forked from rpms/openssl
Add a workaround for lack of EMS in FIPS mode
Resolves: rhbz#2216256
This commit is contained in:
parent
8fb737bf79
commit
217cd631e8
@ -7,6 +7,14 @@
|
|||||||
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
||||||
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
||||||
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
||||||
|
@@ -36,6 +36,7 @@ static int prov_already_activated(const
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/trace.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
#include <openssl/conf.h>
|
||||||
|
#include <openssl/safestack.h>
|
||||||
|
#include <openssl/provider.h>
|
||||||
@@ -136,58 +136,18 @@ static int prov_already_activated(const
|
@@ -136,58 +136,18 @@ static int prov_already_activated(const
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -143,17 +151,28 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
|
|||||||
} else {
|
} else {
|
||||||
OSSL_PROVIDER_INFO entry;
|
OSSL_PROVIDER_INFO entry;
|
||||||
|
|
||||||
@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
|
@@ -306,6 +317,30 @@ static int provider_conf_init(CONF_IMODU
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
||||||
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
||||||
+ PROVIDER_CONF_GLOBAL *pcgbl
|
+# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf"
|
||||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
+
|
||||||
+ &provider_conf_ossl_ctx_method);
|
+ if (access(FIPS_LOCAL_CONF, R_OK) == 0) {
|
||||||
|
+ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
|
||||||
|
+ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
|
||||||
|
+ NCONF_free(fips_conf);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ NCONF_free(fips_conf);
|
||||||
|
+ } else {
|
||||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
|
+ }
|
||||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
||||||
|
@ -115,7 +115,7 @@ index dfa7786bde..f01e40ff5a 100644
|
|||||||
size_t info_len;
|
size_t info_len;
|
||||||
+ int is_tls13;
|
+ int is_tls13;
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} KDF_HKDF;
|
} KDF_HKDF;
|
||||||
|
|
||||||
@ -126,7 +126,7 @@ index dfa7786bde..f01e40ff5a 100644
|
|||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
switch (ctx->mode) {
|
switch (ctx->mode) {
|
||||||
@ -172,7 +172,7 @@ index dfa7786bde..f01e40ff5a 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ if (ctx->is_tls13) {
|
+ if (ctx->is_tls13) {
|
||||||
@ -248,7 +248,7 @@ index dfa7786bde..f01e40ff5a 100644
|
|||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
switch (ctx->mode) {
|
switch (ctx->mode) {
|
||||||
@ -282,7 +282,7 @@ index a542f84dfa..6b6dfb94ac 100644
|
|||||||
int use_l;
|
int use_l;
|
||||||
int use_separator;
|
int use_separator;
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} KBKDF;
|
} KBKDF;
|
||||||
|
|
||||||
@ -301,7 +301,7 @@ index a542f84dfa..6b6dfb94ac 100644
|
|||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
|
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
|
||||||
@ -355,7 +355,7 @@ index a542f84dfa..6b6dfb94ac 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||||
@ -409,7 +409,7 @@ index c592ba72f1..4a52b38266 100644
|
|||||||
unsigned char *session_id;
|
unsigned char *session_id;
|
||||||
size_t session_id_len;
|
size_t session_id_len;
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} KDF_SSHKDF;
|
} KDF_SSHKDF;
|
||||||
|
|
||||||
@ -421,7 +421,7 @@ index c592ba72f1..4a52b38266 100644
|
|||||||
+
|
+
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
return SSHKDF(md, ctx->key, ctx->key_len,
|
return SSHKDF(md, ctx->key, ctx->key_len,
|
||||||
@ -465,7 +465,7 @@ index c592ba72f1..4a52b38266 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||||
@ -518,7 +518,7 @@ index eb54972e1c..23865cd70f 100644
|
|||||||
size_t out_len; /* optional KMAC parameter */
|
size_t out_len; /* optional KMAC parameter */
|
||||||
+ int is_x963kdf;
|
+ int is_x963kdf;
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} KDF_SSKDF;
|
} KDF_SSKDF;
|
||||||
|
|
||||||
@ -554,7 +554,7 @@ index eb54972e1c..23865cd70f 100644
|
|||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
if (ctx->macctx != NULL) {
|
if (ctx->macctx != NULL) {
|
||||||
@ -566,7 +566,7 @@ index eb54972e1c..23865cd70f 100644
|
|||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+
|
+
|
||||||
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
|
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||||
@ -609,7 +609,7 @@ index eb54972e1c..23865cd70f 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||||
@ -682,7 +682,7 @@ index a4d64b9352..f6782a6ca2 100644
|
|||||||
+ PROV_DIGEST digest;
|
+ PROV_DIGEST digest;
|
||||||
+
|
+
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} TLS1_PRF;
|
} TLS1_PRF;
|
||||||
|
|
||||||
@ -701,7 +701,7 @@ index a4d64b9352..f6782a6ca2 100644
|
|||||||
}
|
}
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
|
||||||
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
|
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
|
||||||
@ -753,7 +753,7 @@ index a4d64b9352..f6782a6ca2 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3)
|
+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3)
|
||||||
@ -813,7 +813,7 @@ index b1bc6f7e1b..8173fc2cc7 100644
|
|||||||
size_t cek_oid_len;
|
size_t cek_oid_len;
|
||||||
int use_keybits;
|
int use_keybits;
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ int output_keylen_indicator;
|
+ int fips_indicator;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
} KDF_X942;
|
} KDF_X942;
|
||||||
|
|
||||||
@ -824,7 +824,7 @@ index b1bc6f7e1b..8173fc2cc7 100644
|
|||||||
}
|
}
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
+ ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
|
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||||
der, der_len, ctr, key, keylen);
|
der, der_len, ctr, key, keylen);
|
||||||
@ -866,7 +866,7 @@ index b1bc6f7e1b..8173fc2cc7 100644
|
|||||||
+ * be longer than that. If a derived key has ever been shorter than
|
+ * be longer than that. If a derived key has ever been shorter than
|
||||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||||
+ * should also set the returned FIPS indicator to unapproved. */
|
+ * should also set the returned FIPS indicator to unapproved. */
|
||||||
+ if (ctx->output_keylen_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+
|
+
|
||||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||||
|
@ -151,7 +151,7 @@ index b86b27d236f3..b881f46f36ad 100644
|
|||||||
fgbl->fips_security_checks = 1;
|
fgbl->fips_security_checks = 1;
|
||||||
fgbl->fips_security_check_option = "1";
|
fgbl->fips_security_check_option = "1";
|
||||||
|
|
||||||
+ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled */
|
+ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled by default */
|
||||||
+ fgbl->fips_tls1_prf_ems_check_option = "1";
|
+ fgbl->fips_tls1_prf_ems_check_option = "1";
|
||||||
+
|
+
|
||||||
return fgbl;
|
return fgbl;
|
||||||
@ -161,7 +161,7 @@ index b86b27d236f3..b881f46f36ad 100644
|
|||||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
|
||||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
|
||||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0),
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0),
|
||||||
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0), /* Ignored in RHEL */
|
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0),
|
||||||
OSSL_PARAM_END
|
OSSL_PARAM_END
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -182,10 +182,10 @@ index b86b27d236f3..b881f46f36ad 100644
|
|||||||
OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS,
|
OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS,
|
||||||
(char **)&fgbl->fips_security_check_option,
|
(char **)&fgbl->fips_security_check_option,
|
||||||
sizeof(fgbl->fips_security_check_option));
|
sizeof(fgbl->fips_security_check_option));
|
||||||
+ /* *p++ = OSSL_PARAM_construct_utf8_ptr(
|
+ *p++ = OSSL_PARAM_construct_utf8_ptr(
|
||||||
+ OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
|
+ OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
|
||||||
+ (char **)&fgbl->fips_tls1_prf_ems_check_option,
|
+ (char **)&fgbl->fips_tls1_prf_ems_check_option,
|
||||||
+ sizeof(fgbl->fips_tls1_prf_ems_check_option)); */ /* Ignored in RHEL */
|
+ sizeof(fgbl->fips_tls1_prf_ems_check_option));
|
||||||
*p = OSSL_PARAM_construct_end();
|
*p = OSSL_PARAM_construct_end();
|
||||||
|
|
||||||
if (!c_get_params(fgbl->handle, core_params)) {
|
if (!c_get_params(fgbl->handle, core_params)) {
|
||||||
@ -199,12 +199,14 @@ index b86b27d236f3..b881f46f36ad 100644
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -703,6 +718,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
@@ -703,6 +718,11 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
||||||
&& strcmp(fgbl->fips_security_check_option, "0") == 0)
|
&& strcmp(fgbl->fips_security_check_option, "0") == 0)
|
||||||
fgbl->fips_security_checks = 0;
|
fgbl->fips_security_checks = 0;
|
||||||
|
|
||||||
+ /* Enable the ems check. */
|
+ /* Disable the ems check if it's disabled in the fips config file. */
|
||||||
+ fgbl->fips_tls1_prf_ems_check = 1;
|
+ if (fgbl->fips_tls1_prf_ems_check_option != NULL
|
||||||
|
+ && strcmp(fgbl->fips_tls1_prf_ems_check_option, "0") == 0)
|
||||||
|
+ fgbl->fips_tls1_prf_ems_check = 0;
|
||||||
+
|
+
|
||||||
ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
|
ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
|
||||||
|
|
||||||
@ -268,8 +270,8 @@ index 8a3807308408..2c2dbf31cc0b 100644
|
|||||||
|
|
||||||
if (!ossl_prov_is_running() || !kdf_tls1_prf_set_ctx_params(ctx, params))
|
if (!ossl_prov_is_running() || !kdf_tls1_prf_set_ctx_params(ctx, params))
|
||||||
return 0;
|
return 0;
|
||||||
@@ -181,6 +192,21 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
@@ -181,6 +192,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||||
ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
#endif /* defined(FIPS_MODULE) */
|
#endif /* defined(FIPS_MODULE) */
|
||||||
|
|
||||||
+ /*
|
+ /*
|
||||||
@ -278,6 +280,12 @@ index 8a3807308408..2c2dbf31cc0b 100644
|
|||||||
+ * We do the check this way since the PRF is used for other purposes, as well
|
+ * We do the check this way since the PRF is used for other purposes, as well
|
||||||
+ * as "extended master secret".
|
+ * as "extended master secret".
|
||||||
+ */
|
+ */
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||||
|
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||||
|
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
||||||
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
|
+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
|
||||||
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||||
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||||
@ -462,7 +470,7 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat
|
|||||||
{
|
{
|
||||||
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
|
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
|
||||||
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
|
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
|
||||||
+ if (FIPS_mode()) {
|
+ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
|
||||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
||||||
+ return EXT_RETURN_FAIL;
|
+ return EXT_RETURN_FAIL;
|
||||||
+ }
|
+ }
|
||||||
@ -471,3 +479,61 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat
|
|||||||
|
|
||||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|
||||||
|| !WPACKET_put_bytes_u16(pkt, 0)) {
|
|| !WPACKET_put_bytes_u16(pkt, 0)) {
|
||||||
|
diff -up openssl-3.0.7/include/openssl/ssl.h.in.fipsems openssl-3.0.7/include/openssl/ssl.h.in
|
||||||
|
--- openssl-3.0.7/include/openssl/ssl.h.in.fipsems 2023-07-11 12:35:27.951610366 +0200
|
||||||
|
+++ openssl-3.0.7/include/openssl/ssl.h.in 2023-07-11 12:36:25.234754680 +0200
|
||||||
|
@@ -412,6 +412,7 @@ typedef int (*SSL_async_callback_fn)(SSL
|
||||||
|
* interoperability with CryptoPro CSP 3.x
|
||||||
|
*/
|
||||||
|
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
|
||||||
|
+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Option "collections."
|
||||||
|
diff -up openssl-3.0.7/ssl/ssl_conf.c.fipsems openssl-3.0.7/ssl/ssl_conf.c
|
||||||
|
--- openssl-3.0.7/ssl/ssl_conf.c.fipsems 2023-07-11 12:36:51.465278672 +0200
|
||||||
|
+++ openssl-3.0.7/ssl/ssl_conf.c 2023-07-11 12:44:53.365675720 +0200
|
||||||
|
@@ -387,6 +387,7 @@ static const ssl_conf_cmd_tbl ssl_conf_c
|
||||||
|
SSL_FLAG_TBL("ClientRenegotiation",
|
||||||
|
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
|
||||||
|
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
|
||||||
|
+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
|
||||||
|
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
|
||||||
|
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
|
||||||
|
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
|
||||||
|
diff -up openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod
|
||||||
|
--- openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems 2023-07-12 13:54:22.508235187 +0200
|
||||||
|
+++ openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod 2023-07-12 13:56:51.089613902 +0200
|
||||||
|
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended ma
|
||||||
|
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
|
||||||
|
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
|
||||||
|
|
||||||
|
+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
|
||||||
|
+This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
|
||||||
|
+
|
||||||
|
B<CANames>: use CA names extension, enabled by
|
||||||
|
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
|
||||||
|
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
|
||||||
|
diff -up openssl-3.0.7/doc/man5/fips_config.pod.fipsems openssl-3.0.7/doc/man5/fips_config.pod
|
||||||
|
--- openssl-3.0.7/doc/man5/fips_config.pod.fipsems 2023-07-12 15:39:57.732206731 +0200
|
||||||
|
+++ openssl-3.0.7/doc/man5/fips_config.pod 2023-07-12 15:53:45.722885419 +0200
|
||||||
|
@@ -11,6 +11,19 @@ automatically loaded when the system is
|
||||||
|
environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
|
||||||
|
for more information.
|
||||||
|
|
||||||
|
+Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
|
||||||
|
+OpenSSL configuration directory and managed by crypto policies. If present, it
|
||||||
|
+should have format
|
||||||
|
+
|
||||||
|
+ [fips_sect]
|
||||||
|
+ tls1-prf-ems-check = 0
|
||||||
|
+ activate = 1
|
||||||
|
+
|
||||||
|
+The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
|
||||||
|
+presence of extended master secret or not.
|
||||||
|
+
|
||||||
|
+The B<activate> option enforces FIPS provider activation.
|
||||||
|
+
|
||||||
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
|
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 22%{?dist}
|
Release: 23%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -520,6 +520,10 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23
|
||||||
|
- Add a workaround for lack of EMS in FIPS mode
|
||||||
|
Resolves: rhbz#2216256
|
||||||
|
|
||||||
* Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22
|
* Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22
|
||||||
- Remove unsupported curves from nist_curves.
|
- Remove unsupported curves from nist_curves.
|
||||||
Resolves: rhbz#2069336
|
Resolves: rhbz#2069336
|
||||||
|
Loading…
Reference in New Issue
Block a user