jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Adding changes to patch files from source-git sync

Browse Source 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2023-07-31 10:04:55 +02:00
parent 9409bc7044
commit 1eb7adc383
25 changed files with 1863 additions and 2527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0004-Override-default-paths-for-the-CA-directory-tree.patch
View File

@ -1,21 +1,21 @@
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org> From: rpm-build <rpm-build>
Date: Thu, 24 Sep 2020 09:17:26 +0200 Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: Override default paths for the CA directory tree Subject: [PATCH 04/35]
0004-Override-default-paths-for-the-CA-directory-tree.patch
Also add default section to load crypto-policies configuration Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch
for TLS. Patch-id: 4
Patch-status: |
It needs to be reverted before running tests. # Override default paths for the CA directory tree
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
(was openssl-1.1.1-conf-paths.patch)
--- ---
apps/CA.pl.in | 2 +- apps/CA.pl.in | 2 +-
apps/openssl.cnf | 20 ++++++++++++++++++-- apps/openssl.cnf | 13 +++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-) 2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c0afb96716..d6a5fabd16 100644 index f029470005..729f104a7e 100644
--- a/apps/CA.pl.in --- a/apps/CA.pl.in
+++ b/apps/CA.pl.in +++ b/apps/CA.pl.in
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; @@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
@ -27,10 +27,11 @@ index c0afb96716..d6a5fabd16 100644
my $CAKEY = "cakey.pem"; my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem"; my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem"; my $CACERT = "cacert.pem";
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf diff --git a/apps/openssl.cnf b/apps/openssl.cnf
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 index 8141ab20cd..3956235fda 100644
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 --- a/apps/openssl.cnf
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7 +++ b/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init] [openssl_init]
providers = provider_sect providers = provider_sect
@ -39,7 +40,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
# List of providers to load # List of providers to load
[provider_sect] [provider_sect]
@@ -64,6 +66,13 @@ default = default_sect @@ -71,6 +73,13 @@ default = default_sect
[default_sect] [default_sect]
# activate = 1 # activate = 1
@ -53,7 +54,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
#################################################################### ####################################################################
[ ca ] [ ca ]
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c @@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section
#################################################################### ####################################################################
[ CA_default ] [ CA_default ]
@ -62,7 +63,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
certs = $dir/certs # Where the issued certs are kept certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file. database = $dir/index.txt # database index file.
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default @@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ] [ tsa_config1 ]
# These are used by the TSA reply generation only. # These are used by the TSA reply generation only.
@ -71,3 +72,6 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1
serial = $dir/tsaserial # The current serial number (mandatory) serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate signer_cert = $dir/tsacert.pem # The TSA signing certificate
--
2.41.0

152
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -1,25 +1,30 @@
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org> From: rpm-build <rpm-build>
Date: Thu, 24 Sep 2020 10:16:46 +0200 Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: Add support for PROFILE=SYSTEM system default cipherlist Subject: [PATCH 07/35]
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
(was openssl-1.1.1-system-cipherlist.patch) Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch-id: 7
Patch-status: |
# Add support for PROFILE=SYSTEM system default cipherlist
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
--- ---
Configurations/unix-Makefile.tmpl | 5 ++ Configurations/unix-Makefile.tmpl | 5 ++
Configure | 10 +++- Configure | 11 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++ doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++ include/openssl/ssl.h.in | 5 ++
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++----
ssl/ssl_lib.c | 4 +- ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 + test/cipherlist_test.c | 2 +
util/libcrypto.num | 1 + util/libcrypto.num | 1 +
8 files changed, 110 insertions(+), 14 deletions(-) 8 files changed, 110 insertions(+), 14 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 9f369edf0e..c52389f831 100644 index f29cdc7f38..c0df026de3 100644
--- a/Configurations/unix-Makefile.tmpl --- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html HTMLDIR=$(DOCDIR)/html
@ -30,7 +35,7 @@ index 9f369edf0e..c52389f831 100644
# MANSUFFIX is for the benefit of anyone who may want to have a suffix # MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular, # appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5. # resulting in files such as config.5ssl rather than config.5.
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} @@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ", CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}), (map { "-D".$_} @{$config{CPPDEFINES}}),
@ -38,11 +43,54 @@ index 9f369edf0e..c52389f831 100644
(map { "-I".$_} @{$config{CPPINCLUDES}}), (map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -} @{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff --git a/Configure b/Configure
index 456995240b..93be83be94 100755
--- a/Configure
+++ b/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -387,6 +391,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -989,6 +994,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index b4ed3e51d5..2122e6bdfd 100644 index 658730ec53..04e66bcebe 100644
--- a/doc/man1/openssl-ciphers.pod.in --- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default. @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
The cipher suites not enabled by B<ALL>, currently B<eNULL>. The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@ -59,10 +107,10 @@ index b4ed3e51d5..2122e6bdfd 100644
"High" encryption cipher suites. This currently means those with key lengths "High" encryption cipher suites. This currently means those with key lengths
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index f9a61609e4..c6f95fed3f 100644 index f03f52fbd8..0b6de603e2 100644
--- a/include/openssl/ssl.h.in --- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in
@@ -209,6 +209,11 @@ extern "C" { @@ -208,6 +208,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not * throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.) * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/ */
@ -75,10 +123,10 @@ index f9a61609e4..c6f95fed3f 100644
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1 # define SSL_SENT_SHUTDOWN 1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b1d3f7919e..f7cc7fed48 100644 index 93de9cf8fd..a5e60e8839 100644
--- a/ssl/ssl_ciph.c --- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret; return ret;
} }
@ -132,7 +180,7 @@ index b1d3f7919e..f7cc7fed48 100644
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list, STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL; const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method; const SSL_METHOD *ssl_method = ctx->method;
@ -160,7 +208,7 @@ index b1d3f7919e..f7cc7fed48 100644
/* /*
* To reduce the work to do we only want to process the compiled * To reduce the work to do we only want to process the compiled
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) { if (co_list == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
@ -169,7 +217,7 @@ index b1d3f7919e..f7cc7fed48 100644
} }
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class * in force within each class
*/ */
if (!ssl_cipher_strength_sort(&head, &tail)) { if (!ssl_cipher_strength_sort(&head, &tail)) {
@ -179,7 +227,7 @@ index b1d3f7919e..f7cc7fed48 100644
} }
/* /*
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) { if (ca_list == NULL) {
@ -190,7 +238,7 @@ index b1d3f7919e..f7cc7fed48 100644
} }
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc, disabled_mkey, disabled_auth, disabled_enc,
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
OPENSSL_free(ca_list); /* Not needed anymore */ OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */ if (!ok) { /* Rule processing failure */
@ -200,7 +248,7 @@ index b1d3f7919e..f7cc7fed48 100644
} }
/* /*
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one. * if we cannot get one.
*/ */
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@ -216,7 +264,7 @@ index b1d3f7919e..f7cc7fed48 100644
/* Add TLSv1.3 ciphers first - we always prefer those if possible */ /* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, @@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack; *cipher_list = cipherstack;
return cipherstack; return cipherstack;
@ -232,10 +280,10 @@ index b1d3f7919e..f7cc7fed48 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..48d491219a 100644 index f12ad6d034..a059bcd83b 100644
--- a/ssl/ssl_lib.c --- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) @@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->tls13_ciphersuites, ctx->tls13_ciphersuites,
&(ctx->cipher_list), &(ctx->cipher_list),
&(ctx->cipher_list_by_id), &(ctx->cipher_list_by_id),
@ -244,7 +292,7 @@ index d14d5819ba..48d491219a 100644
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0; return 0;
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, @@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret, if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites, ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
@ -254,10 +302,10 @@ index d14d5819ba..48d491219a 100644
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 380f0727fc..6922a87c30 100644 index 2d166e2b46..4ff2aa12d6 100644
--- a/test/cipherlist_test.c --- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c +++ b/test/cipherlist_test.c
@@ -244,7 +244,9 @@ end: @@ -246,7 +246,9 @@ end:
int setup_tests(void) int setup_tests(void)
{ {
@ -268,56 +316,14 @@ index 380f0727fc..6922a87c30 100644
ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_default_cipherlist_clear);
return 1; return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num diff --git a/util/libcrypto.num b/util/libcrypto.num
index 404a706fab..e81fa9ec3e 100644 index 406392a7d9..9cb8a4dda2 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: @@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
-- --
2.26.2 2.41.0
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -385,6 +389,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -987,6 +992,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";

38
0008-Add-FIPS_mode-compatibility-macro.patch
View File

@ -1,20 +1,22 @@
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org> From: rpm-build <rpm-build>
Date: Thu, 26 Nov 2020 14:00:16 +0100 Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: Add FIPS_mode() compatibility macro Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
The macro calls EVP_default_properties_is_fips_enabled() on the Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
default context. Patch-id: 8
Patch-status: |
# Add FIPS_mode() compatibility macro
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
--- ---
include/openssl/crypto.h.in | 1 + include/openssl/fips.h | 26 ++++++++++++++++++++++++++
include/openssl/fips.h | 25 +++++++++++++++++++++++++ test/property_test.c | 14 ++++++++++++++
test/property_test.c | 13 +++++++++++++ 2 files changed, 40 insertions(+)
3 files changed, 39 insertions(+)
create mode 100644 include/openssl/fips.h create mode 100644 include/openssl/fips.h
diff --git a/include/openssl/fips.h b/include/openssl/fips.h diff --git a/include/openssl/fips.h b/include/openssl/fips.h
new file mode 100644 new file mode 100644
index 0000000000..c64f0f8e8f index 0000000000..4162cbf88e
--- /dev/null --- /dev/null
+++ b/include/openssl/fips.h +++ b/include/openssl/fips.h
@@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
@ -44,10 +46,11 @@ index 0000000000..c64f0f8e8f
+} +}
+# endif +# endif
+#endif +#endif
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c diff --git a/test/property_test.c b/test/property_test.c
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 index 45b1db3e85..8894c1c1cb 100644
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 --- a/test/property_test.c
@@ -488,6 +488,19 @@ static int test_property_list_to_string( +++ b/test/property_test.c
@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i)
return ret; return ret;
} }
@ -67,7 +70,7 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1
int setup_tests(void) int setup_tests(void)
{ {
ADD_TEST(test_property_string); ADD_TEST(test_property_string);
@@ -500,6 +512,7 @@ int setup_tests(void) @@ -690,6 +703,7 @@ int setup_tests(void)
ADD_TEST(test_property); ADD_TEST(test_property);
ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_query_cache_stochastic);
ADD_TEST(test_fips_mode); ADD_TEST(test_fips_mode);
@ -75,3 +78,6 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
return 1; return 1;
} }
--
2.41.0

38
0009-Add-Kernel-FIPS-mode-flag-support.patch
View File

@ -1,7 +1,23 @@
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 Date: Mon, 31 Jul 2023 09:41:27 +0200
@@ -12,6 +12,41 @@ Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-id: 9
Patch-status: |
# Add check to see if fips flag is enabled in kernel
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++
include/internal/provider.h | 3 +++
2 files changed, 39 insertions(+)
diff --git a/crypto/context.c b/crypto/context.c
index e294ea1512..51002ba79a 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -16,6 +16,41 @@
#include "internal/provider.h" #include "internal/provider.h"
#include "crypto/context.h" #include "crypto/context.h"
@ -43,7 +59,7 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
struct ossl_lib_ctx_st { struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock, *rand_crngt_lock; CRYPTO_RWLOCK *lock, *rand_crngt_lock;
OSSL_EX_DATA_GLOBAL global; OSSL_EX_DATA_GLOBAL global;
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte @@ -336,6 +371,7 @@ static int default_context_inited = 0;
DEFINE_RUN_ONCE_STATIC(default_context_do_init) DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{ {
@ -51,10 +67,11 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
goto err; goto err;
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h diff --git a/include/internal/provider.h b/include/internal/provider.h
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 index 18937f84c7..1446bf7afb 100644
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 --- a/include/internal/provider.h
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB +++ b/include/internal/provider.h
@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
const OSSL_DISPATCH *in); const OSSL_DISPATCH *in);
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
@ -64,3 +81,6 @@ diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/incl
# ifdef __cplusplus # ifdef __cplusplus
} }
# endif # endif
--
2.41.0

85
0010-Add-changes-to-ectest-and-eccurve.patch
View File

@ -1,10 +1,29 @@
diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001
--- ./crypto/ec/ec_curve.c.remove-ec 2023-03-13 16:50:09.278933578 +0100 From: rpm-build <rpm-build>
+++ ./crypto/ec/ec_curve.c 2023-03-21 12:38:57.696531941 +0100 Date: Mon, 31 Jul 2023 09:41:27 +0200
@@ -32,38 +32,6 @@ typedef struct { Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-id: 10
Patch-status: |
# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# that new modifications made to these files by upstream are not lost.
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_curve.c | 844 -------------------------------------------
test/ectest.c | 174 +--------
2 files changed, 8 insertions(+), 1010 deletions(-)
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index b5b2f3342d..d32a768fe6 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -30,38 +30,6 @@ typedef struct {
} EC_CURVE_DATA;
/* the nist prime curves */ /* the nist prime curves */
static const struct { -static const struct {
EC_CURVE_DATA h; - EC_CURVE_DATA h;
- unsigned char data[20 + 24 * 6]; - unsigned char data[20 + 24 * 6];
-} _EC_NIST_PRIME_192 = { -} _EC_NIST_PRIME_192 = {
- { - {
@ -35,11 +54,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- } - }
-}; -};
- -
-static const struct { static const struct {
- EC_CURVE_DATA h; EC_CURVE_DATA h;
unsigned char data[20 + 28 * 6]; unsigned char data[20 + 28 * 6];
} _EC_NIST_PRIME_224 = {
{
@@ -200,187 +168,6 @@ static const struct { @@ -200,187 +168,6 @@ static const struct {
} }
}; };
@ -228,10 +245,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
static const struct { static const struct {
EC_CURVE_DATA h; EC_CURVE_DATA h;
unsigned char data[20 + 32 * 6]; unsigned char data[20 + 32 * 6];
@@ -423,294 +210,6 @@ static const struct { @@ -421,294 +208,6 @@ static const struct {
#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */ /* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct { -static const struct {
EC_CURVE_DATA h; - EC_CURVE_DATA h;
- unsigned char data[20 + 14 * 6]; - unsigned char data[20 + 14 * 6];
-} _EC_SECG_PRIME_112R1 = { -} _EC_SECG_PRIME_112R1 = {
- { - {
@ -518,11 +537,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- } - }
-}; -};
- -
-static const struct { static const struct {
- EC_CURVE_DATA h; EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6]; unsigned char data[0 + 32 * 6];
} _EC_SECG_PRIME_256K1 = {
{
@@ -745,102 +244,6 @@ static const struct { @@ -745,102 +244,6 @@ static const struct {
} }
}; };
@ -626,10 +643,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
#endif /* FIPS_MODULE */ #endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M #ifndef OPENSSL_NO_EC2M
@@ -2238,198 +1641,6 @@ static const struct { @@ -2236,198 +1639,6 @@ static const struct {
*/
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
static const struct { -static const struct {
EC_CURVE_DATA h; - EC_CURVE_DATA h;
- unsigned char data[0 + 20 * 6]; - unsigned char data[0 + 20 * 6];
-} _EC_brainpoolP160r1 = { -} _EC_brainpoolP160r1 = {
- { - {
@ -820,12 +839,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
- } - }
-}; -};
- -
-static const struct { static const struct {
- EC_CURVE_DATA h; EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6]; unsigned char data[0 + 32 * 6];
} _EC_brainpoolP256r1 = { @@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = {
{
@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[
"NIST/SECG curve over a 521 bit prime field"}, "NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */ /* X9.62 curves */
@ -834,7 +851,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM) # if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method, EC_GFp_nistz256_method,
@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[ @@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = {
static const ec_list_element curve_list[] = { static const ec_list_element curve_list[] = {
/* prime field curves */ /* prime field curves */
/* secg curves */ /* secg curves */
@ -860,7 +877,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"}, "NIST/SECG curve over a 224 bit prime field"},
@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[ @@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = {
# endif # endif
"NIST/SECG curve over a 521 bit prime field"}, "NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */ /* X9.62 curves */
@ -879,7 +896,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM) # if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method, EC_GFp_nistz256_method,
@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[ @@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = {
{NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
"X9.62 curve over a 163 bit binary field"}, "X9.62 curve over a 163 bit binary field"},
# endif # endif
@ -902,7 +919,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
# ifndef OPENSSL_NO_EC2M # ifndef OPENSSL_NO_EC2M
/* IPSec curves */ /* IPSec curves */
{NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[ @@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = {
"\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
# endif # endif
/* brainpool curves */ /* brainpool curves */
@ -921,9 +938,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c
{NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
"RFC 5639 curve over a 256 bit prime field"}, "RFC 5639 curve over a 256 bit prime field"},
{NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
diff -up ./test/ectest.c.remove-ec ./test/ectest.c diff --git a/test/ectest.c b/test/ectest.c
--- ./test/ectest.c.remove-ec 2023-03-13 18:39:30.544642912 +0100 index afef85b0e6..4890b0555e 100644
+++ ./test/ectest.c 2023-03-20 07:27:26.403212965 +0100 --- a/test/ectest.c
+++ b/test/ectest.c
@@ -175,184 +175,26 @@ static int prime_field_tests(void) @@ -175,184 +175,26 @@ static int prime_field_tests(void)
|| !TEST_ptr(p = BN_new()) || !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new()) || !TEST_ptr(a = BN_new())
@ -1125,3 +1143,6 @@ diff -up ./test/ectest.c.remove-ec ./test/ectest.c
ADD_ALL_TESTS(cardinality_test, crv_len); ADD_ALL_TESTS(cardinality_test, crv_len);
ADD_TEST(prime_field_tests); ADD_TEST(prime_field_tests);
#ifndef OPENSSL_NO_EC2M #ifndef OPENSSL_NO_EC2M
--
2.41.0

76
0011-Remove-EC-curves.patch
View File

@ -1,7 +1,26 @@
diff -up ./apps/speed.c.ec-curves ./apps/speed.c From e65f698d59fc71300d3e49492f9ef899b7209e5f Mon Sep 17 00:00:00 2001
--- ./apps/speed.c.ec-curves 2023-03-14 04:44:12.545437892 +0100 From: rpm-build <rpm-build>
+++ ./apps/speed.c 2023-03-14 04:48:28.606729067 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1]; Subject: [PATCH 11/35] 0011-Remove-EC-curves.patch
Patch-name: 0011-Remove-EC-curves.patch
Patch-id: 11
Patch-status: |
# remove unsupported EC curves
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/speed.c | 8 +---
crypto/evp/ec_support.c | 76 ------------------------------------
test/acvp_test.inc | 9 -----
test/ecdsatest.h | 17 --------
test/recipes/15-test_genec.t | 27 -------------
5 files changed, 1 insertion(+), 136 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index cace25eda1..d527f12f18 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_DH */ #endif /* OPENSSL_NO_DH */
enum ec_curves_t { enum ec_curves_t {
@ -10,7 +29,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
#ifndef OPENSSL_NO_EC2M #ifndef OPENSSL_NO_EC2M
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
@@ -376,8 +376,6 @@ enum ec_curves_t { @@ -395,8 +395,6 @@ enum ec_curves_t {
}; };
/* list of ecdsa curves */ /* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
@ -19,7 +38,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"ecdsap224", R_EC_P224}, {"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256}, {"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384}, {"ecdsap384", R_EC_P384},
@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS @@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
/* list of ecdh curves, extension of |ecdsa_choices| list above */ /* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = { static const OPT_PAIR ecdh_choices[EC_NUM] = {
@ -28,7 +47,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"ecdhp224", R_EC_P224}, {"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256}, {"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384}, {"ecdhp384", R_EC_P384},
@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv) @@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv)
*/ */
static const EC_CURVE ec_curves[EC_NUM] = { static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */ /* Prime Curves */
@ -37,9 +56,10 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c
{"nistp224", NID_secp224r1, 224}, {"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256}, {"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384}, {"nistp384", NID_secp384r1, 384},
diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
--- ./crypto/evp/ec_support.c.ec-curves 2023-03-14 06:22:41.542310442 +0100 index 1ec10143d2..8fe774140f 100644
+++ ./crypto/evp/ec_support.c 2023-03-21 11:24:18.378451683 +0100 --- a/crypto/evp/ec_support.c
+++ b/crypto/evp/ec_support.c
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { @@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
static const EC_NAME2NID curve_list[] = { static const EC_NAME2NID curve_list[] = {
/* prime field curves */ /* prime field curves */
@ -130,7 +150,7 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
{"brainpoolP256r1", NID_brainpoolP256r1 }, {"brainpoolP256r1", NID_brainpoolP256r1 },
{"brainpoolP256t1", NID_brainpoolP256t1 }, {"brainpoolP256t1", NID_brainpoolP256t1 },
{"brainpoolP320r1", NID_brainpoolP320r1 }, {"brainpoolP320r1", NID_brainpoolP320r1 },
@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = @@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = {
{"brainpoolP384t1", NID_brainpoolP384t1 }, {"brainpoolP384t1", NID_brainpoolP384t1 },
{"brainpoolP512r1", NID_brainpoolP512r1 }, {"brainpoolP512r1", NID_brainpoolP512r1 },
{"brainpoolP512t1", NID_brainpoolP512t1 }, {"brainpoolP512t1", NID_brainpoolP512t1 },
@ -139,13 +159,15 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
}; };
const char *OSSL_EC_curve_nid2name(int nid) const char *OSSL_EC_curve_nid2name(int nid)
diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc diff --git a/test/acvp_test.inc b/test/acvp_test.inc
--- ./test/acvp_test.inc.ec-curves 2023-03-14 06:38:20.563712586 +0100 index ad11d3ae1e..894a0bff9d 100644
+++ ./test/acvp_test.inc 2023-03-14 06:39:01.631080059 +0100 --- a/test/acvp_test.inc
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ +++ b/test/acvp_test.inc
@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
0xB1, 0xAC,
}; };
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
{ - {
- "SHA-1", - "SHA-1",
- "P-192", - "P-192",
- ITM(ecdsa_sigver_msg0), - ITM(ecdsa_sigver_msg0),
@ -154,13 +176,13 @@ diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc
- ITM(ecdsa_sigver_s0), - ITM(ecdsa_sigver_s0),
- PASS, - PASS,
- }, - },
- { {
"SHA2-512", "SHA2-512",
"P-521", "P-521",
ITM(ecdsa_sigver_msg1), diff --git a/test/ecdsatest.h b/test/ecdsatest.h
diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h index 63fe319025..06b5c0aac5 100644
--- ./test/ecdsatest.h.ec-curves 2023-03-14 04:49:16.148154472 +0100 --- a/test/ecdsatest.h
+++ ./test/ecdsatest.h 2023-03-14 04:51:01.376096037 +0100 +++ b/test/ecdsatest.h
@@ -32,23 +32,6 @@ typedef struct { @@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t; } ecdsa_cavs_kat_t;
@ -185,10 +207,11 @@ diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h
/* prime KATs from NIST CAVP */ /* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224, {NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
--- ./test/recipes/15-test_genec.t.ec-curves 2023-03-14 04:51:45.215488277 +0100 index 2dfed387ca..c733b68f83 100644
+++ ./test/recipes/15-test_genec.t 2023-03-21 11:26:58.613885435 +0100 --- a/test/recipes/15-test_genec.t
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport +++ b/test/recipes/15-test_genec.t
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec"); if disabled("ec");
my @prime_curves = qw( my @prime_curves = qw(
@ -234,3 +257,6 @@ diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t
P-224 P-224
P-256 P-256
P-384 P-384
--
2.41.0

245
0012-Disable-explicit-ec.patch
View File

@ -1,7 +1,27 @@
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch
Patch-name: 0012-Disable-explicit-ec.patch
Patch-id: 12
Patch-status: |
# Disable explicit EC curves
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_asn1.c | 11 ++++++++++
crypto/ec/ec_lib.c | 6 +++++
test/ectest.c | 22 ++++++++++---------
test/endecode_test.c | 20 ++++++++---------
.../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
5 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 7a0b35a594..d19d57344e 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
group->decoded_from_explicit_params = 1; group->decoded_from_explicit_params = 1;
@ -14,7 +34,7 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
if (a) { if (a) {
EC_GROUP_free(*a); EC_GROUP_free(*a);
*a = group; *a = group;
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con @@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
goto err; goto err;
} }
@ -26,10 +46,11 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
ret->version = priv_key->version; ret->version = priv_key->version;
if (priv_key->privateKey) { if (priv_key->privateKey) {
diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
--- openssl-3.0.9/crypto/ec/ec_lib.c.noec 2023-07-27 10:32:52.870910095 +0200 index a84e088c19..6c37bf78ae 100644
+++ openssl-3.0.9/crypto/ec/ec_lib.c 2023-07-27 10:35:18.029151181 +0200 --- a/crypto/ec/ec_lib.c
@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const +++ b/crypto/ec/ec_lib.c
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err; goto err;
} }
if (named_group == group) { if (named_group == group) {
@ -41,7 +62,7 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c
/* /*
* If we did not find a named group then the encoding should be explicit * If we did not find a named group then the encoding should be explicit
* if it was specified * if it was specified
@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const @@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err; goto err;
} }
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
@ -49,104 +70,11 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c
} else { } else {
EC_GROUP_free(group); EC_GROUP_free(group);
group = named_group; group = named_group;
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c diff --git a/test/ectest.c b/test/ectest.c
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100 index 4890b0555e..e11aec5b3b 100644
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100 --- a/test/ectest.c
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL; +++ b/test/ectest.c
static OSSL_PARAM_BLD *bld_prime_nc = NULL; @@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
static OSSL_PARAM_BLD *bld_prime = NULL;
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
# ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
@@ -1346,7 +1346,7 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
@@ -1389,8 +1389,8 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
@@ -1427,7 +1427,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
# ifndef OPENSSL_NO_EC2M
@@ -1449,7 +1449,7 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----
-PrivateKey = EC_EXPLICIT
------BEGIN PRIVATE KEY-----
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
------END PRIVATE KEY-----
-
PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
--- openssl-3.0.9/test/ectest.c.noec 2023-07-27 11:30:24.078979261 +0200
+++ openssl-3.0.9/test/ectest.c 2023-07-27 11:35:12.335576107 +0200
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromd
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
@ -160,7 +88,7 @@ diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
/*- Check that all the set values are retrievable -*/ /*- Check that all the set values are retrievable -*/
/* There should be no match to a group name since the generator changed */ /* There should be no match to a group name since the generator changed */
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromd @@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
#endif #endif
) )
goto err; goto err;
@ -206,3 +134,102 @@ diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c
ret = 1; ret = 1;
err: err:
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 14648287eb..9a437d8c64 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL;
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
static OSSL_PARAM_BLD *bld_prime = NULL;
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
# ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
@@ -1352,7 +1352,7 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
@@ -1380,7 +1380,7 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
@@ -1423,8 +1423,8 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
@@ -1461,7 +1461,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
# ifndef OPENSSL_NO_EC2M
@@ -1483,7 +1483,7 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index ec3c032aba..584ecee0eb 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----
-PrivateKey = EC_EXPLICIT
------BEGIN PRIVATE KEY-----
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
------END PRIVATE KEY-----
-
PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
--
2.41.0

46
0013-skipped-tests-EC-curves.patch
View File

@ -1,7 +1,24 @@
diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001
--- ./test/recipes/15-test_ec.t.skip-tests 2023-03-14 13:42:38.865508269 +0100 From: rpm-build <rpm-build>
+++ ./test/recipes/15-test_ec.t 2023-03-14 13:43:36.237021635 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch
Patch-name: 0013-skipped-tests-EC-curves.patch
Patch-id: 13
Patch-status: |
# Skipped tests from former 0011-Remove-EC-curves.patch
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
test/recipes/15-test_ec.t | 2 +-
test/recipes/65-test_cmp_protect.t | 2 +-
test/recipes/65-test_cmp_vfy.t | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 0638d626e7..c0efd77649 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub {
subtest 'Check loading of fips and non-fips keys' => sub { subtest 'Check loading of fips and non-fips keys' => sub {
plan skip_all => "FIPS is disabled" plan skip_all => "FIPS is disabled"
@ -10,10 +27,11 @@ diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t
plan tests => 2; plan tests => 2;
diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_cmp_protect.t diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
--- ./test/recipes/65-test_cmp_protect.t.skip-tests 2023-03-14 10:13:11.342056559 +0100 index 631603df7c..4cb2ffebbc 100644
+++ ./test/recipes/65-test_cmp_protect.t 2023-03-14 10:14:42.643873496 +0100 --- a/test/recipes/65-test_cmp_protect.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo +++ b/test/recipes/65-test_cmp_protect.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
plan skip_all => "This test is not supported in a shared library build on Windows" plan skip_all => "This test is not supported in a shared library build on Windows"
if $^O eq 'MSWin32' && !disabled("shared"); if $^O eq 'MSWin32' && !disabled("shared");
@ -22,10 +40,11 @@ diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_
my @basic_cmd = ("cmp_protect_test", my @basic_cmd = ("cmp_protect_test",
data_file("server.pem"), data_file("server.pem"),
diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_vfy.t diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
--- ./test/recipes/65-test_cmp_vfy.t.skip-tests 2023-03-14 10:13:38.106296042 +0100 index f722800e27..26a01786bb 100644
+++ ./test/recipes/65-test_cmp_vfy.t 2023-03-14 10:16:56.496071178 +0100 --- a/test/recipes/65-test_cmp_vfy.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo +++ b/test/recipes/65-test_cmp_vfy.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
plan skip_all => "This test is not supported in a no-ec build" plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec"); if disabled("ec");
@ -34,3 +53,6 @@ diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_
my @basic_cmd = ("cmp_vfy_test", my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"), data_file("server.crt"), data_file("client.crt"),
--
2.41.0

52
0024-load-legacy-prov.patch
View File

@ -1,6 +1,22 @@
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 14/35] 0024-load-legacy-prov.patch
Patch-name: 0024-load-legacy-prov.patch
Patch-id: 24
Patch-status: |
# Instructions to load legacy provider in openssl.cnf
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/openssl.cnf | 37 +++++++++++++++----------------------
doc/man5/config.pod | 8 ++++++++
2 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 3956235fda..bddb6bc029 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6 tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7 tsa_policy3 = 1.2.3.4.5.7
@ -19,11 +35,6 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
ssl_conf = ssl_module ssl_conf = ssl_module
-# List of providers to load -# List of providers to load
-[provider_sect]
-default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
+# Uncomment the sections that start with ## below to enable the legacy provider. +# Uncomment the sections that start with ## below to enable the legacy provider.
+# Loading the legacy provider enables support for the following algorithms: +# Loading the legacy provider enables support for the following algorithms:
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
@ -32,7 +43,13 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
+# In general it is not recommended to use the above mentioned algorithms for +# In general it is not recommended to use the above mentioned algorithms for
+# security critical operations, as they are cryptographically weak or vulnerable +# security critical operations, as they are cryptographically weak or vulnerable
+# to side-channel attacks and as such have been deprecated. +# to side-channel attacks and as such have been deprecated.
+
[provider_sect]
default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
-
-# If no providers are activated explicitly, the default one is activated implicitly. -# If no providers are activated explicitly, the default one is activated implicitly.
-# See man 7 OSSL_PROVIDER-default for more details. -# See man 7 OSSL_PROVIDER-default for more details.
-# -#
@ -41,13 +58,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
-# becomes unavailable in openssl. As a consequence applications depending on -# becomes unavailable in openssl. As a consequence applications depending on
-# OpenSSL may not work correctly which could lead to significant system -# OpenSSL may not work correctly which could lead to significant system
-# problems including inability to remotely access the system. -# problems including inability to remotely access the system.
-[default_sect]
-# activate = 1
+[provider_sect]
+default = default_sect
+##legacy = legacy_sect +##legacy = legacy_sect
+## +##
+[default_sect] [default_sect]
-# activate = 1
+activate = 1 +activate = 1
+ +
+##[legacy_sect] +##[legacy_sect]
@ -55,9 +69,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
[ ssl_module ] [ ssl_module ]
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod diff --git a/doc/man5/config.pod b/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 index 8d312c661f..714a10437b 100644
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 --- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -273,6 +273,14 @@ significant. @@ -273,6 +273,14 @@ significant.
All parameters in the section as well as sub-sections are made All parameters in the section as well as sub-sections are made
available to the provider. available to the provider.
@ -73,3 +88,6 @@ diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/co
=head3 Default provider and its activation =head3 Default provider and its activation
If no providers are activated explicitly, the default one is activated implicitly. If no providers are activated explicitly, the default one is activated implicitly.
--
2.41.0

28
0032-Force-fips.patch
View File

@ -1,6 +1,21 @@
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c From 8c6dffe2347fc801a2b285d79dd99b8739414bc3 Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 16/35] 0032-Force-fips.patch
Patch-name: 0032-Force-fips.patch
Patch-id: 32
Patch-status: |
# We load FIPS provider and set FIPS properties implicitly
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/provider_conf.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 058fb58837..ad0b29c954 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -10,6 +10,7 @@ @@ -10,6 +10,7 @@
#include <string.h> #include <string.h>
#include <openssl/trace.h> #include <openssl/trace.h>
@ -9,7 +24,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/safestack.h> #include <openssl/safestack.h>
#include <openssl/provider.h> #include <openssl/provider.h>
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C @@ -169,7 +170,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
if (path != NULL) if (path != NULL)
ossl_provider_set_module_path(prov, path); ossl_provider_set_module_path(prov, path);
@ -18,7 +33,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
if (ok) { if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) { if (!ossl_provider_activate(prov, 1, 0)) {
@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU @@ -309,6 +310,16 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
return 0; return 0;
} }
@ -35,3 +50,6 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
return 1; return 1;
} }
--
2.41.0

131
0033-FIPS-embed-hmac.patch
View File

@ -1,7 +1,30 @@
diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c From 538665f6c210f876bf2733afe63460b36f2c9929 Mon Sep 17 00:00:00 2001
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) Subject: [PATCH 17/35] 0033-FIPS-embed-hmac.patch
Patch-name: 0033-FIPS-embed-hmac.patch
Patch-id: 33
Patch-status: |
# Embed HMAC into the fips.so
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/fips/self_test.c | 69 ++++++++++++++++++++++++---
test/fipsmodule.cnf | 2 +
test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
test/recipes/01-test_fipsmodule_cnf.t | 2 +-
test/recipes/03-test_fipsinstall.t | 2 +-
test/recipes/30-test_defltfips.t | 2 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_sslapi.t | 2 +-
8 files changed, 70 insertions(+), 13 deletions(-)
create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 10804d9f59..ef56002854 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -231,11 +231,27 @@ err:
return ok; return ok;
} }
@ -29,7 +52,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len, unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI @@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
EVP_MAC *mac = NULL; EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL; EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params; OSSL_PARAM params[2], *p = params;
@ -53,7 +76,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL) if (mac == NULL)
goto err; goto err;
@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI @@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err; goto err;
@ -61,12 +84,12 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); - status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { + while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
if (status != 1) + if (status != 1)
break; + break;
if (!EVP_MAC_update(ctx, buf, bytes_read)) + if (!EVP_MAC_update(ctx, buf, bytes_read))
goto err; + goto err;
+ off += bytes_read; + off += bytes_read;
} + }
+ +
+ if (off + INTEGRITY_BUF_SIZE > paddr) { + if (off + INTEGRITY_BUF_SIZE > paddr) {
+ int delta = paddr - off; + int delta = paddr - off;
@ -88,17 +111,17 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
+ +
+ while (bytes_read > 0) { + while (bytes_read > 0) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1) if (status != 1)
+ break; break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read)) if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err; goto err;
+ off += bytes_read; + off += bytes_read;
+ } }
+ +
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err; goto err;
@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS @@ -349,8 +405,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
CRYPTO_THREAD_unlock(fips_state_lock); CRYPTO_THREAD_unlock(fips_state_lock);
} }
@ -108,7 +131,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end; goto end;
} }
@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS @@ -359,8 +414,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL) if (ev == NULL)
goto end; goto end;
@ -120,7 +143,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
if (module_checksum == NULL) { if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end; goto end;
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS @@ -434,7 +490,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
end: end:
EVP_RAND_free(testrand); EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev); OSSL_SELF_TEST_free(ev);
@ -128,10 +151,19 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
OPENSSL_free(indicator_checksum); OPENSSL_free(indicator_checksum);
if (st != NULL) { if (st != NULL) {
diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf
--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 new file mode 100644
+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 index 0000000000..f05d0dedbe
@@ -20,7 +20,7 @@ --- /dev/null
+++ b/test/fipsmodule.cnf
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1
diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t
index 4e3a6d85e8..e8255ba974 100644
--- a/test/recipes/00-prep_fipsmodule_cnf.t
+++ b/test/recipes/00-prep_fipsmodule_cnf.t
@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -140,10 +172,11 @@ diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/
plan skip_all => "FIPS module config file only supported in a fips build" plan skip_all => "FIPS module config file only supported in a fips build"
if $no_check; if $no_check;
diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 index ce594817d5..00cebacff8 100644
+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 --- a/test/recipes/01-test_fipsmodule_cnf.t
@@ -23,7 +23,7 @@ +++ b/test/recipes/01-test_fipsmodule_cnf.t
@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -152,10 +185,11 @@ diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/
plan skip_all => "Test only supported in a fips build" plan skip_all => "Test only supported in a fips build"
if $no_check; if $no_check;
plan tests => 1; plan tests => 1;
diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 index b8b136d110..8242f4ebc3 100644
+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 --- a/test/recipes/03-test_fipsinstall.t
@@ -22,7 +22,7 @@ +++ b/test/recipes/03-test_fipsinstall.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
use platform; use platform;
@ -164,10 +198,11 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes
# Compatible options for pedantic FIPS compliance # Compatible options for pedantic FIPS compliance
my @pedantic_okay = my @pedantic_okay =
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 index 426bd660d1..6dc514936b 100644
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 --- a/test/recipes/30-test_defltfips.t
@@ -21,7 +21,7 @@ +++ b/test/recipes/30-test_defltfips.t
@@ -21,7 +21,7 @@ BEGIN {
use lib srctop_dir('Configurations'); use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
@ -176,10 +211,11 @@ diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/
plan tests => plan tests =>
($no_fips ? 1 : 5); ($no_fips ? 1 : 5);
diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 index 0c6d6402d9..e45f9cb560 100644
+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 --- a/test/recipes/80-test_ssl_new.t
@@ -23,7 +23,7 @@ +++ b/test/recipes/80-test_ssl_new.t
@@ -27,7 +27,7 @@ setup("test_ssl_new");
use lib srctop_dir('Configurations'); use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
@ -188,10 +224,11 @@ diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/re
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 index 9e9e32b51e..1a1a7159b5 100644
+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 --- a/test/recipes/90-test_sslapi.t
@@ -18,7 +18,7 @@ +++ b/test/recipes/90-test_sslapi.t
@@ -17,7 +17,7 @@ setup("test_sslapi");
use lib srctop_dir('Configurations'); use lib srctop_dir('Configurations');
use lib bldtop_dir('.'); use lib bldtop_dir('.');
@ -200,8 +237,6 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec
my $fipsmodcfg_filename = "fipsmodule.cnf"; my $fipsmodcfg_filename = "fipsmodule.cnf";
my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
--- /dev/null 2021-11-16 15:27:32.915000000 +0100 --
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 2.41.0
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1

344
0034.fipsinstall_disable.patch
View File

@ -1,7 +1,27 @@
diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001
--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch
Patch-name: 0034.fipsinstall_disable.patch
Patch-id: 34
Patch-status: |
# Comment out fipsinstall command-line utility
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/fipsinstall.c | 3 +
doc/man1/openssl-fipsinstall.pod.in | 272 +---------------------------
doc/man1/openssl.pod | 4 -
doc/man5/config.pod | 1 -
doc/man5/fips_config.pod | 104 +----------
doc/man7/OSSL_PROVIDER-FIPS.pod | 1 -
6 files changed, 10 insertions(+), 375 deletions(-)
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index e1ef645b60..db92cb5fb2 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv)
EVP_MAC *mac = NULL; EVP_MAC *mac = NULL;
CONF *conf = NULL; CONF *conf = NULL;
@ -11,160 +31,11 @@ diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100 index b1768b7f91..b6b00e27d8 100644
+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100 --- a/doc/man1/openssl-fipsinstall.pod.in
@@ -158,10 +158,6 @@ Engine (loadable module) information and +++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation
Error Number to Error String Conversion.
-=item B<fipsinstall>
-
-FIPS configuration installation.
-
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100
+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100
@@ -573,7 +573,6 @@ configuration files using that syntax wi
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
-L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod
--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100
+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
-is used to hold information about the FIPS module. This includes a digest
-of the shared library file, and status about the self-testing.
-This data is used automatically by the module itself for two
-purposes:
-
-=over 4
-
-=item - Run the startup FIPS self-test known answer tests (KATS).
-
-This is normally done once, at installation time, but may also be set up to
-run each time the module is used.
-
-=item - Verify the module's checksum.
-
-This is done each time the module is used.
-
-=back
-
-This file is generated by the L<openssl-fipsinstall(1)> program, and
-used internally by the FIPS module during its initialization.
-
-The following options are supported. They should all appear in a section
-whose name is identified by the B<fips> option in the B<providers>
-section, as described in L<config(5)/Provider Configuration Module>.
-
-=over 4
-
-=item B<activate>
-
-If present, the module is activated. The value assigned to this name is not
-significant.
-
-=item B<install-version>
-
-A version number for the fips install process. Should be 1.
-
-=item B<conditional-errors>
-
-The FIPS module normally enters an internal error mode if any self test fails.
-Once this error mode is active, no services or cryptographic algorithms are
-accessible from this point on.
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
-generation, or the CRNG output test).
-Setting this value to C<0> allows the error mode to not be triggered if any
-continuous test fails. The default value of C<1> will trigger the error mode.
-Regardless of the value, the operation (e.g., key generation) that called the
-continuous test will return an error code if its continuous test fails. The
-operation may then be retried if the error mode has not been triggered.
-
-=item B<security-checks>
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
-are not performed and FIPS compliance must be done by procedures documented in
-the relevant Security Policy.
-
-=item B<module-mac>
-
-The calculated MAC of the FIPS provider file.
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
-For example:
-
- [fips_sect]
- activate = 1
- install-version = 1
- conditional-errors = 1
- security-checks = 1
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
- install-status = INSTALL_SELF_TEST_KATS_RUN
-
-=head1 NOTES
-
-When using the FIPS provider, it is recommended that the
-B<config_diagnostics> option is enabled to prevent accidental use of
-non-FIPS validated algorithms via broken or mistaken configuration.
-See L<config(5)>.
-
-=head1 SEE ALSO
-
-L<config(5)>
-L<openssl-fipsinstall(1)>
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
+automatically loaded when the system is booted in FIPS mode, or when the
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+for more information.
=head1 HISTORY
diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100
+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100
@@ -388,7 +388,6 @@ A simple self test callback is shown bel
=head1 SEE ALSO
-L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi
=head1 SYNOPSIS =head1 SYNOPSIS
B<openssl fipsinstall> B<openssl fipsinstall>
@ -443,3 +314,160 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
=head1 COPYRIGHT =head1 COPYRIGHT
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index d9c22a580f..d5ec3b9a6a 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation.
Error Number to Error String Conversion.
-=item B<fipsinstall>
-
-FIPS configuration installation.
-
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 714a10437b..bd05736220 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified.
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
-L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 2255464304..1c15e32a5c 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
-is used to hold information about the FIPS module. This includes a digest
-of the shared library file, and status about the self-testing.
-This data is used automatically by the module itself for two
-purposes:
-
-=over 4
-
-=item - Run the startup FIPS self-test known answer tests (KATS).
-
-This is normally done once, at installation time, but may also be set up to
-run each time the module is used.
-
-=item - Verify the module's checksum.
-
-This is done each time the module is used.
-
-=back
-
-This file is generated by the L<openssl-fipsinstall(1)> program, and
-used internally by the FIPS module during its initialization.
-
-The following options are supported. They should all appear in a section
-whose name is identified by the B<fips> option in the B<providers>
-section, as described in L<config(5)/Provider Configuration Module>.
-
-=over 4
-
-=item B<activate>
-
-If present, the module is activated. The value assigned to this name is not
-significant.
-
-=item B<install-version>
-
-A version number for the fips install process. Should be 1.
-
-=item B<conditional-errors>
-
-The FIPS module normally enters an internal error mode if any self test fails.
-Once this error mode is active, no services or cryptographic algorithms are
-accessible from this point on.
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
-generation, or the CRNG output test).
-Setting this value to C<0> allows the error mode to not be triggered if any
-continuous test fails. The default value of C<1> will trigger the error mode.
-Regardless of the value, the operation (e.g., key generation) that called the
-continuous test will return an error code if its continuous test fails. The
-operation may then be retried if the error mode has not been triggered.
-
-=item B<security-checks>
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
-are not performed and FIPS compliance must be done by procedures documented in
-the relevant Security Policy.
-
-=item B<module-mac>
-
-The calculated MAC of the FIPS provider file.
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
-For example:
-
- [fips_sect]
- activate = 1
- install-version = 1
- conditional-errors = 1
- security-checks = 1
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
- install-status = INSTALL_SELF_TEST_KATS_RUN
-
-=head1 NOTES
-
-When using the FIPS provider, it is recommended that the
-B<config_diagnostics> option is enabled to prevent accidental use of
-non-FIPS validated algorithms via broken or mistaken configuration.
-See L<config(5)>.
-
-=head1 SEE ALSO
-
-L<config(5)>
-L<openssl-fipsinstall(1)>
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
+automatically loaded when the system is booted in FIPS mode, or when the
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+for more information.
=head1 HISTORY
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 4f908888ba..ef00247770 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are:
=head1 SEE ALSO
-L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
--
2.41.0

26
0035-speed-skip-unavailable-dgst.patch
View File

@ -1,7 +1,22 @@
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch
Patch-name: 0035-speed-skip-unavailable-dgst.patch
Patch-id: 35
Patch-status: |
# Skip unavailable algorithms running `openssl speed`
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/speed.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/speed.c b/apps/speed.c
index d527f12f18..2ff3eb53bd 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args)
for (count = 0; COND(c[algindex][testnum]); count++) { for (count = 0; COND(c[algindex][testnum]); count++) {
size_t outl; size_t outl;
@ -11,3 +26,6 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
if (!EVP_MAC_init(mctx, NULL, 0, NULL) if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|| !EVP_MAC_update(mctx, buf, lengths[testnum]) || !EVP_MAC_update(mctx, buf, lengths[testnum])
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
--
2.41.0

101
0044-FIPS-140-3-keychecks.patch
View File

@ -1,7 +1,24 @@
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c From bdf751d87be5dfb3164264ebcdbc0c0374d3eabf Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k Subject: [PATCH 20/35] 0044-FIPS-140-3-keychecks.patch
Patch-name: 0044-FIPS-140-3-keychecks.patch
Patch-id: 44
Patch-status: |
# Extra public/private key checks required by FIPS-140-3
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/dh/dh_key.c | 28 ++++++++++++
crypto/rsa/rsa_gen.c | 44 ++++++++-----------
.../implementations/exchange/ecdh_exch.c | 19 ++++++++
3 files changed, 65 insertions(+), 26 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4e9705beef..cb9e641f54 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BN_MONT_CTX *mont = NULL; BN_MONT_CTX *mont = NULL;
BIGNUM *z = NULL, *pminus1; BIGNUM *z = NULL, *pminus1;
int ret = -1; int ret = -1;
@ -11,7 +28,7 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k @@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
return 0; return 0;
} }
@ -59,39 +76,10 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
dh->dirty_cnt++; dh->dirty_cnt++;
ok = 1; ok = 1;
err: err:
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c index e0d139d312..de9cedb64b 100644
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200 --- a/crypto/rsa/rsa_gen.c
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200 +++ b/crypto/rsa/rsa_gen.c
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
}
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
+#ifdef FIPS_MODULE
+ {
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
+ int check = 0;
+
+ if (bn_ctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
+ BN_CTX_free(bn_ctx);
+
+ if (check <= 0) {
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
+ goto end;
+ }
+ }
+#endif
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
@@ -23,6 +23,7 @@ @@ -23,6 +23,7 @@
#include <time.h> #include <time.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
@ -100,7 +88,7 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
#include <openssl/self_test.h> #include <openssl/self_test.h>
#include "prov/providercommon.h" #include "prov/providercommon.h"
#include "rsa_local.h" #include "rsa_local.h"
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc @@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
{ {
int ret = 0; int ret = 0;
@ -128,13 +116,13 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
- ciphertxt_len = RSA_size(rsa); - ciphertxt_len = RSA_size(rsa);
+ signature_len = RSA_size(rsa);
- /* - /*
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' - * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
- * parameter to be a maximum of RSA_size() - allocate space for both. - * parameter to be a maximum of RSA_size() - allocate space for both.
- */ - */
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); - ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
- if (ciphertxt == NULL) - if (ciphertxt == NULL)
+ signature_len = RSA_size(rsa);
+ signature = OPENSSL_zalloc(signature_len); + signature = OPENSSL_zalloc(signature_len);
+ if (signature == NULL) + if (signature == NULL)
goto err; goto err;
@ -170,3 +158,36 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g
return ret; return ret;
} }
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 43caedb6df..73873f9758 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
}
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
+#ifdef FIPS_MODULE
+ {
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
+ int check = 0;
+
+ if (bn_ctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
+ BN_CTX_free(bn_ctx);
+
+ if (check <= 0) {
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
+ goto end;
+ }
+ }
+#endif
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
--
2.41.0

1075
0045-FIPS-services-minimize.patch
View File

File diff suppressed because it is too large Load Diff

34
0047-FIPS-early-KATS.patch
View File

@ -1,7 +1,22 @@
diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100 From: rpm-build <rpm-build>
+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
Patch-name: 0047-FIPS-early-KATS.patch
Patch-id: 47
Patch-status: |
# Execute KATS before HMAC verification
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/fips/self_test.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index ef56002854..062d9df84a 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL) if (ev == NULL)
goto end; goto end;
@ -18,11 +33,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
module_checksum = fips_hmac_container; module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container); checksum_len = sizeof(fips_hmac_container);
@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS @@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
kats_already_passed = 1;
} }
} }
-
- /* - /*
- * Only runs the KAT's during installation OR on_demand(). - * Only runs the KAT's during installation OR on_demand().
- * NOTE: If the installation option 'self_test_onload' is chosen then this - * NOTE: If the installation option 'self_test_onload' is chosen then this
@ -34,6 +48,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
- goto end; - goto end;
- } - }
- } - }
-
/* Verify that the RNG has been restored properly */ /* Verify that the RNG has been restored properly */
testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL); testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
if (testrand == NULL
--
2.41.0

544
0049-Selectively-disallow-SHA1-signatures.patch
View File

@ -1,544 +0,0 @@
From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 17 Aug 2022 12:56:29 -0400
Subject: [PATCH] Selectively disallow SHA1 signatures
For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is
disabling SHA1 signatures. Introduce a new configuration option in the
alg_section named 'rh-allow-sha1-signatures'. This option defaults to
false. If set to false (or unset), any signature creation or
verification operations that involve SHA1 as digest will fail.
This also affects TLS, where the signature_algorithms extension of any
ClientHello message sent by OpenSSL will no longer include signatures
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
that request a client certificate, the same also applies for
CertificateRequest messages sent by them.
For signatures created using the EVP_PKEY API, this is a best-effort
check that will deny signatures in cases where the digest algorithm is
known. This means, for example, that that following steps will still
work:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
whereas these will not:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
This happens because in the first case, OpenSSL's signature
implementation does not know that it is signing a SHA1 hash (it could be
signing arbitrary data).
Resolves: rhbz#2031742
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
crypto/context.c | 14 ++++
crypto/evp/evp_cnf.c | 13 ++++
crypto/evp/m_sigver.c | 71 +++++++++++++++++++
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 11 +++
include/crypto/context.h | 3 +
include/internal/cryptlib.h | 3 +-
include/internal/sslconf.h | 4 ++
providers/common/securitycheck.c | 20 ++++++
providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
.../implementations/signature/ecdsa_sig.c | 4 ++
providers/implementations/signature/rsa_sig.c | 20 +++++-
ssl/t1_lib.c | 8 +++
util/libcrypto.num | 2 +
15 files changed, 199 insertions(+), 9 deletions(-)
diff --git a/crypto/context.c b/crypto/context.c
index e294ea1512..ab6abf44ab 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
void *fips_prov;
#endif
+ void *legacy_digest_signatures;
+
unsigned int ischild:1;
};
@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
goto err;
#endif
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
+ if (ctx->legacy_digest_signatures == NULL)
+ goto err;
+
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
}
#endif
+ if (ctx->legacy_digest_signatures != NULL) {
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
+ ctx->legacy_digest_signatures = NULL;
+ }
+
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
return ctx->fips_prov;
#endif
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
+ return ctx->legacy_digest_signatures;
+
default:
return NULL;
}
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
+#include "internal/sslconf.h"
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
return 0;
}
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
+ int m;
+
+ /* Detailed error already reported. */
+ if (!X509V3_get_value_bool(oval, &m))
+ return 0;
+
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+ return 0;
+ }
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 630d339c35..06028b082e 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -15,6 +15,65 @@
#include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
+#include "crypto/context.h"
+
+typedef struct ossl_legacy_digest_signatures_st {
+ int allowed;
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
+
+ if (ldsigs != NULL) {
+ OPENSSL_free(ldsigs);
+ }
+}
+
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+{
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+}
+
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
+ OSSL_LIB_CTX *libctx, int loadconfig)
+{
+#ifndef FIPS_MODULE
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
+ return NULL;
+#endif
+
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+#ifndef FIPS_MODULE
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
+ /* used in tests */
+ return 1;
+#endif
+
+ return ldsigs != NULL ? ldsigs->allowed : 0;
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+ if (ldsigs == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ ldsigs->allowed = allow;
+ return 1;
+}
#ifndef FIPS_MODULE
@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
+ if (ctx->reqdigest != NULL
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ goto err;
+ }
+ }
+
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index ce6e1a1ccb..003926247b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
#include "internal/provider.h"
+#include "internal/sslconf.h"
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && md != NULL
+ && ctx->pkey != NULL
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ return -1;
+ }
+ }
+
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 8d312c661f..e5a88d11aa 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning:
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
+=item B<rh-allow-sha1-signatures>
+
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
+it behaves as if it was set to B<no>.
+
+When set to B<no>, any attempt to create or verify a signature with a SHA1
+digest will fail. For compatibility with older versions of OpenSSL, set this
+option to B<yes>. This setting also affects TLS, where signature algorithms
+that use SHA1 as digest will no longer be supported if this option is set to
+B<no>.
+
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/include/crypto/context.h b/include/crypto/context.h
index cc06c71be8..e9f74a414d 100644
--- a/include/crypto/context.h
+++ b/include/crypto/context.h
@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
void ossl_thread_event_ctx_free(void *);
void ossl_fips_prov_ossl_ctx_free(void *);
void ossl_release_default_drbg_ctx(void);
+
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
+void ossl_ctx_legacy_digest_signatures_free(void *);
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index ac50eb3bbd..3b115cc7df 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
index fd7f7e3331..05464b0655 100644
--- a/include/internal/sslconf.h
+++ b/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
+/* Methods to support disabling all signatures with legacy digests */
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 699ada7c52..e534ad0a5f 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
+#include "internal/sslconf.h"
/*
* FIPS requires a minimum security strength of 112 bits (for encryption or
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
mdnid = -1; /* disallowed by security checks */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ /* SHA1 is globally disabled, check whether we want to locally allow
+ * it. */
+ if (mdnid == NID_sha1 && !sha1_allowed)
+ mdnid = -1;
+#endif
+
return mdnid;
}
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
if (ossl_securitycheck_enabled(ctx))
return ossl_digest_get_approved_nid(md) != NID_undef;
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ return 0;
+ }
+#endif
+
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
index 246323493e..2ca7a59f39 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
#include "internal/nelem.h"
+#include "internal/sslconf.h"
/* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
}
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- ossl_unused int sha1_allowed)
+ int sha1_allowed)
{
int mdnid;
+ int ldsigs_allowed;
static const OSSL_ITEM name_to_nid[] = {
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
if (mdnid == NID_undef)
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
+ mdnid = -1;
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 70d0ea5d24..3c482e0181 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
+ int md_nid;
size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+ sha1_allowed);
if (md == NULL || md_nid < 0) {
if (md == NULL)
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 865d49d100..99b228e82c 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
"%s could not be fetched", mdname);
return 0;
}
+#ifdef FIPS_MODULE
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ sha1_allowed = 0;
+#endif
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index cd5de6bd51..25a51df878 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -25,6 +25,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "internal/sslconf.h"
#include "crypto/rsa.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@@ -33,6 +34,7 @@
#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+ int md_nid;
+ size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
sha1_allowed);
- size_t mdname_len = strlen(mdname);
if (md == NULL
|| md_nid <= 0
@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
- && pad_mode == RSA_PKCS1_PSS_PADDING)
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
pmdname = RSA_DEFAULT_DIGEST_NAME;
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
+ }
+#endif
+ }
+
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e6f4bcc045..8bc550ea5b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
+ int ldsigs_allowed;
if (cache == NULL || tmpkey == NULL)
goto err;
ERR_set_mark();
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && !ldsigs_allowed) {
+ cache[i].enabled = 0;
+ continue;
+ }
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9cb8a4dda2..feb660d030 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
2.40.1

207
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
View File

@ -1,207 +0,0 @@
From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures =
yes
References: rhbz#2055796
---
crypto/x509/x509_vfy.c | 19 ++++++++++-
doc/man5/config.pod | 7 +++-
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++-------
test/recipes/25-test_verify.t | 7 ++--
4 files changed, 79 insertions(+), 18 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index d19efeaa99..451fa10bf2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
#include "internal/dane.h"
+#include "internal/sslconf.h"
#include "crypto/x509.h"
#include "x509_local.h"
@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
int secbits = -1;
int level = ctx->param->auth_level;
+ int nid;
+ OSSL_LIB_CTX *libctx = NULL;
if (level <= 0)
return 1;
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ if (ctx->libctx)
+ libctx = ctx->libctx;
+ else if (cert->libctx)
+ libctx = cert->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
return 0;
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ctx->param->auth_level < 3)
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
return secbits >= minbits_table[level - 1];
}
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index e5a88d11aa..2d5649f90b 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
digest will fail. For compatibility with older versions of OpenSSL, set this
option to B<yes>. This setting also affects TLS, where signature algorithms
that use SHA1 as digest will no longer be supported if this option is set to
-B<no>.
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
+algorithms that use SHA1 in security level 2, despite the definition of
+security level 2 of 112 bits of security, which SHA1 does not meet. Because
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
+newer.
=item B<fips_mode> (deprecated)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8bc550ea5b..a9d21a6a96 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "crypto/x509.h"
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
- /*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
- sigalgstr[0] = (sig >> 8) & 0xff;
- sigalgstr[1] = sig & 0xff;
- secbits = sigalg_security_bits(s->ctx, lu);
- if (secbits == 0 ||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
- (void *)sigalgstr)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0;
+
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ } else {
+ /*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+ sigalgstr[0] = (sig >> 8) & 0xff;
+ sigalgstr[1] = sig & 0xff;
+ secbits = sigalg_security_bits(s->ctx, lu);
+ if (secbits == 0 ||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
}
}
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ return 1;
+ }
+
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
+ OSSL_LIB_CTX *libctx = NULL;
+
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
+
+ if (x && x->libctx)
+ libctx = x->libctx;
+ else if (ctx && ctx->libctx)
+ libctx = ctx->libctx;
+ else if (s && s->ctx && s->ctx->libctx)
+ libctx = s->ctx->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ((s != NULL && SSL_get_security_level(s) < 3)
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3)
+ ))
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
if (s)
return ssl_security(s, op, secbits, nid, x);
else
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index f69af793e4..a7481254e1 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 175;
+plan tests => 174;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
- "Reject PSS signature using SHA1 and auth level 1");
+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1
+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+# "Reject PSS signature using SHA1 and auth level 1");
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");
--
2.40.1

64
0056-strcasecmp.patch
View File

@ -1,17 +1,26 @@
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num From 8545e0c4c38934fda47b701043dd5ce89c99fe81 Mon Sep 17 00:00:00 2001
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex Subject: [PATCH 25/35] 0056-strcasecmp.patch
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: Patch-name: 0056-strcasecmp.patch
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP Patch-id: 56
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: Patch-status: |
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: # https://github.com/openssl/openssl/pull/18103
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c # so the patch should persist
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 ---
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char crypto/o_str.c | 14 ++++++++++++--
test/recipes/01-test_symbol_presence.t | 1 +
util/libcrypto.num | 2 ++
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 3354ce0927..95b9538471 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
#endif #endif
} }
@ -25,7 +34,7 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
{ {
int t; int t;
@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c @@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
return t; return t;
} }
@ -39,10 +48,11 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
{ {
int t; int t;
size_t i; size_t i;
diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 index 5530ade0ad..238a8d762e 100644
+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 --- a/test/recipes/01-test_symbol_presence.t
@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { +++ b/test/recipes/01-test_symbol_presence.t
@@ -77,6 +77,7 @@ foreach my $libname (@libnames) {
s| .*||; s| .*||;
# Drop OpenSSL dynamic version information if there is any # Drop OpenSSL dynamic version information if there is any
s|\@\@.+$||; s|\@\@.+$||;
@ -50,3 +60,19 @@ diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/
# Return the result # Return the result
$_ $_
} }
diff --git a/util/libcrypto.num b/util/libcrypto.num
index feb660d030..639074c5d0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5435,6 +5435,8 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
2.41.0

203
0058-FIPS-limit-rsa-encrypt.patch
View File

@ -1,6 +1,27 @@
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c From 7a6ade7947ceea6ca367afa0427f61a9505e37a5 Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 26/35] 0058-FIPS-limit-rsa-encrypt.patch
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
Patch-id: 58
Patch-status: |
# https://github.com/openssl/openssl/pull/18175
# Patch57: 0057-strcasecmp-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
providers/common/securitycheck.c | 1 +
.../implementations/asymciphers/rsa_enc.c | 35 +++++++++++
.../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++-
test/recipes/80-test_cms.t | 5 +-
test/recipes/80-test_ssl_old.t | 27 +++++++--
5 files changed, 118 insertions(+), 8 deletions(-)
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index e534ad0a5f..c017c658e5 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -27,6 +27,7 @@ @@ -27,6 +27,7 @@
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See * Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
@ -9,10 +30,11 @@ diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/pro
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
{ {
int protect = 0; int protect = 0;
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200 index d865968058..9cd8904131 100644
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200 --- a/providers/implementations/asymciphers/rsa_enc.c
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac +++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
} }
@ -30,7 +52,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in, size_t inlen) size_t outsize, const unsigned char *in, size_t inlen)
{ {
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u @@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running()) if (!ossl_prov_is_running())
return 0; return 0;
@ -49,7 +71,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
if (out == NULL) { if (out == NULL) {
size_t len = RSA_size(prsactx->rsa); size_t len = RSA_size(prsactx->rsa);
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u @@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running()) if (!ossl_prov_is_running())
return 0; return 0;
@ -68,75 +90,11 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
if (out == NULL) { if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH; *outlen = SSL_MAX_MASTER_KEY_LENGTH;
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200 index 8680797b90..95d5d51102 100644
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = ( +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
\&final_compare @@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
],
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -865,5 +865,8 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
+ return "$tnam: skipped, Red Hat FIPS\n"
+ if ($tnam =~ /no Red Hat FIPS/);
+
return "";
}
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
@@ -483,6 +483,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %redhat_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -494,11 +506,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher",
- $cipher,
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
}
next if $protocol eq "-tls1_3";
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200
@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# RSA decrypt # RSA decrypt
@ -152,7 +110,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt = RSA-2048 Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
Output = "Hello World" Output = "Hello World"
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN @@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
h90qjKHS9PvY4Q== h90qjKHS9PvY4Q==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -195,7 +153,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-1 Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 @@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
eG2e4XlBcKjI6A== eG2e4XlBcKjI6A==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -238,7 +196,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-2 Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W @@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
Ya4qnqZe1onjY5o= Ya4qnqZe1onjY5o=
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -281,7 +239,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-3 Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ @@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
aD0x7TDrmEvkEro= aD0x7TDrmEvkEro=
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -324,7 +282,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-4 Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ @@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
MSwGUGLx60i3nRyDyw== MSwGUGLx60i3nRyDyw==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -367,7 +325,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-5 Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq @@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
Yejn5Ly8mU2q+jBcRQ== Yejn5Ly8mU2q+jBcRQ==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -410,7 +368,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-6 Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 @@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
FMlxv0gq65dqc3DC FMlxv0gq65dqc3DC
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -453,7 +411,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-7 Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E @@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
2MiPa249Z+lh3Luj0A== 2MiPa249Z+lh3Luj0A==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -496,7 +454,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-8 Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc @@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
tKo5Eb69iFQvBb4= tKo5Eb69iFQvBb4=
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
@ -539,3 +497,74 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
Decrypt=RSA-OAEP-9 Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1 Ctrl = rsa_mgf1_md:sha1
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index cbec426137..9ba7fbeed2 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -1022,6 +1022,9 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
+ return "$tnam: skipped, Red Hat FIPS\n"
+ if ($tnam =~ /no Red Hat FIPS/);
+
return "";
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index e2dcb68fb5..0775112b40 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -493,6 +493,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %redhat_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -504,11 +516,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher",
- $cipher,
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
}
next if $protocol eq "-tls1_3";
--
2.41.0

89
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
View File

@ -1,39 +1,22 @@
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com> From: rpm-build <rpm-build>
Date: Fri, 22 Jul 2022 13:59:37 +0200 Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed Subject: [PATCH 29/35]
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Review by our lab for FIPS 140-3 certification expects the RSA Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
encryption and decryption tests to use a supported padding mode, not raw Patch-id: 73
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
a known-answer test, a comparison test, or a fault-detection test.
Comparison tests are not an option, because they would require
a separate implementation of RSA-OAEP, which we do not have. Fault
detection tests require implementing fault detection mechanisms into the
cryptographic algorithm implementation, we we also do not have.
As a consequence, a known-answer test must be used to test RSA
encryption and decryption, but RSA encryption with OAEP padding is not
deterministic, and thus encryption will always yield different results
that could not be compared to known answers. For this reason, this
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
which is the source of randomness for RSA-OAEP, to a fixed value. This
setting is only available during self-test execution, and the parameter
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
Signed-off-by: Clemens Lang <cllang@redhat.com>
--- ---
crypto/rsa/rsa_local.h | 8 ++ crypto/rsa/rsa_local.h | 8 ++
crypto/rsa/rsa_oaep.c | 34 ++++++-- crypto/rsa/rsa_oaep.c | 34 ++++++--
include/openssl/core_names.h | 3 + include/openssl/core_names.h | 3 +
providers/fips/self_test_data.inc | 83 +++++++++++-------- providers/fips/self_test_data.inc | 79 ++++++++++---------
providers/fips/self_test_kats.c | 7 ++ providers/fips/self_test_kats.c | 7 ++
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++- .../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
6 files changed, 133 insertions(+), 43 deletions(-) 6 files changed, 128 insertions(+), 44 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ea70da05ad..dde57a1a0e 100644 index ea70da05ad..dde57a1a0e 100644
@ -119,10 +102,10 @@ index d9be1a4f98..b2f7f7dc4b 100644
const unsigned char *from, int flen, const unsigned char *from, int flen,
const unsigned char *param, int plen, const unsigned char *param, int plen,
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 59a6e79566..11216fb8f8 100644 index 5e3c132f5b..c0cce14297 100644
--- a/include/openssl/core_names.h --- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h +++ b/include/openssl/core_names.h
@@ -469,6 +469,9 @@ extern "C" { @@ -471,6 +471,9 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
@ -133,32 +116,26 @@ index 59a6e79566..11216fb8f8 100644
/* /*
* Encoder / decoder parameters * Encoder / decoder parameters
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 4e30ec56dd..0103c87528 100644 index e0fdc0daa4..aa2012c04a 100644
--- a/providers/fips/self_test_data.inc --- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc
@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { @@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
ST_KAT_PARAM_END()
}; };
-/*- /*-
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the - * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
- * HP/UX PA-RISC compilers.
- */
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
-
+/*-
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
+ * HP/UX PA-RISC compilers. * HP/UX PA-RISC compilers.
+ */ */
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; +static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
+static const char oaep_fixed_seed[] = { +static const char oaep_fixed_seed[] = {
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, + 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, + 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
+ 0x2e, 0x4b, 0x2c, 0xe6 + 0x2e, 0x4b, 0x2c, 0xe6
+}; +};
+
static const ST_KAT_PARAM rsa_enc_params[] = { static const ST_KAT_PARAM rsa_enc_params[] = {
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), - ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
@ -167,7 +144,7 @@ index 4e30ec56dd..0103c87528 100644
ST_KAT_PARAM_END() ST_KAT_PARAM_END()
}; };
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { @@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = {
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
}; };
@ -245,10 +222,10 @@ index 4e30ec56dd..0103c87528 100644
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 064794d9bf..b6d5e8e134 100644 index 74ee25dcb6..a9bc8be7fa 100644
--- a/providers/fips/self_test_kats.c --- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) @@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret; return ret;
} }
@ -271,7 +248,7 @@ index 064794d9bf..b6d5e8e134 100644
} }
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 00cf65fcd6..83be3d8ede 100644 index 9cd8904131..40de5ce8fa 100644
--- a/providers/implementations/asymciphers/rsa_enc.c --- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -30,6 +30,9 @@ @@ -30,6 +30,9 @@
@ -294,7 +271,7 @@ index 00cf65fcd6..83be3d8ede 100644
} PROV_RSA_CTX; } PROV_RSA_CTX;
static void *rsa_newctx(void *provctx) static void *rsa_newctx(void *provctx)
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, @@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
} }
} }
ret = ret =
@ -318,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644
if (!ret) { if (!ret) {
OPENSSL_free(tbuf); OPENSSL_free(tbuf);
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) @@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx)
EVP_MD_free(prsactx->oaep_md); EVP_MD_free(prsactx->oaep_md);
EVP_MD_free(prsactx->mgf1_md); EVP_MD_free(prsactx->mgf1_md);
OPENSSL_free(prsactx->oaep_label); OPENSSL_free(prsactx->oaep_label);
@ -328,7 +305,7 @@ index 00cf65fcd6..83be3d8ede 100644
OPENSSL_free(prsactx); OPENSSL_free(prsactx);
} }
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { @@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0), NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@ -338,7 +315,7 @@ index 00cf65fcd6..83be3d8ede 100644
OSSL_PARAM_END OSSL_PARAM_END
}; };
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, @@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
return known_gettable_ctx_params; return known_gettable_ctx_params;
} }
@ -349,7 +326,7 @@ index 00cf65fcd6..83be3d8ede 100644
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{ {
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) @@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->oaep_labellen = tmp_labellen; prsactx->oaep_labellen = tmp_labellen;
} }
@ -369,5 +346,5 @@ index 00cf65fcd6..83be3d8ede 100644
if (p != NULL) { if (p != NULL) {
unsigned int client_version; unsigned int client_version;
-- --
2.37.1 2.41.0

312
0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
View File

@ -1,312 +0,0 @@
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 15 Jul 2022 17:45:40 +0200
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
In review for FIPS 140-3, the lack of a self-test for the digest_sign
and digest_verify provider functions was highlighted as a problem. NIST
no longer provides ACVP tests for the RSA SigVer primitive (see
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
recommends the use of functions that compute the digest and signature
within the module, we have been advised in our module review that the
self tests should also use the combined digest and signature APIs, i.e.
the digest_sign and digest_verify provider functions.
Modify the signature self-test to use these instead by switching to
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
2 files changed, 56 insertions(+), 24 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index db1a1d7bc3..c94c3c53bd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
return 0;
}
+#endif /* !defined(FIPS_MODULE) */
/*
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
+#ifndef FIPS_MODULE
else
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+#endif /* !defined(FIPS_MODULE) */
}
if (ctx->pctx == NULL)
return 0;
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
ERR_set_mark();
+#ifndef FIPS_MODULE
if (evp_pkey_ctx_is_legacy(locpctx))
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
/* do not reinitialize if pkey is set or operation is different */
if (reinit
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
signature =
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
supported_sig, locpctx->propquery);
+#ifndef FIPS_MODULE
if (signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
break;
}
if (signature == NULL)
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+#ifndef FIPS_MODULE
} else {
/* legacy engine support : remove the mark when this is deleted */
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
+#endif /* !defined(FIPS_MODULE) */
}
(void)ERR_pop_to_mark();
}
}
+#ifndef FIPS_MODULE
if (ctx->reqdigest != NULL
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
goto err;
}
}
+#endif /* !defined(FIPS_MODULE) */
if (ver) {
if (signature->digest_verify_init == NULL) {
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
EVP_KEYMGMT_free(tmp_keymgmt);
return 0;
+#ifndef FIPS_MODULE
legacy:
/*
* If we don't have the full support we need with provided methods,
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->pctx->flag_call_digest_custom = 1;
ret = 1;
+#endif /* !defined(FIPS_MODULE) */
end:
#ifndef FIPS_MODULE
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
NULL);
}
-#endif /* FIPS_MDOE */
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
return EVP_DigestUpdate(ctx, data, dsize);
}
-#ifndef FIPS_MODULE
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
- int sctx = 0, r = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ int r = 0;
+#ifndef FIPS_MODULE
+ int sctx = 0;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
sigret, siglen,
*siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
}
}
return 1;
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
- unsigned char md[EVP_MAX_MD_SIZE];
int r = 0;
+#ifndef FIPS_MODULE
+ unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
int vctx = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
sig, siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* !defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
if (vctx || !r)
return r;
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODULE */
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
+ EVP_MD *md = NULL;
+ EVP_MD_CTX *ctx = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
BN_CTX *bnctx = NULL;
+ const char *msg = "Hello World!";
+ unsigned char sig[256];
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
- /* Create a EVP_PKEY_CTX to use for the signing operation */
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (sctx == NULL
- || EVP_PKEY_sign_init(sctx) <= 0)
- goto err;
-
- /* set signature parameters */
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
- t->mdalgorithm,
- strlen(t->mdalgorithm) + 1))
- goto err;
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
+ * parameters and sign */
params_sig = OSSL_PARAM_BLD_to_param(bld);
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
+ ctx = EVP_MD_CTX_new();
+ if (md == NULL || ctx == NULL)
+ goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
+ || EVP_MD_CTX_reset(ctx) <= 0)
goto err;
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
+ /* sctx is not freed automatically inside the FIPS module */
+ EVP_PKEY_CTX_free(sctx);
+ sctx = NULL;
+
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(kctx);
+ EVP_MD_free(md);
+ EVP_MD_CTX_free(ctx);
+ /* sctx is not freed automatically inside the FIPS module */
EVP_PKEY_CTX_free(sctx);
+ EVP_PKEY_CTX_free(kctx);
OSSL_PARAM_free(params);
OSSL_PARAM_free(params_sig);
OSSL_PARAM_BLD_free(bld);
--
2.37.1

127
0076-FIPS-140-3-DRBG.patch
View File

@ -1,6 +1,76 @@
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c From 4b59d71e276243615d8fcc65bab32d83e6a602ad Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 Date: Mon, 31 Jul 2023 09:41:29 +0200
Subject: [PATCH 32/35] 0076-FIPS-140-3-DRBG.patch
Patch-name: 0076-FIPS-140-3-DRBG.patch
Patch-id: 76
Patch-status: |
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/rand/prov_seed.c | 9 ++-
providers/implementations/rands/crngt.c | 6 +-
providers/implementations/rands/drbg.c | 3 +
.../implementations/rands/seeding/rand_unix.c | 64 ++-----------------
4 files changed, 20 insertions(+), 62 deletions(-)
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
index 96c499c957..61c4cd8779 100644
--- a/crypto/rand/prov_seed.c
+++ b/crypto/rand/prov_seed.c
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle,
size_t entropy_available;
RAND_POOL *pool;
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+ /*
+ * OpenSSL still implements an internal entropy pool of
+ * some size that is hashed to get seed data.
+ * Note that this is a conditioning step for which SP800-90C requires
+ * 64 additional bits from the entropy source to claim the requested
+ * amount of entropy.
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
index fa4a2db14a..1f13fc759e 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
*/
- bytes_needed = (entropy + 7) / 8;
+ /*
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
+ * + 128 bits during initial seeding
+ */
+ bytes_needed = (entropy + 128 + 7) / 8;
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index ea55363bf8..423bb91157 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance,
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index cd02a0236d..98c917b6d8 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -48,6 +48,8 @@ @@ -48,6 +48,8 @@
# include <fcntl.h> # include <fcntl.h>
# include <unistd.h> # include <unistd.h>
@ -10,7 +80,7 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
static uint64_t get_time_stamp(void); static uint64_t get_time_stamp(void);
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf, @@ -341,66 +343,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check. * between size_t and ssize_t is safe even without a range check.
*/ */
@ -79,51 +149,6 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
} }
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c --
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 2.41.0
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused
size_t entropy_available;
RAND_POOL *pool;
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+ /*
+ * OpenSSL still implements an internal entropy pool of
+ * some size that is hashed to get seed data.
+ * Note that this is a conditioning step for which SP800-90C requires
+ * 64 additional bits from the entropy source to claim the requested
+ * amount of entropy.
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
*/
- bytes_needed = (entropy + 7) / 8;
+ /*
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
+ * + 128 bits during initial seeding
+ */
+ bytes_needed = (entropy + 128 + 7) / 8;
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)

142
0077-FIPS-140-3-zeroization.patch
View File

@ -1,63 +1,26 @@
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200 From: rpm-build <rpm-build>
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200 Date: Mon, 31 Jul 2023 09:41:29 +0200
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch
void ossl_ffc_params_cleanup(FFC_PARAMS *params) Patch-name: 0077-FIPS-140-3-zeroization.patch
{ Patch-id: 77
- BN_free(params->p); Patch-status: |
- BN_free(params->q); # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
- BN_free(params->g); From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
- BN_free(params->j); ---
+ BN_clear_free(params->p); crypto/ec/ec_lib.c | 4 ++++
+ BN_clear_free(params->q); crypto/ffc/ffc_params.c | 8 ++++----
+ BN_clear_free(params->g); crypto/rsa/rsa_lib.c | 4 ++--
+ BN_clear_free(params->j); providers/implementations/kdfs/hkdf.c | 2 +-
OPENSSL_free(params->seed); providers/implementations/kdfs/pbkdf2.c | 2 +-
ossl_ffc_params_init(params); 5 files changed, 12 insertions(+), 8 deletions(-)
}
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6c37bf78ae..cfbc3c3c1d 100644
- BN_free(r->n); --- a/crypto/ec/ec_lib.c
- BN_free(r->e); +++ b/crypto/ec/ec_lib.c
+ BN_clear_free(r->n); @@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
void EC_POINT_free(EC_POINT *point) void EC_POINT_free(EC_POINT *point)
{ {
@ -74,3 +37,66 @@ diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_li
} }
void EC_POINT_clear_free(EC_POINT *point) void EC_POINT_clear_free(EC_POINT *point)
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 3536efd1ad..f3c164b8fc 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 9588a75964..76b4aac6fc 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index daa619b8af..5304baa6c9 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 5c3e7b95ce..349c3dd657 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx)
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
--
2.41.0

175
openssl.spec
View File

@ -40,103 +40,84 @@ Source7: renew-dummy-cert
Source9: configuration-switch.h Source9: configuration-switch.h
Source10: configuration-prefix.h Source10: configuration-prefix.h
Source14: 0025-for-tests.patch Source14: 0025-for-tests.patch
# # Patches exported from source git
# Patches exported from source git # # Aarch64 and ppc64le use lib64
# Aarch64 and ppc64le use lib64 Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch # # Use more general default values in openssl.cnf
# Use more general default values in openssl.cnf Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch # # Do not install html docs
# Do not install html docs Patch3: 0003-Do-not-install-html-docs.patch
Patch3: 0003-Do-not-install-html-docs.patch # # Override default paths for the CA directory tree
# Override default paths for the CA directory tree Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch # # apps/ca: fix md option help text
# apps/ca: fix md option help text Patch5: 0005-apps-ca-fix-md-option-help-text.patch
Patch5: 0005-apps-ca-fix-md-option-help-text.patch # # Disable signature verification with totally unsafe hash algorithms
# Disable signature verification with totally unsafe hash algorithms Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch # # Add support for PROFILE=SYSTEM system default cipherlist
# Add support for PROFILE=SYSTEM system default cipherlist Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch # # Add FIPS_mode() compatibility macro
# Add FIPS_mode() compatibility macro Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch # # Add check to see if fips flag is enabled in kernel
# Add check to see if fips flag is enabled in kernel Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch # # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so # # that new modifications made to these files by upstream are not lost.
# that new modifications made to these files by upstream are not lost. Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch # # remove unsupported EC curves
# remove unsupported EC curves Patch11: 0011-Remove-EC-curves.patch
Patch11: 0011-Remove-EC-curves.patch # # Disable explicit EC curves
# Disable explicit EC curves # # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch
Patch12: 0012-Disable-explicit-ec.patch # # Skipped tests from former 0011-Remove-EC-curves.patch
#Skipped tests from former 0011-Remove-EC-curves.patch Patch13: 0013-skipped-tests-EC-curves.patch
Patch13: 0013-skipped-tests-EC-curves.patch # # Instructions to load legacy provider in openssl.cnf
# Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch
Patch24: 0024-load-legacy-prov.patch # # Tmp: test name change
# Tmp: test name change Patch31: 0031-tmp-Fix-test-names.patch
Patch31: 0031-tmp-Fix-test-names.patch # # We load FIPS provider and set FIPS properties implicitly
# We load FIPS provider and set FIPS properties implicitly Patch32: 0032-Force-fips.patch
Patch32: 0032-Force-fips.patch # # Embed HMAC into the fips.so
# Embed HMAC into the fips.so Patch33: 0033-FIPS-embed-hmac.patch
Patch33: 0033-FIPS-embed-hmac.patch # # Comment out fipsinstall command-line utility
# Comment out fipsinstall command-line utility Patch34: 0034.fipsinstall_disable.patch
Patch34: 0034.fipsinstall_disable.patch # # Skip unavailable algorithms running `openssl speed`
# Skip unavailable algorithms running `openssl speed` Patch35: 0035-speed-skip-unavailable-dgst.patch
Patch35: 0035-speed-skip-unavailable-dgst.patch # # Extra public/private key checks required by FIPS-140-3
# Extra public/private key checks required by FIPS-140-3 Patch44: 0044-FIPS-140-3-keychecks.patch
Patch44: 0044-FIPS-140-3-keychecks.patch # # Minimize fips services
# Minimize fips services Patch45: 0045-FIPS-services-minimize.patch
Patch45: 0045-FIPS-services-minimize.patch # # Execute KATS before HMAC verification
# Execute KATS before HMAC verification Patch47: 0047-FIPS-early-KATS.patch
Patch47: 0047-FIPS-early-KATS.patch # # Selectively disallow SHA1 signatures rhbz#2070977
%if 0%{?rhel} Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
# Selectively disallow SHA1 signatures # # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
%else # # https://github.com/openssl/openssl/pull/18103
# Selectively disallow SHA1 signatures rhbz#2070977 # # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch # # so the patch should persist
%endif Patch56: 0056-strcasecmp.patch
%if 0%{?rhel} # # https://github.com/openssl/openssl/pull/18175
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes # # Patch57: 0057-strcasecmp-fix.patch
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
%else Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) # # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
%endif # 0062-fips-Expose-a-FIPS-indicator.patch
%if 0%{?rhel} Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# no USDT probe instrumentation required # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
%else Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# Instrument with USDT probes related to SHA-1 deprecation # [PATCH 30/35]
#Patch53: 0053-Add-SHA1-probes.patch # 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
%endif Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
# https://github.com/openssl/openssl/pull/18103 # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# so the patch should persist # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
Patch56: 0056-strcasecmp.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
# https://github.com/openssl/openssl/pull/18175 Patch76: 0076-FIPS-140-3-DRBG.patch
# Patch57: 0057-strcasecmp-fix.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch77: 0077-FIPS-140-3-zeroization.patch
Patch58: 0058-FIPS-limit-rsa-encrypt.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch # # https://github.com/openssl/openssl/pull/13817
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
%if 0%{?rhel}
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
%else
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
%endif
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
# https://github.com/openssl/openssl/pull/13817
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
License: ASL 2.0 License: ASL 2.0