384},
@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS
@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
/* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = {
@ -28,7 +47,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384},
@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv)
@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv)
*/
static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */
@ -37,9 +56,10 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384},
diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
--- ./crypto/evp/ec_support.c.ec-curves 2023-03-14 06:22:41.542310442 +0100
+++ ./crypto/evp/ec_support.c 2023-03-21 11:24:18.378451683 +0100
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
index 1ec10143d2..8fe774140f 100644
--- a/crypto/evp/ec_support.c
+++ b/crypto/evp/ec_support.c
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
static const EC_NAME2NID curve_list[] = {
/* prime field curves */
@ -130,7 +150,7 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
{"brainpoolP256r1", NID_brainpoolP256r1 },
{"brainpoolP256t1", NID_brainpoolP256t1 },
{"brainpoolP320r1", NID_brainpoolP320r1 },
@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] =
@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = {
{"brainpoolP384t1", NID_brainpoolP384t1 },
{"brainpoolP512r1", NID_brainpoolP512r1 },
{"brainpoolP512t1", NID_brainpoolP512t1 },
@ -139,13 +159,15 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
};
const char *OSSL_EC_curve_nid2name(int nid)
diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc
--- ./test/acvp_test.inc.ec-curves 2023-03-14 06:38:20.563712586 +0100
+++ ./test/acvp_test.inc 2023-03-14 06:39:01.631080059 +0100
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
index ad11d3ae1e..894a0bff9d 100644
--- a/test/acvp_test.inc
+++ b/test/acvp_test.inc
@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
0xB1, 0xAC,
};
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
{
- {
- "SHA-1",
- "P-192",
- ITM(ecdsa_sigver_msg0),
@ -154,13 +176,13 @@ diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc
- ITM(ecdsa_sigver_s0),
- PASS,
- },
- {
{
"SHA2-512",
"P-521",
ITM(ecdsa_sigver_msg1),
diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h
--- ./test/ecdsatest.h.ec-curves 2023-03-14 04:49:16.148154472 +0100
+++ ./test/ecdsatest.h 2023-03-14 04:51:01.376096037 +0100
diff --git a/test/ecdsatest.h b/test/ecdsatest.h
index 63fe319025..06b5c0aac5 100644
--- a/test/ecdsatest.h
+++ b/test/ecdsatest.h
@@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t;
@ -185,10 +207,11 @@ diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h
/* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t
--- ./test/recipes/15-test_genec.t.ec-curves 2023-03-14 04:51:45.215488277 +0100
+++ ./test/recipes/15-test_genec.t 2023-03-21 11:26:58.613885435 +0100
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
index 2dfed387ca..c733b68f83 100644
--- a/test/recipes/15-test_genec.t
+++ b/test/recipes/15-test_genec.t
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec");
my @prime_curves = qw(
@ -234,3 +257,6 @@ diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t
P-224
P-256
P-384
--
2.41.0

245
0012-Disable-explicit-ec.patch
View File

@ -1,7 +1,27 @@
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **
From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch
Patch-name: 0012-Disable-explicit-ec.patch
Patch-id: 12
Patch-status: |
# Disable explicit EC curves
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_asn1.c | 11 ++++++++++
crypto/ec/ec_lib.c | 6 +++++
test/ectest.c | 22 ++++++++++---------
test/endecode_test.c | 20 ++++++++---------
.../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
5 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 7a0b35a594..d19d57344e 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
group->decoded_from_explicit_params = 1;
@ -14,7 +34,7 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
if (a) {
EC_GROUP_free(*a);
*a = group;
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
goto err;
}
@ -26,10 +46,11 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
ret->version = priv_key->version;
if (priv_key->privateKey) {
diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c
--- openssl-3.0.9/crypto/ec/ec_lib.c.noec 2023-07-27 10:32:52.870910095 +0200
+++ openssl-3.0.9/crypto/ec/ec_lib.c 2023-07-27 10:35:18.029151181 +0200
@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index a84e088c19..6c37bf78ae 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err;
}
if (named_group == group) {
@ -41,7 +62,7 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c
/*
* If we did not find a named group then the encoding should be explicit
* if it was specified
@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const
@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
@ -49,104 +70,11 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c
} else {
EC_GROUP_free(group);
group = named_group;
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL;
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
static OSSL_PARAM_BLD *bld_prime = NULL;
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
# ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
@@ -1346,7 +1346,7 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
@@ -1389,8 +1389,8 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
@@ -1427,7 +1427,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
# ifndef OPENSSL_NO_EC2M
@@ -1449,7 +1449,7 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----
-PrivateKey = EC_EXPLICIT
------BEGIN PRIVATE KEY-----
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
------END PRIVATE KEY-----
-
PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
--- openssl-3.0.9/test/ectest.c.noec 2023-07-27 11:30:24.078979261 +0200
+++ openssl-3.0.9/test/ectest.c 2023-07-27 11:35:12.335576107 +0200
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromd
diff --git a/test/ectest.c b/test/ectest.c
index 4890b0555e..e11aec5b3b 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
@ -160,7 +88,7 @@ diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
/*- Check that all the set values are retrievable -*/
/* There should be no match to a group name since the generator changed */
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromd
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
#endif
)
goto err;
@ -206,3 +134,102 @@ diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
ret = 1;
err:
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 14648287eb..9a437d8c64 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL;
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
static OSSL_PARAM_BLD *bld_prime = NULL;
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
# ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
@@ -1352,7 +1352,7 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
@@ -1380,7 +1380,7 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
@@ -1423,8 +1423,8 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
@@ -1461,7 +1461,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
# ifndef OPENSSL_NO_EC2M
@@ -1483,7 +1483,7 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index ec3c032aba..584ecee0eb 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----
-PrivateKey = EC_EXPLICIT
------BEGIN PRIVATE KEY-----
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
------END PRIVATE KEY-----
-
PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
--
2.41.0

46
0013-skipped-tests-EC-curves.patch
View File

@ -1,7 +1,24 @@
diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t
--- ./test/recipes/15-test_ec.t.skip-tests 2023-03-14 13:42:38.865508269 +0100
+++ ./test/recipes/15-test_ec.t 2023-03-14 13:43:36.237021635 +0100
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key
From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch
Patch-name: 0013-skipped-tests-EC-curves.patch
Patch-id: 13
Patch-status: |
# Skipped tests from former 0011-Remove-EC-curves.patch
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
test/recipes/15-test_ec.t | 2 +-
test/recipes/65-test_cmp_protect.t | 2 +-
test/recipes/65-test_cmp_vfy.t | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 0638d626e7..c0efd77649 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub {
subtest 'Check loading of fips and non-fips keys' => sub {
plan skip_all => "FIPS is disabled"
@ -10,10 +27,11 @@ diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t
plan tests => 2;
diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_cmp_protect.t
--- ./test/recipes/65-test_cmp_protect.t.skip-tests 2023-03-14 10:13:11.342056559 +0100
+++ ./test/recipes/65-test_cmp_protect.t 2023-03-14 10:14:42.643873496 +0100
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
index 631603df7c..4cb2ffebbc 100644
--- a/test/recipes/65-test_cmp_protect.t
+++ b/test/recipes/65-test_cmp_protect.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
plan skip_all => "This test is not supported in a shared library build on Windows"
if $^O eq 'MSWin32' && !disabled("shared");
@ -22,10 +40,11 @@ diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_
my @basic_cmd = ("cmp_protect_test",
data_file("server.pem"),
diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_vfy.t
--- ./test/recipes/65-test_cmp_vfy.t.skip-tests 2023-03-14 10:13:38.106296042 +0100
+++ ./test/recipes/65-test_cmp_vfy.t 2023-03-14 10:16:56.496071178 +0100
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
index f722800e27..26a01786bb 100644
--- a/test/recipes/65-test_cmp_vfy.t
+++ b/test/recipes/65-test_cmp_vfy.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec");
@ -34,3 +53,6 @@ diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_
my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"),
--
2.41.0

52
0024-load-legacy-prov.patch
View File

@ -1,6 +1,22 @@
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 14/35] 0024-load-legacy-prov.patch
Patch-name: 0024-load-legacy-prov.patch
Patch-id: 24
Patch-status: |
# Instructions to load legacy provider in openssl.cnf
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/openssl.cnf | 37 +++++++++++++++----------------------
doc/man5/config.pod | 8 ++++++++
2 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 3956235fda..bddb6bc029 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
@ -19,11 +35,6 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
ssl_conf = ssl_module
-# List of providers to load
-[provider_sect]
-default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
+# Uncomment the sections that start with ## below to enable the legacy provider.
+# Loading the legacy provider enables support for the following algorithms:
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
@ -32,7 +43,13 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
+# In general it is not recommended to use the above mentioned algorithms for
+# security critical operations, as they are cryptographically weak or vulnerable
+# to side-channel attacks and as such have been deprecated.
+
[provider_sect]
default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
-
-# If no providers are activated explicitly, the default one is activated implicitly.
-# See man 7 OSSL_PROVIDER-default for more details.
-#
@ -41,13 +58,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
-# becomes unavailable in openssl. As a consequence applications depending on
-# OpenSSL may not work correctly which could lead to significant system
-# problems including inability to remotely access the system.
-[default_sect]
-# activate = 1
+[provider_sect]
+default = default_sect
+##legacy = legacy_sect
+##
+[default_sect]
[default_sect]
-# activate = 1
+activate = 1
+
+##[legacy_sect]
@ -55,9 +69,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
[ ssl_module ]
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 8d312c661f..714a10437b 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -273,6 +273,14 @@ significant.
All parameters in the section as well as sub-sections are made
available to the provider.
@ -73,3 +88,6 @@ diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/co
=head3 Default provider and its activation
If no providers are activated explicitly, the default one is activated implicitly.
--
2.41.0

28
0032-Force-fips.patch
View File

@ -1,6 +1,21 @@
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
From 8c6dffe2347fc801a2b285d79dd99b8739414bc3 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 16/35] 0032-Force-fips.patch
Patch-name: 0032-Force-fips.patch
Patch-id: 32
Patch-status: |
# We load FIPS provider and set FIPS properties implicitly
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/provider_conf.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 058fb58837..ad0b29c954 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -10,6 +10,7 @@
#include <string.h>
#include <openssl/trace.h>
@ -9,7 +24,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
#include <openssl/conf.h>
#include <openssl/safestack.h>
#include <openssl/provider.h>
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
@@ -169,7 +170,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
if (path != NULL)
ossl_provider_set_module_path(prov, path);
@ -18,7 +33,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) {
@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU
@@ -309,6 +310,16 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
return 0;
}
@ -35,3 +50,6 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
return 1;
}
--
2.41.0

131
0033-FIPS-embed-hmac.patch
View File

@ -1,7 +1,30 @@
diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
From 538665f6c210f876bf2733afe63460b36f2c9929 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 17/35] 0033-FIPS-embed-hmac.patch
Patch-name: 0033-FIPS-embed-hmac.patch
Patch-id: 33
Patch-status: |
# Embed HMAC into the fips.so
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/fips/self_test.c | 69 ++++++++++++++++++++++++---
test/fipsmodule.cnf | 2 +
test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
test/recipes/01-test_fipsmodule_cnf.t | 2 +-
test/recipes/03-test_fipsinstall.t | 2 +-
test/recipes/30-test_defltfips.t | 2 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_sslapi.t | 2 +-
8 files changed, 70 insertions(+), 13 deletions(-)
create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 10804d9f59..ef56002854 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -231,11 +231,27 @@ err:
return ok;
}
@ -29,7 +52,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI
@@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@ -53,7 +76,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL)
goto err;
@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI
@@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err;
@ -61,12 +84,12 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
if (status != 1)
break;
if (!EVP_MAC_update(ctx, buf, bytes_read))
goto err;
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
}
+ }
+
+ if (off + INTEGRITY_BUF_SIZE > paddr) {
+ int delta = paddr - off;
@ -88,17 +111,17 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
+
+ while (bytes_read > 0) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
if (status != 1)
break;
if (!EVP_MAC_update(ctx, buf, bytes_read))
goto err;
+ off += bytes_read;
+ }
}
+
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err;
@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -349,8 +405,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
CRYPTO_THREAD_unlock(fips_state_lock);
}
@ -108,7 +131,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -359,8 +414,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
@ -120,7 +143,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -434,7 +490,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
end:
EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
@ -128,10 +151,19 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
OPENSSL_free(indicator_checksum);
if (st != NULL) {
diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t
--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100
@@ -20,7 +20,7 @@
diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf
new file mode 100644
index 0000000000..f05d0dedbe
--- /dev/null
+++ b/test/fipsmodule.cnf
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1
diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t
index 4e3a6d85e8..e8255ba974 100644
--- a/test/recipes/00-prep_fipsmodule_cnf.t
+++ b/test/recipes/00-prep_fipsmodule_cnf.t
@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@ -140,10 +172,11 @@ diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/
plan skip_all => "FIPS module config file only supported in a fips build"
if $no_check;
diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100
@@ -23,7 +23,7 @@
diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t
index ce594817d5..00cebacff8 100644
--- a/test/recipes/01-test_fipsmodule_cnf.t
+++ b/test/recipes/01-test_fipsmodule_cnf.t
@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@ -152,10 +185,11 @@ diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/
plan skip_all => "Test only supported in a fips build"
if $no_check;
plan tests => 1;
diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t
--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100
@@ -22,7 +22,7 @@
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index b8b136d110..8242f4ebc3 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@ -164,10 +198,11 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes
# Compatible options for pedantic FIPS compliance
my @pedantic_okay =
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
@@ -21,7 +21,7 @@
diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
index 426bd660d1..6dc514936b 100644
--- a/test/recipes/30-test_defltfips.t
+++ b/test/recipes/30-test_defltfips.t
@@ -21,7 +21,7 @@ BEGIN {
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
@ -176,10 +211,11 @@ diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/
plan tests =>
($no_fips ? 1 : 5);
diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t
--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100
@@ -23,7 +23,7 @@
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 0c6d6402d9..e45f9cb560 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -27,7 +27,7 @@ setup("test_ssl_new");
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
@ -188,10 +224,11 @@ diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/re
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t
--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100
+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100
@@ -18,7 +18,7 @@
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index 9e9e32b51e..1a1a7159b5 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -17,7 +17,7 @@ setup("test_sslapi");
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
@ -200,8 +237,6 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec
my $fipsmodcfg_filename = "fipsmodule.cnf";
my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1
--
2.41.0

344
0034.fipsinstall_disable.patch
View File

@ -1,7 +1,27 @@
diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100
+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100
@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar
From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch
Patch-name: 0034.fipsinstall_disable.patch
Patch-id: 34
Patch-status: |
# Comment out fipsinstall command-line utility
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/fipsinstall.c | 3 +
doc/man1/openssl-fipsinstall.pod.in | 272 +---------------------------
doc/man1/openssl.pod | 4 -
doc/man5/config.pod | 1 -
doc/man5/fips_config.pod | 104 +----------
doc/man7/OSSL_PROVIDER-FIPS.pod | 1 -
6 files changed, 10 insertions(+), 375 deletions(-)
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index e1ef645b60..db92cb5fb2 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv)
EVP_MAC *mac = NULL;
CONF *conf = NULL;
@ -11,160 +31,11 @@ diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod
--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100
+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100
@@ -158,10 +158,6 @@ Engine (loadable module) information and
Error Number to Error String Conversion.
-=item B<fipsinstall>
-
-FIPS configuration installation.
-
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100
+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100
@@ -573,7 +573,6 @@ configuration files using that syntax wi
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
-L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod
--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100
+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
-is used to hold information about the FIPS module. This includes a digest
-of the shared library file, and status about the self-testing.
-This data is used automatically by the module itself for two
-purposes:
-
-=over 4
-
-=item - Run the startup FIPS self-test known answer tests (KATS).
-
-This is normally done once, at installation time, but may also be set up to
-run each time the module is used.
-
-=item - Verify the module's checksum.
-
-This is done each time the module is used.
-
-=back
-
-This file is generated by the L<openssl-fipsinstall(1)> program, and
-used internally by the FIPS module during its initialization.
-
-The following options are supported. They should all appear in a section
-whose name is identified by the B<fips> option in the B<providers>
-section, as described in L<config(5)/Provider Configuration Module>.
-
-=over 4
-
-=item B<activate>
-
-If present, the module is activated. The value assigned to this name is not
-significant.
-
-=item B<install-version>
-
-A version number for the fips install process. Should be 1.
-
-=item B<conditional-errors>
-
-The FIPS module normally enters an internal error mode if any self test fails.
-Once this error mode is active, no services or cryptographic algorithms are
-accessible from this point on.
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
-generation, or the CRNG output test).
-Setting this value to C<0> allows the error mode to not be triggered if any
-continuous test fails. The default value of C<1> will trigger the error mode.
-Regardless of the value, the operation (e.g., key generation) that called the
-continuous test will return an error code if its continuous test fails. The
-operation may then be retried if the error mode has not been triggered.
-
-=item B<security-checks>
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
-are not performed and FIPS compliance must be done by procedures documented in
-the relevant Security Policy.
-
-=item B<module-mac>
-
-The calculated MAC of the FIPS provider file.
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
-For example:
-
- [fips_sect]
- activate = 1
- install-version = 1
- conditional-errors = 1
- security-checks = 1
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
- install-status = INSTALL_SELF_TEST_KATS_RUN
-
-=head1 NOTES
-
-When using the FIPS provider, it is recommended that the
-B<config_diagnostics> option is enabled to prevent accidental use of
-non-FIPS validated algorithms via broken or mistaken configuration.
-See L<config(5)>.
-
-=head1 SEE ALSO
-
-L<config(5)>
-L<openssl-fipsinstall(1)>
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
+automatically loaded when the system is booted in FIPS mode, or when the
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+for more information.
=head1 HISTORY
diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100
+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100
@@ -388,7 +388,6 @@ A simple self test callback is shown bel
=head1 SEE ALSO
-L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index b1768b7f91..b6b00e27d8 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation
=head1 SYNOPSIS
B<openssl fipsinstall>
@ -443,3 +314,160 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
=head1 COPYRIGHT
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index d9c22a580f..d5ec3b9a6a 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation.
Error Number to Error String Conversion.
-=item B<fipsinstall>
-
-FIPS configuration installation.
-
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 714a10437b..bd05736220 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified.
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
-L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 2255464304..1c15e32a5c 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
-is used to hold information about the FIPS module. This includes a digest
-of the shared library file, and status about the self-testing.
-This data is used automatically by the module itself for two
-purposes:
-
-=over 4
-
-=item - Run the startup FIPS self-test known answer tests (KATS).
-
-This is normally done once, at installation time, but may also be set up to
-run each time the module is used.
-
-=item - Verify the module's checksum.
-
-This is done each time the module is used.
-
-=back
-
-This file is generated by the L<openssl-fipsinstall(1)> program, and
-used internally by the FIPS module during its initialization.
-
-The following options are supported. They should all appear in a section
-whose name is identified by the B<fips> option in the B<providers>
-section, as described in L<config(5)/Provider Configuration Module>.
-
-=over 4
-
-=item B<activate>
-
-If present, the module is activated. The value assigned to this name is not
-significant.
-
-=item B<install-version>
-
-A version number for the fips install process. Should be 1.
-
-=item B<conditional-errors>
-
-The FIPS module normally enters an internal error mode if any self test fails.
-Once this error mode is active, no services or cryptographic algorithms are
-accessible from this point on.
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
-generation, or the CRNG output test).
-Setting this value to C<0> allows the error mode to not be triggered if any
-continuous test fails. The default value of C<1> will trigger the error mode.
-Regardless of the value, the operation (e.g., key generation) that called the
-continuous test will return an error code if its continuous test fails. The
-operation may then be retried if the error mode has not been triggered.
-
-=item B<security-checks>
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
-are not performed and FIPS compliance must be done by procedures documented in
-the relevant Security Policy.
-
-=item B<module-mac>
-
-The calculated MAC of the FIPS provider file.
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
-For example:
-
- [fips_sect]
- activate = 1
- install-version = 1
- conditional-errors = 1
- security-checks = 1
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
- install-status = INSTALL_SELF_TEST_KATS_RUN
-
-=head1 NOTES
-
-When using the FIPS provider, it is recommended that the
-B<config_diagnostics> option is enabled to prevent accidental use of
-non-FIPS validated algorithms via broken or mistaken configuration.
-See L<config(5)>.
-
-=head1 SEE ALSO
-
-L<config(5)>
-L<openssl-fipsinstall(1)>
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
+automatically loaded when the system is booted in FIPS mode, or when the
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+for more information.
=head1 HISTORY
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 4f908888ba..ef00247770 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are:
=head1 SEE ALSO
-L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
--
2.41.0

26
0035-speed-skip-unavailable-dgst.patch
View File

@ -1,7 +1,22 @@
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch
Patch-name: 0035-speed-skip-unavailable-dgst.patch
Patch-id: 35
Patch-status: |
# Skip unavailable algorithms running `openssl speed`
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/speed.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/speed.c b/apps/speed.c
index d527f12f18..2ff3eb53bd 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args)
for (count = 0; COND(c[algindex][testnum]); count++) {
size_t outl;
@ -11,3 +26,6 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
--
2.41.0

101
0044-FIPS-140-3-keychecks.patch
View File

@ -1,7 +1,24 @@
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
From bdf751d87be5dfb3164264ebcdbc0c0374d3eabf Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 20/35] 0044-FIPS-140-3-keychecks.patch
Patch-name: 0044-FIPS-140-3-keychecks.patch
Patch-id: 44
Patch-status: |
# Extra public/private key checks required by FIPS-140-3
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/dh/dh_key.c | 28 ++++++++++++
crypto/rsa/rsa_gen.c | 44 ++++++++-----------
.../implementations/exchange/ecdh_exch.c | 19 ++++++++
3 files changed, 65 insertions(+), 26 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4e9705beef..cb9e641f54 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *z = NULL, *pminus1;
int ret = -1;
@ -11,7 +28,7 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
return 0;
}
@ -59,39 +76,10 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
dh->dirty_cnt++;
ok = 1;
err:
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
}
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
+#ifdef FIPS_MODULE
+ {
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
+ int check = 0;
+
+ if (bn_ctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
+ BN_CTX_free(bn_ctx);
+
+ if (check <= 0) {
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
+ goto end;
+ }
+ }
+#endif
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index e0d139d312..de9cedb64b 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -23,6 +23,7 @@
#include <time.h>
#include "internal/cryptlib.h"
@ -100,7 +88,7 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
#include <openssl/self_test.h>
#include "prov/providercommon.h"
#include "rsa_local.h"
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
@@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
{
int ret = 0;
@ -128,13 +116,13 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
- ciphertxt_len = RSA_size(rsa);
+ signature_len = RSA_size(rsa);
- /*
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
- * parameter to be a maximum of RSA_size() - allocate space for both.
- */
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
- if (ciphertxt == NULL)
+ signature_len = RSA_size(rsa);
+ signature = OPENSSL_zalloc(signature_len);
+ if (signature == NULL)
goto err;
@ -170,3 +158,36 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
return ret;
}
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 43caedb6df..73873f9758 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
}
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
+#ifdef FIPS_MODULE
+ {
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
+ int check = 0;
+
+ if (bn_ctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
+ BN_CTX_free(bn_ctx);
+
+ if (check <= 0) {
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
+ goto end;
+ }
+ }
+#endif
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
--
2.41.0

1075
0045-FIPS-services-minimize.patch
View File

File diff suppressed because it is too large Load Diff

34
0047-FIPS-early-KATS.patch
View File

@ -1,7 +1,22 @@
diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c
--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100
+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100
@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
Patch-name: 0047-FIPS-early-KATS.patch
Patch-id: 47
Patch-status: |
# Execute KATS before HMAC verification
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/fips/self_test.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index ef56002854..062d9df84a 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
@ -18,11 +33,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
kats_already_passed = 1;
@@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
}
}
-
- /*
- * Only runs the KAT's during installation OR on_demand().
- * NOTE: If the installation option 'self_test_onload' is chosen then this
@ -34,6 +48,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
- goto end;
- }
- }
-
/* Verify that the RNG has been restored properly */
testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
if (testrand == NULL
--
2.41.0

544
0049-Selectively-disallow-SHA1-signatures.patch
View File

@ -1,544 +0,0 @@
From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 17 Aug 2022 12:56:29 -0400
Subject: [PATCH] Selectively disallow SHA1 signatures
For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is
disabling SHA1 signatures. Introduce a new configuration option in the
alg_section named 'rh-allow-sha1-signatures'. This option defaults to
false. If set to false (or unset), any signature creation or
verification operations that involve SHA1 as digest will fail.
This also affects TLS, where the signature_algorithms extension of any
ClientHello message sent by OpenSSL will no longer include signatures
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
that request a client certificate, the same also applies for
CertificateRequest messages sent by them.
For signatures created using the EVP_PKEY API, this is a best-effort
check that will deny signatures in cases where the digest algorithm is
known. This means, for example, that that following steps will still
work:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
whereas these will not:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
This happens because in the first case, OpenSSL's signature
implementation does not know that it is signing a SHA1 hash (it could be
signing arbitrary data).
Resolves: rhbz#2031742
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
crypto/context.c | 14 ++++
crypto/evp/evp_cnf.c | 13 ++++
crypto/evp/m_sigver.c | 71 +++++++++++++++++++
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 11 +++
include/crypto/context.h | 3 +
include/internal/cryptlib.h | 3 +-
include/internal/sslconf.h | 4 ++
providers/common/securitycheck.c | 20 ++++++
providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
.../implementations/signature/ecdsa_sig.c | 4 ++
providers/implementations/signature/rsa_sig.c | 20 +++++-
ssl/t1_lib.c | 8 +++
util/libcrypto.num | 2 +
15 files changed, 199 insertions(+), 9 deletions(-)
diff --git a/crypto/context.c b/crypto/context.c
index e294ea1512..ab6abf44ab 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
void *fips_prov;
#endif
+ void *legacy_digest_signatures;
+
unsigned int ischild:1;
};
@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
goto err;
#endif
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
+ if (ctx->legacy_digest_signatures == NULL)
+ goto err;
+
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
}
#endif
+ if (ctx->legacy_digest_signatures != NULL) {
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
+ ctx->legacy_digest_signatures = NULL;
+ }
+
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
return ctx->fips_prov;
#endif
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
+ return ctx->legacy_digest_signatures;
+
default:
return NULL;
}
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
+#include "internal/sslconf.h"
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
return 0;
}
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
+ int m;
+
+ /* Detailed error already reported. */
+ if (!X509V3_get_value_bool(oval, &m))
+ return 0;
+
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+ return 0;
+ }
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 630d339c35..06028b082e 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -15,6 +15,65 @@
#include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
+#include "crypto/context.h"
+
+typedef struct ossl_legacy_digest_signatures_st {
+ int allowed;
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
+
+ if (ldsigs != NULL) {
+ OPENSSL_free(ldsigs);
+ }
+}
+
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+{
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+}
+
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
+ OSSL_LIB_CTX *libctx, int loadconfig)
+{
+#ifndef FIPS_MODULE
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
+ return NULL;
+#endif
+
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+#ifndef FIPS_MODULE
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
+ /* used in tests */
+ return 1;
+#endif
+
+ return ldsigs != NULL ? ldsigs->allowed : 0;
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+ if (ldsigs == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ ldsigs->allowed = allow;
+ return 1;
+}
#ifndef FIPS_MODULE
@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
+ if (ctx->reqdigest != NULL
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ goto err;
+ }
+ }
+
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index ce6e1a1ccb..003926247b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
#include "internal/provider.h"
+#include "internal/sslconf.h"
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && md != NULL
+ && ctx->pkey != NULL
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ return -1;
+ }
+ }
+
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 8d312c661f..e5a88d11aa 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning:
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
+=item B<rh-allow-sha1-signatures>
+
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
+it behaves as if it was set to B<no>.
+
+When set to B<no>, any attempt to create or verify a signature with a SHA1
+digest will fail. For compatibility with older versions of OpenSSL, set this
+option to B<yes>. This setting also affects TLS, where signature algorithms
+that use SHA1 as digest will no longer be supported if this option is set to
+B<no>.
+
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/include/crypto/context.h b/include/crypto/context.h
index cc06c71be8..e9f74a414d 100644
--- a/include/crypto/context.h
+++ b/include/crypto/context.h
@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
void ossl_thread_event_ctx_free(void *);
void ossl_fips_prov_ossl_ctx_free(void *);
void ossl_release_default_drbg_ctx(void);
+
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
+void ossl_ctx_legacy_digest_signatures_free(void *);
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index ac50eb3bbd..3b115cc7df 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
index fd7f7e3331..05464b0655 100644
--- a/include/internal/sslconf.h
+++ b/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
+/* Methods to support disabling all signatures with legacy digests */
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 699ada7c52..e534ad0a5f 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
+#include "internal/sslconf.h"
/*
* FIPS requires a minimum security strength of 112 bits (for encryption or
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
mdnid = -1; /* disallowed by security checks */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ /* SHA1 is globally disabled, check whether we want to locally allow
+ * it. */
+ if (mdnid == NID_sha1 && !sha1_allowed)
+ mdnid = -1;
+#endif
+
return mdnid;
}
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
if (ossl_securitycheck_enabled(ctx))
return ossl_digest_get_approved_nid(md) != NID_undef;
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ return 0;
+ }
+#endif
+
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
index 246323493e..2ca7a59f39 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
#include "internal/nelem.h"
+#include "internal/sslconf.h"
/* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
}
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- ossl_unused int sha1_allowed)
+ int sha1_allowed)
{
int mdnid;
+ int ldsigs_allowed;
static const OSSL_ITEM name_to_nid[] = {
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
if (mdnid == NID_undef)
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
+ mdnid = -1;
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 70d0ea5d24..3c482e0181 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
+ int md_nid;
size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+ sha1_allowed);
if (md == NULL || md_nid < 0) {
if (md == NULL)
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 865d49d100..99b228e82c 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
"%s could not be fetched", mdname);
return 0;
}
+#ifdef FIPS_MODULE
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ sha1_allowed = 0;
+#endif
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index cd5de6bd51..25a51df878 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -25,6 +25,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "internal/sslconf.h"
#include "crypto/rsa.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@@ -33,6 +34,7 @@
#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+ int md_nid;
+ size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
sha1_allowed);
- size_t mdname_len = strlen(mdname);
if (md == NULL
|| md_nid <= 0
@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
- && pad_mode == RSA_PKCS1_PSS_PADDING)
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
pmdname = RSA_DEFAULT_DIGEST_NAME;
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
+ }
+#endif
+ }
+
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e6f4bcc045..8bc550ea5b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
+ int ldsigs_allowed;
if (cache == NULL || tmpkey == NULL)
goto err;
ERR_set_mark();
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && !ldsigs_allowed) {
+ cache[i].enabled = 0;
+ continue;
+ }
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9cb8a4dda2..feb660d030 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
2.40.1

207
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
View File

@ -1,207 +0,0 @@
From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures =
yes
References: rhbz#2055796
---
crypto/x509/x509_vfy.c | 19 ++++++++++-
doc/man5/config.pod | 7 +++-
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++-------
test/recipes/25-test_verify.t | 7 ++--
4 files changed, 79 insertions(+), 18 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index d19efeaa99..451fa10bf2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
#include "internal/dane.h"
+#include "internal/sslconf.h"
#include "crypto/x509.h"
#include "x509_local.h"
@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
int secbits = -1;
int level = ctx->param->auth_level;
+ int nid;
+ OSSL_LIB_CTX *libctx = NULL;
if (level <= 0)
return 1;
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ if (ctx->libctx)
+ libctx = ctx->libctx;
+ else if (cert->libctx)
+ libctx = cert->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
return 0;
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ctx->param->auth_level < 3)
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
return secbits >= minbits_table[level - 1];
}
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index e5a88d11aa..2d5649f90b 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
digest will fail. For compatibility with older versions of OpenSSL, set this
option to B<yes>. This setting also affects TLS, where signature algorithms
that use SHA1 as digest will no longer be supported if this option is set to
-B<no>.
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
+algorithms that use SHA1 in security level 2, despite the definition of
+security level 2 of 112 bits of security, which SHA1 does not meet. Because
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
+newer.
=item B<fips_mode> (deprecated)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8bc550ea5b..a9d21a6a96 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "crypto/x509.h"
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
- /*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
- sigalgstr[0] = (sig >> 8) & 0xff;
- sigalgstr[1] = sig & 0xff;
- secbits = sigalg_security_bits(s->ctx, lu);
- if (secbits == 0 ||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
- (void *)sigalgstr)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0;
+
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ } else {
+ /*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+ sigalgstr[0] = (sig >> 8) & 0xff;
+ sigalgstr[1] = sig & 0xff;
+ secbits = sigalg_security_bits(s->ctx, lu);
+ if (secbits == 0 ||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
}
}
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ return 1;
+ }
+
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
+ OSSL_LIB_CTX *libctx = NULL;
+
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
+
+ if (x && x->libctx)
+ libctx = x->libctx;
+ else if (ctx && ctx->libctx)
+ libctx = ctx->libctx;
+ else if (s && s->ctx && s->ctx->libctx)
+ libctx = s->ctx->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ((s != NULL && SSL_get_security_level(s) < 3)
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3)
+ ))
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
if (s)
return ssl_security(s, op, secbits, nid, x);
else
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index f69af793e4..a7481254e1 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 175;
+plan tests => 174;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
- "Reject PSS signature using SHA1 and auth level 1");
+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1
+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+# "Reject PSS signature using SHA1 and auth level 1");
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");
--
2.40.1

64
0056-strcasecmp.patch
View File

@ -1,17 +1,26 @@
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
From 8545e0c4c38934fda47b701043dd5ce89c99fe81 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 25/35] 0056-strcasecmp.patch
Patch-name: 0056-strcasecmp.patch
Patch-id: 56
Patch-status: |
# https://github.com/openssl/openssl/pull/18103
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
# so the patch should persist
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/o_str.c | 14 ++++++++++++--
test/recipes/01-test_symbol_presence.t | 1 +
util/libcrypto.num | 2 ++
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 3354ce0927..95b9538471 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
#endif
}
@ -25,7 +34,7 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
{
int t;
@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
@@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
return t;
}
@ -39,10 +48,11 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
{
int t;
size_t i;
diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100
+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100
@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 5530ade0ad..238a8d762e 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -77,6 +77,7 @@ foreach my $libname (@libnames) {
s| .*||;
# Drop OpenSSL dynamic version information if there is any
s|\@\@.+$||;
@ -50,3 +60,19 @@ diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/
# Return the result
$_
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index feb660d030..639074c5d0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5435,6 +5435,8 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
2.41.0

203
0058-FIPS-limit-rsa-encrypt.patch
View File

@ -1,6 +1,27 @@
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200
From 7a6ade7947ceea6ca367afa0427f61a9505e37a5 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 26/35] 0058-FIPS-limit-rsa-encrypt.patch
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
Patch-id: 58
Patch-status: |
# https://github.com/openssl/openssl/pull/18175
# Patch57: 0057-strcasecmp-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/common/securitycheck.c | 1 +
.../implementations/asymciphers/rsa_enc.c | 35 +++++++++++
.../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++-
test/recipes/80-test_cms.t | 5 +-
test/recipes/80-test_ssl_old.t | 27 +++++++--
5 files changed, 118 insertions(+), 8 deletions(-)
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index e534ad0a5f..c017c658e5 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -27,6 +27,7 @@
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
@ -9,10 +30,11 @@ diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/pro
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
{
int protect = 0;
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index d865968058..9cd8904131 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
}
@ -30,7 +52,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in, size_t inlen)
{
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running())
return 0;
@ -49,7 +71,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
if (out == NULL) {
size_t len = RSA_size(prsactx->rsa);
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u
@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running())
return 0;
@ -68,75 +90,11 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -865,5 +865,8 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
+ return "$tnam: skipped, Red Hat FIPS\n"
+ if ($tnam =~ /no Red Hat FIPS/);
+
return "";
}
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
@@ -483,6 +483,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %redhat_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -494,11 +506,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher",
- $cipher,
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
}
next if $protocol eq "-tls1_3";
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200
@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
index 8680797b90..95d5d51102 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# RSA decrypt
@ -152,7 +110,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
Output = "Hello World"
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN
@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
h90qjKHS9PvY4Q==
-----END PRIVATE KEY-----
@ -195,7 +153,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64
@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
eG2e4XlBcKjI6A==
-----END PRIVATE KEY-----
@ -238,7 +196,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W
@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
Ya4qnqZe1onjY5o=
-----END PRIVATE KEY-----
@ -281,7 +239,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/
@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
aD0x7TDrmEvkEro=
-----END PRIVATE KEY-----
@ -324,7 +282,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/
@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
MSwGUGLx60i3nRyDyw==
-----END PRIVATE KEY-----
@ -367,7 +325,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq
@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
Yejn5Ly8mU2q+jBcRQ==
-----END PRIVATE KEY-----
@ -410,7 +368,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4
@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
FMlxv0gq65dqc3DC
-----END PRIVATE KEY-----
@ -453,7 +411,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E
@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
2MiPa249Z+lh3Luj0A==
-----END PRIVATE KEY-----
@ -496,7 +454,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc
@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
tKo5Eb69iFQvBb4=
-----END PRIVATE KEY-----
@ -539,3 +497,74 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index cbec426137..9ba7fbeed2 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -1022,6 +1022,9 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
+ return "$tnam: skipped, Red Hat FIPS\n"
+ if ($tnam =~ /no Red Hat FIPS/);
+
return "";
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index e2dcb68fb5..0775112b40 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -493,6 +493,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %redhat_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -504,11 +516,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher",
- $cipher,
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
}
next if $protocol eq "-tls1_3";
--
2.41.0

89
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
View File

@ -1,39 +1,22 @@
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 22 Jul 2022 13:59:37 +0200
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 29/35]
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Review by our lab for FIPS 140-3 certification expects the RSA
encryption and decryption tests to use a supported padding mode, not raw
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
a known-answer test, a comparison test, or a fault-detection test.
Comparison tests are not an option, because they would require
a separate implementation of RSA-OAEP, which we do not have. Fault
detection tests require implementing fault detection mechanisms into the
cryptographic algorithm implementation, we we also do not have.
As a consequence, a known-answer test must be used to test RSA
encryption and decryption, but RSA encryption with OAEP padding is not
deterministic, and thus encryption will always yield different results
that could not be compared to known answers. For this reason, this
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
which is the source of randomness for RSA-OAEP, to a fixed value. This
setting is only available during self-test execution, and the parameter
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch-id: 73
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/rsa/rsa_local.h | 8 ++
crypto/rsa/rsa_oaep.c | 34 ++++++--
include/openssl/core_names.h | 3 +
providers/fips/self_test_data.inc | 83 +++++++++++--------
providers/fips/self_test_data.inc | 79 ++++++++++---------
providers/fips/self_test_kats.c | 7 ++
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++-
6 files changed, 133 insertions(+), 43 deletions(-)
.../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
6 files changed, 128 insertions(+), 44 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ea70da05ad..dde57a1a0e 100644
@ -119,10 +102,10 @@ index d9be1a4f98..b2f7f7dc4b 100644
const unsigned char *from, int flen,
const unsigned char *param, int plen,
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 59a6e79566..11216fb8f8 100644
index 5e3c132f5b..c0cce14297 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -469,6 +469,9 @@ extern "C" {
@@ -471,6 +471,9 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
@ -133,32 +116,26 @@ index 59a6e79566..11216fb8f8 100644
/*
* Encoder / decoder parameters
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 4e30ec56dd..0103c87528 100644
index e0fdc0daa4..aa2012c04a 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
ST_KAT_PARAM_END()
@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
};
-/*-
/*-
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
- * HP/UX PA-RISC compilers.
- */
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
-
+/*-
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
+ * HP/UX PA-RISC compilers.
+ */
* ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
* HP/UX PA-RISC compilers.
*/
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
+static const char oaep_fixed_seed[] = {
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
+ 0x2e, 0x4b, 0x2c, 0xe6
+};
+
static const ST_KAT_PARAM rsa_enc_params[] = {
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
@ -167,7 +144,7 @@ index 4e30ec56dd..0103c87528 100644
ST_KAT_PARAM_END()
};
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = {
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
};
@ -245,10 +222,10 @@ index 4e30ec56dd..0103c87528 100644
#ifndef OPENSSL_NO_EC
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 064794d9bf..b6d5e8e134 100644
index 74ee25dcb6..a9bc8be7fa 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
@ -271,7 +248,7 @@ index 064794d9bf..b6d5e8e134 100644
}
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 00cf65fcd6..83be3d8ede 100644
index 9cd8904131..40de5ce8fa 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -30,6 +30,9 @@
@ -294,7 +271,7 @@ index 00cf65fcd6..83be3d8ede 100644
} PROV_RSA_CTX;
static void *rsa_newctx(void *provctx)
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
}
}
ret =
@ -318,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644
if (!ret) {
OPENSSL_free(tbuf);
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx)
EVP_MD_free(prsactx->oaep_md);
EVP_MD_free(prsactx->mgf1_md);
OPENSSL_free(prsactx->oaep_label);
@ -328,7 +305,7 @@ index 00cf65fcd6..83be3d8ede 100644
OPENSSL_free(prsactx);
}
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@ -338,7 +315,7 @@ index 00cf65fcd6..83be3d8ede 100644
OSSL_PARAM_END
};
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
return known_gettable_ctx_params;
}
@ -349,7 +326,7 @@ index 00cf65fcd6..83be3d8ede 100644
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->oaep_labellen = tmp_labellen;
}
@ -369,5 +346,5 @@ index 00cf65fcd6..83be3d8ede 100644
if (p != NULL) {
unsigned int client_version;
--
2.37.1
2.41.0

312
0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
View File

@ -1,312 +0,0 @@
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 15 Jul 2022 17:45:40 +0200
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
In review for FIPS 140-3, the lack of a self-test for the digest_sign
and digest_verify provider functions was highlighted as a problem. NIST
no longer provides ACVP tests for the RSA SigVer primitive (see
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
recommends the use of functions that compute the digest and signature
within the module, we have been advised in our module review that the
self tests should also use the combined digest and signature APIs, i.e.
the digest_sign and digest_verify provider functions.
Modify the signature self-test to use these instead by switching to
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
2 files changed, 56 insertions(+), 24 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index db1a1d7bc3..c94c3c53bd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
return 0;
}
+#endif /* !defined(FIPS_MODULE) */
/*
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
+#ifndef FIPS_MODULE
else
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+#endif /* !defined(FIPS_MODULE) */
}
if (ctx->pctx == NULL)
return 0;
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
ERR_set_mark();
+#ifndef FIPS_MODULE
if (evp_pkey_ctx_is_legacy(locpctx))
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
/* do not reinitialize if pkey is set or operation is different */
if (reinit
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
signature =
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
supported_sig, locpctx->propquery);
+#ifndef FIPS_MODULE
if (signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
break;
}
if (signature == NULL)
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+#ifndef FIPS_MODULE
} else {
/* legacy engine support : remove the mark when this is deleted */
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
+#endif /* !defined(FIPS_MODULE) */
}
(void)ERR_pop_to_mark();
}
}
+#ifndef FIPS_MODULE
if (ctx->reqdigest != NULL
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
goto err;
}
}
+#endif /* !defined(FIPS_MODULE) */
if (ver) {
if (signature->digest_verify_init == NULL) {
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
EVP_KEYMGMT_free(tmp_keymgmt);
return 0;
+#ifndef FIPS_MODULE
legacy:
/*
* If we don't have the full support we need with provided methods,
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->pctx->flag_call_digest_custom = 1;
ret = 1;
+#endif /* !defined(FIPS_MODULE) */
end:
#ifndef FIPS_MODULE
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
NULL);
}
-#endif /* FIPS_MDOE */
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
return EVP_DigestUpdate(ctx, data, dsize);
}
-#ifndef FIPS_MODULE
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
- int sctx = 0, r = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ int r = 0;
+#ifndef FIPS_MODULE
+ int sctx = 0;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
sigret, siglen,
*siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
}
}
return 1;
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
- unsigned char md[EVP_MAX_MD_SIZE];
int r = 0;
+#ifndef FIPS_MODULE
+ unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
int vctx = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
sig, siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* !defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
if (vctx || !r)
return r;
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODULE */
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
+ EVP_MD *md = NULL;
+ EVP_MD_CTX *ctx = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
BN_CTX *bnctx = NULL;
+ const char *msg = "Hello World!";
+ unsigned char sig[256];
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
- /* Create a EVP_PKEY_CTX to use for the signing operation */
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (sctx == NULL
- || EVP_PKEY_sign_init(sctx) <= 0)
- goto err;
-
- /* set signature parameters */
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
- t->mdalgorithm,
- strlen(t->mdalgorithm) + 1))
- goto err;
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
+ * parameters and sign */
params_sig = OSSL_PARAM_BLD_to_param(bld);
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
+ ctx = EVP_MD_CTX_new();
+ if (md == NULL || ctx == NULL)
+ goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
+ || EVP_MD_CTX_reset(ctx) <= 0)
goto err;
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
+ /* sctx is not freed automatically inside the FIPS module */
+ EVP_PKEY_CTX_free(sctx);
+ sctx = NULL;
+
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(kctx);
+ EVP_MD_free(md);
+ EVP_MD_CTX_free(ctx);
+ /* sctx is not freed automatically inside the FIPS module */
EVP_PKEY_CTX_free(sctx);
+ EVP_PKEY_CTX_free(kctx);
OSSL_PARAM_free(params);
OSSL_PARAM_free(params_sig);
OSSL_PARAM_BLD_free(bld);
--
2.37.1

131
0076-FIPS-140-3-DRBG.patch
View File

@ -1,6 +1,76 @@
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200
From 4b59d71e276243615d8fcc65bab32d83e6a602ad Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:29 +0200
Subject: [PATCH 32/35] 0076-FIPS-140-3-DRBG.patch
Patch-name: 0076-FIPS-140-3-DRBG.patch
Patch-id: 76
Patch-status: |
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/rand/prov_seed.c | 9 ++-
providers/implementations/rands/crngt.c | 6 +-
providers/implementations/rands/drbg.c | 3 +
.../implementations/rands/seeding/rand_unix.c | 64 ++-----------------
4 files changed, 20 insertions(+), 62 deletions(-)
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
index 96c499c957..61c4cd8779 100644
--- a/crypto/rand/prov_seed.c
+++ b/crypto/rand/prov_seed.c
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle,
size_t entropy_available;
RAND_POOL *pool;
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+ /*
+ * OpenSSL still implements an internal entropy pool of
+ * some size that is hashed to get seed data.
+ * Note that this is a conditioning step for which SP800-90C requires
+ * 64 additional bits from the entropy source to claim the requested
+ * amount of entropy.
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
index fa4a2db14a..1f13fc759e 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
*/
- bytes_needed = (entropy + 7) / 8;
+ /*
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
+ * + 128 bits during initial seeding
+ */
+ bytes_needed = (entropy + 128 + 7) / 8;
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index ea55363bf8..423bb91157 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance,
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index cd02a0236d..98c917b6d8 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -48,6 +48,8 @@
# include <fcntl.h>
# include <unistd.h>
@ -9,8 +79,8 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
+# include <openssl/evp.h>
static uint64_t get_time_stamp(void);
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
@@ -341,66 +343,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
*/
@ -79,51 +149,6 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
}
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused
size_t entropy_available;
RAND_POOL *pool;
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+ /*
+ * OpenSSL still implements an internal entropy pool of
+ * some size that is hashed to get seed data.
+ * Note that this is a conditioning step for which SP800-90C requires
+ * 64 additional bits from the entropy source to claim the requested
+ * amount of entropy.
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
*/
- bytes_needed = (entropy + 7) / 8;
+ /*
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
+ * + 128 bits during initial seeding
+ */
+ bytes_needed = (entropy + 128 + 7) / 8;
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)
--
2.41.0

146
0077-FIPS-140-3-zeroization.patch
View File

@ -1,63 +1,26 @@
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:29 +0200
Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch
Patch-name: 0077-FIPS-140-3-zeroization.patch
Patch-id: 77
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_lib.c | 4 ++++
crypto/ffc/ffc_params.c | 8 ++++----
crypto/rsa/rsa_lib.c | 4 ++--
providers/implementations/kdfs/hkdf.c | 2 +-
providers/implementations/kdfs/pbkdf2.c | 2 +-
5 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6c37bf78ae..cfbc3c3c1d 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
void EC_POINT_free(EC_POINT *point)
{
@ -74,3 +37,66 @@ diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_li
}
void EC_POINT_clear_free(EC_POINT *point)
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 3536efd1ad..f3c164b8fc 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 9588a75964..76b4aac6fc 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index daa619b8af..5304baa6c9 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 5c3e7b95ce..349c3dd657 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx)
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
--
2.41.0

175
openssl.spec
View File

@ -40,103 +40,84 @@ Source7: renew-dummy-cert
Source9: configuration-switch.h
Source10: configuration-prefix.h
Source14: 0025-for-tests.patch
# Patches exported from source git
# Aarch64 and ppc64le use lib64
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
# Use more general default values in openssl.cnf
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
# Do not install html docs
Patch3: 0003-Do-not-install-html-docs.patch
# Override default paths for the CA directory tree
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
# apps/ca: fix md option help text
Patch5: 0005-apps-ca-fix-md-option-help-text.patch
# Disable signature verification with totally unsafe hash algorithms
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
# Add support for PROFILE=SYSTEM system default cipherlist
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
# Add FIPS_mode() compatibility macro
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
# Add check to see if fips flag is enabled in kernel
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# that new modifications made to these files by upstream are not lost.
Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
# remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
# Disable explicit EC curves
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
Patch12: 0012-Disable-explicit-ec.patch
#Skipped tests from former 0011-Remove-EC-curves.patch
Patch13: 0013-skipped-tests-EC-curves.patch
# Instructions to load legacy provider in openssl.cnf
Patch24: 0024-load-legacy-prov.patch
# Tmp: test name change
Patch31: 0031-tmp-Fix-test-names.patch
# We load FIPS provider and set FIPS properties implicitly
Patch32: 0032-Force-fips.patch
# Embed HMAC into the fips.so
Patch33: 0033-FIPS-embed-hmac.patch
# Comment out fipsinstall command-line utility
Patch34: 0034.fipsinstall_disable.patch
# Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch
# Extra public/private key checks required by FIPS-140-3
Patch44: 0044-FIPS-140-3-keychecks.patch
# Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
# Execute KATS before HMAC verification
Patch47: 0047-FIPS-early-KATS.patch
%if 0%{?rhel}
# Selectively disallow SHA1 signatures
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
%else
# Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
%endif
%if 0%{?rhel}
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
%else
# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
%endif
%if 0%{?rhel}
# no USDT probe instrumentation required
%else
# Instrument with USDT probes related to SHA-1 deprecation
#Patch53: 0053-Add-SHA1-probes.patch
%endif
# https://github.com/openssl/openssl/pull/18103
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
# so the patch should persist
Patch56: 0056-strcasecmp.patch
# https://github.com/openssl/openssl/pull/18175
# Patch57: 0057-strcasecmp-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
%if 0%{?rhel}
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
%else
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
%endif
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
# https://github.com/openssl/openssl/pull/13817
# # Patches exported from source git
# # Aarch64 and ppc64le use lib64
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
# # Use more general default values in openssl.cnf
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
# # Do not install html docs
Patch3: 0003-Do-not-install-html-docs.patch
# # Override default paths for the CA directory tree
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
# # apps/ca: fix md option help text
Patch5: 0005-apps-ca-fix-md-option-help-text.patch
# # Disable signature verification with totally unsafe hash algorithms
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
# # Add support for PROFILE=SYSTEM system default cipherlist
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
# # Add FIPS_mode() compatibility macro
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
# # Add check to see if fips flag is enabled in kernel
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# # that new modifications made to these files by upstream are not lost.
Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
# # remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
# # Disable explicit EC curves
# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
Patch12: 0012-Disable-explicit-ec.patch
# # Skipped tests from former 0011-Remove-EC-curves.patch
Patch13: 0013-skipped-tests-EC-curves.patch
# # Instructions to load legacy provider in openssl.cnf
Patch24: 0024-load-legacy-prov.patch
# # Tmp: test name change
Patch31: 0031-tmp-Fix-test-names.patch
# # We load FIPS provider and set FIPS properties implicitly
Patch32: 0032-Force-fips.patch
# # Embed HMAC into the fips.so
Patch33: 0033-FIPS-embed-hmac.patch
# # Comment out fipsinstall command-line utility
Patch34: 0034.fipsinstall_disable.patch
# # Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch
# # Extra public/private key checks required by FIPS-140-3
Patch44: 0044-FIPS-140-3-keychecks.patch
# # Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
# # Execute KATS before HMAC verification
Patch47: 0047-FIPS-early-KATS.patch
# # Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
# # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
# # https://github.com/openssl/openssl/pull/18103
# # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
# # so the patch should persist
Patch56: 0056-strcasecmp.patch
# # https://github.com/openssl/openssl/pull/18175
# # Patch57: 0057-strcasecmp-fix.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
# 0062-fips-Expose-a-FIPS-indicator.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# [PATCH 30/35]
# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
# # https://github.com/openssl/openssl/pull/13817
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
License: ASL 2.0