diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch index 1a4ea0d..5f82475 100644 --- a/0032-Force-fips.patch +++ b/0032-Force-fips.patch @@ -7,6 +7,14 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c --- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 +++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 +@@ -36,6 +36,7 @@ static int prov_already_activated(const + #include + #include + #include ++#include + #include + #include + #include @@ -136,58 +136,18 @@ static int prov_already_activated(const return 0; } @@ -143,17 +151,28 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi } else { OSSL_PROVIDER_INFO entry; -@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU +@@ -306,6 +317,30 @@ static int provider_conf_init(CONF_IMODU return 0; } + if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ + OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); -+ PROVIDER_CONF_GLOBAL *pcgbl -+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -+ &provider_conf_ossl_ctx_method); -+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) -+ return 0; ++# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf" ++ ++ if (access(FIPS_LOCAL_CONF, R_OK) == 0) { ++ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default()); ++ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0) ++ return 0; ++ ++ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) { ++ NCONF_free(fips_conf); ++ return 0; ++ } ++ NCONF_free(fips_conf); ++ } else { ++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ } + if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) + return 0; + if (EVP_default_properties_enable_fips(libctx, 1) != 1) diff --git a/0078-KDF-Add-FIPS-indicators.patch b/0078-KDF-Add-FIPS-indicators.patch index 1090ffa..40e390a 100644 --- a/0078-KDF-Add-FIPS-indicators.patch +++ b/0078-KDF-Add-FIPS-indicators.patch @@ -115,7 +115,7 @@ index dfa7786bde..f01e40ff5a 100644 size_t info_len; + int is_tls13; +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } KDF_HKDF; @@ -126,7 +126,7 @@ index dfa7786bde..f01e40ff5a 100644 +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + switch (ctx->mode) { @@ -172,7 +172,7 @@ index dfa7786bde..f01e40ff5a 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + if (ctx->is_tls13) { @@ -248,7 +248,7 @@ index dfa7786bde..f01e40ff5a 100644 +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + switch (ctx->mode) { @@ -282,7 +282,7 @@ index a542f84dfa..6b6dfb94ac 100644 int use_l; int use_separator; +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } KBKDF; @@ -301,7 +301,7 @@ index a542f84dfa..6b6dfb94ac 100644 +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init); @@ -355,7 +355,7 @@ index a542f84dfa..6b6dfb94ac 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module @@ -409,7 +409,7 @@ index c592ba72f1..4a52b38266 100644 unsigned char *session_id; size_t session_id_len; +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } KDF_SSHKDF; @@ -421,7 +421,7 @@ index c592ba72f1..4a52b38266 100644 + +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + return SSHKDF(md, ctx->key, ctx->key_len, @@ -465,7 +465,7 @@ index c592ba72f1..4a52b38266 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module @@ -518,7 +518,7 @@ index eb54972e1c..23865cd70f 100644 size_t out_len; /* optional KMAC parameter */ + int is_x963kdf; +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } KDF_SSKDF; @@ -554,7 +554,7 @@ index eb54972e1c..23865cd70f 100644 +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + if (ctx->macctx != NULL) { @@ -566,7 +566,7 @@ index eb54972e1c..23865cd70f 100644 +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ + return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, @@ -609,7 +609,7 @@ index eb54972e1c..23865cd70f 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module @@ -682,7 +682,7 @@ index a4d64b9352..f6782a6ca2 100644 + PROV_DIGEST digest; + +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } TLS1_PRF; @@ -701,7 +701,7 @@ index a4d64b9352..f6782a6ca2 100644 } +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ return tls1_prf_alg(ctx->P_hash, ctx->P_sha1, @@ -753,7 +753,7 @@ index a4d64b9352..f6782a6ca2 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3) @@ -813,7 +813,7 @@ index b1bc6f7e1b..8173fc2cc7 100644 size_t cek_oid_len; int use_keybits; +#ifdef FIPS_MODULE -+ int output_keylen_indicator; ++ int fips_indicator; +#endif /* defined(FIPS_MODULE) */ } KDF_X942; @@ -824,7 +824,7 @@ index b1bc6f7e1b..8173fc2cc7 100644 } +#ifdef FIPS_MODULE + if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +#endif /* defined(FIPS_MODULE) */ ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, der, der_len, ctr, key, keylen); @@ -866,7 +866,7 @@ index b1bc6f7e1b..8173fc2cc7 100644 + * be longer than that. If a derived key has ever been shorter than + * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we + * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module diff --git a/0114-FIPS-enforce-EMS-support.patch b/0114-FIPS-enforce-EMS-support.patch index 3b38deb..d10901f 100644 --- a/0114-FIPS-enforce-EMS-support.patch +++ b/0114-FIPS-enforce-EMS-support.patch @@ -151,7 +151,7 @@ index b86b27d236f3..b881f46f36ad 100644 fgbl->fips_security_checks = 1; fgbl->fips_security_check_option = "1"; -+ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled */ ++ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled by default */ + fgbl->fips_tls1_prf_ems_check_option = "1"; + return fgbl; @@ -161,7 +161,7 @@ index b86b27d236f3..b881f46f36ad 100644 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0), -+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0), /* Ignored in RHEL */ ++ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_END }; @@ -182,10 +182,10 @@ index b86b27d236f3..b881f46f36ad 100644 OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, (char **)&fgbl->fips_security_check_option, sizeof(fgbl->fips_security_check_option)); -+ /* *p++ = OSSL_PARAM_construct_utf8_ptr( ++ *p++ = OSSL_PARAM_construct_utf8_ptr( + OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK, + (char **)&fgbl->fips_tls1_prf_ems_check_option, -+ sizeof(fgbl->fips_tls1_prf_ems_check_option)); */ /* Ignored in RHEL */ ++ sizeof(fgbl->fips_tls1_prf_ems_check_option)); *p = OSSL_PARAM_construct_end(); if (!c_get_params(fgbl->handle, core_params)) { @@ -199,12 +199,14 @@ index b86b27d236f3..b881f46f36ad 100644 return 1; } -@@ -703,6 +718,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, +@@ -703,6 +718,11 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, && strcmp(fgbl->fips_security_check_option, "0") == 0) fgbl->fips_security_checks = 0; -+ /* Enable the ems check. */ -+ fgbl->fips_tls1_prf_ems_check = 1; ++ /* Disable the ems check if it's disabled in the fips config file. */ ++ if (fgbl->fips_tls1_prf_ems_check_option != NULL ++ && strcmp(fgbl->fips_tls1_prf_ems_check_option, "0") == 0) ++ fgbl->fips_tls1_prf_ems_check = 0; + ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); @@ -268,8 +270,8 @@ index 8a3807308408..2c2dbf31cc0b 100644 if (!ossl_prov_is_running() || !kdf_tls1_prf_set_ctx_params(ctx, params)) return 0; -@@ -181,6 +192,21 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, - ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; +@@ -181,6 +192,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, + ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; #endif /* defined(FIPS_MODULE) */ + /* @@ -278,6 +280,12 @@ index 8a3807308408..2c2dbf31cc0b 100644 + * We do the check this way since the PRF is used for other purposes, as well + * as "extended master secret". + */ ++#ifdef FIPS_MODULE ++ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE ++ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, ++ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ + if (ossl_tls1_prf_ems_check_enabled(libctx)) { + if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE + && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, @@ -462,7 +470,7 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat { - if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) + if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) { -+ if (FIPS_mode()) { ++ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED); + return EXT_RETURN_FAIL; + } @@ -471,3 +479,61 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) || !WPACKET_put_bytes_u16(pkt, 0)) { +diff -up openssl-3.0.7/include/openssl/ssl.h.in.fipsems openssl-3.0.7/include/openssl/ssl.h.in +--- openssl-3.0.7/include/openssl/ssl.h.in.fipsems 2023-07-11 12:35:27.951610366 +0200 ++++ openssl-3.0.7/include/openssl/ssl.h.in 2023-07-11 12:36:25.234754680 +0200 +@@ -412,6 +412,7 @@ typedef int (*SSL_async_callback_fn)(SSL + * interoperability with CryptoPro CSP 3.x + */ + # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) ++# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48) + + /* + * Option "collections." +diff -up openssl-3.0.7/ssl/ssl_conf.c.fipsems openssl-3.0.7/ssl/ssl_conf.c +--- openssl-3.0.7/ssl/ssl_conf.c.fipsems 2023-07-11 12:36:51.465278672 +0200 ++++ openssl-3.0.7/ssl/ssl_conf.c 2023-07-11 12:44:53.365675720 +0200 +@@ -387,6 +387,7 @@ static const ssl_conf_cmd_tbl ssl_conf_c + SSL_FLAG_TBL("ClientRenegotiation", + SSL_OP_ALLOW_CLIENT_RENEGOTIATION), + SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), ++ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS), + SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), + SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), + SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), +diff -up openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod +--- openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems 2023-07-12 13:54:22.508235187 +0200 ++++ openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod 2023-07-12 13:56:51.089613902 +0200 +@@ -524,6 +524,9 @@ B: use extended ma + default. Inverse of B: that is, + B<-ExtendedMasterSecret> is the same as setting B. + ++B: allow establishing connections without EMS in FIPS mode. ++This is a RedHat-based OS specific option, and normally it should be set up via crypto policies. ++ + B: use CA names extension, enabled by + default. Inverse of B: that is, + B<-CANames> is the same as setting B. +diff -up openssl-3.0.7/doc/man5/fips_config.pod.fipsems openssl-3.0.7/doc/man5/fips_config.pod +--- openssl-3.0.7/doc/man5/fips_config.pod.fipsems 2023-07-12 15:39:57.732206731 +0200 ++++ openssl-3.0.7/doc/man5/fips_config.pod 2023-07-12 15:53:45.722885419 +0200 +@@ -11,6 +11,19 @@ automatically loaded when the system is + environment variable B is set. See the documentation + for more information. + ++Red Hat Enterprise Linux uses a supplementary config for FIPS module located in ++OpenSSL configuration directory and managed by crypto policies. If present, it ++should have format ++ ++ [fips_sect] ++ tls1-prf-ems-check = 0 ++ activate = 1 ++ ++The B option specifies whether FIPS module will require the ++presence of extended master secret or not. ++ ++The B option enforces FIPS provider activation. ++ + =head1 COPYRIGHT + + Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/openssl.spec b/openssl.spec index 76466df..fd73673 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.7 -Release: 22%{?dist} +Release: 23%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -520,6 +520,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Tue Jul 11 2023 Dmitry Belyavskiy - 1:3.0.7-23 +- Add a workaround for lack of EMS in FIPS mode + Resolves: rhbz#2216256 + * Thu Jul 06 2023 Sahana Prasad - 1:3.0.7-22 - Remove unsupported curves from nist_curves. Resolves: rhbz#2069336