forked from rpms/openssl
import CS openssl-3.0.7-27.el9
This commit is contained in:
parent
695792d9dd
commit
c484e9ca10
@ -30,12 +30,17 @@ index c0afb96716..d6a5fabd16 100644
|
||||
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
|
||||
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
|
||||
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
|
||||
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
|
||||
@@ -53,6 +53,13 @@ tsa_policy3 = 1.2.3.4.5.7
|
||||
|
||||
[openssl_init]
|
||||
providers = provider_sect
|
||||
+# Load default TLS policy configuration
|
||||
+ssl_conf = ssl_module
|
||||
+alg_section = evp_properties
|
||||
+
|
||||
+[ evp_properties ]
|
||||
+#This section is intentionally added empty here
|
||||
+#to be tuned on particular systems
|
||||
|
||||
# List of providers to load
|
||||
[provider_sect]
|
||||
|
@ -26,6 +26,94 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
|
||||
ret->version = priv_key->version;
|
||||
|
||||
if (priv_key->privateKey) {
|
||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
||||
index a84e088c19..6c37bf78ae 100644
|
||||
--- a/crypto/ec/ec_lib.c
|
||||
+++ b/crypto/ec/ec_lib.c
|
||||
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||
goto err;
|
||||
}
|
||||
if (named_group == group) {
|
||||
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
||||
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
||||
+ goto err;
|
||||
+ }
|
||||
+#if 0
|
||||
/*
|
||||
* If we did not find a named group then the encoding should be explicit
|
||||
* if it was specified
|
||||
@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||
goto err;
|
||||
}
|
||||
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
|
||||
+#endif
|
||||
} else {
|
||||
EC_GROUP_free(group);
|
||||
group = named_group;
|
||||
diff --git a/test/ectest.c b/test/ectest.c
|
||||
index 4890b0555e..e11aec5b3b 100644
|
||||
--- a/test/ectest.c
|
||||
+++ b/test/ectest.c
|
||||
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
||||
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|
||||
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|
||||
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|
||||
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
||||
+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
||||
EVP_PKEY_KEY_PARAMETERS, params), 0))
|
||||
goto err;
|
||||
-
|
||||
+/* As creating the key should fail, the rest of the test is pointless */
|
||||
+# if 0
|
||||
/*- Check that all the set values are retrievable -*/
|
||||
|
||||
/* There should be no match to a group name since the generator changed */
|
||||
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
||||
#endif
|
||||
)
|
||||
goto err;
|
||||
+#endif
|
||||
ret = 1;
|
||||
err:
|
||||
BN_free(order_out);
|
||||
@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
|
||||
|
||||
/* Compute keyexchange in both directions */
|
||||
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
||||
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
|
||||
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
||||
|| !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
|
||||
|| !TEST_int_gt(bsize, sslen)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
|
||||
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
|
||||
goto err;
|
||||
if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
||||
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
|
||||
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
||||
|| !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
|
||||
|| !TEST_int_gt(bsize, t)
|
||||
|| !TEST_int_le(sslen, t)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
|
||||
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
|
||||
goto err;
|
||||
-
|
||||
+#if 0
|
||||
/* Both sides should expect the same shared secret */
|
||||
if (!TEST_mem_eq(buf1, sslen, buf2, t))
|
||||
goto err;
|
||||
@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
|
||||
/* compare with previous result */
|
||||
|| !TEST_mem_eq(buf1, t, buf2, sslen))
|
||||
goto err;
|
||||
-
|
||||
+#endif
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
|
||||
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
|
||||
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
|
||||
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
|
||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
|
||||
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
|
||||
@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1
|
||||
tsa_policy2 = 1.2.3.4.5.6
|
||||
tsa_policy3 = 1.2.3.4.5.7
|
||||
|
||||
@ -16,7 +16,9 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
|
||||
[openssl_init]
|
||||
providers = provider_sect
|
||||
# Load default TLS policy configuration
|
||||
ssl_conf = ssl_module
|
||||
@@ -42,23 +42,27 @@ [ evp_properties ]
|
||||
#This section is intentionally added empty here
|
||||
#to be tuned on particular systems
|
||||
|
||||
-# List of providers to load
|
||||
-[provider_sect]
|
||||
@ -52,6 +54,9 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
|
||||
+
|
||||
+##[legacy_sect]
|
||||
+##activate = 1
|
||||
+
|
||||
+#Place the third party provider configuration files into this folder
|
||||
+.include /etc/pki/tls/openssl.d
|
||||
|
||||
[ ssl_module ]
|
||||
|
||||
|
@ -7,10 +7,11 @@
|
||||
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
||||
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
||||
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
||||
@@ -36,6 +36,7 @@ static int prov_already_activated(const
|
||||
@@ -36,6 +36,8 @@ static int prov_already_activated(const
|
||||
#include <string.h>
|
||||
#include <openssl/trace.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <unistd.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/safestack.h>
|
||||
@ -151,7 +152,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
|
||||
} else {
|
||||
OSSL_PROVIDER_INFO entry;
|
||||
|
||||
@@ -306,6 +317,30 @@ static int provider_conf_init(CONF_IMODU
|
||||
@@ -306,6 +317,33 @@ static int provider_conf_init(CONF_IMODU
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -173,6 +174,9 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
|
||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+ /* provider_conf_load can return 1 even wwhen the test is failed so check explicitly */
|
||||
+ if (OSSL_PROVIDER_available(libctx, "fips") != 1)
|
||||
+ return 0;
|
||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
||||
|
@ -57,7 +57,21 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
||||
dh->dirty_cnt++;
|
||||
ok = 1;
|
||||
err:
|
||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
||||
diff -up openssl-3.0.7/crypto/ec/ec_key.c.f188 openssl-3.0.7/crypto/ec/ec_key.c
|
||||
--- openssl-3.0.7/crypto/ec/ec_key.c.f188 2023-11-08 10:58:05.910031253 +0100
|
||||
+++ openssl-3.0.7/crypto/ec/ec_key.c 2023-11-08 10:59:42.338526883 +0100
|
||||
@@ -326,6 +326,11 @@ static int ec_generate_key(EC_KEY *eckey
|
||||
eckey->dirty_cnt++;
|
||||
|
||||
#ifdef FIPS_MODULE
|
||||
+ if (ossl_ec_key_public_check(eckey, ctx) <= 0) {
|
||||
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
pairwise_test = 1;
|
||||
#endif /* FIPS_MODULE */
|
||||
|
||||
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
|
||||
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
|
||||
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
|
||||
@ -360,3 +374,17 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op
|
||||
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
|
||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
|
||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
|
||||
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
|
||||
index e0d139d..35f23b2 100644
|
||||
--- a/crypto/rsa/rsa_gen.c
|
||||
+++ b/crypto/rsa/rsa_gen.c
|
||||
@@ -463,6 +463,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
|
||||
rsa->dmp1 = NULL;
|
||||
rsa->dmq1 = NULL;
|
||||
rsa->iqmp = NULL;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ abort();
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
}
|
||||
}
|
||||
return ok;
|
||||
|
@ -287,22 +287,6 @@ index 699ada7c52..e534ad0a5f 100644
|
||||
return mdnid;
|
||||
}
|
||||
|
||||
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
||||
if (ossl_securitycheck_enabled(ctx))
|
||||
return ossl_digest_get_approved_nid(md) != NID_undef;
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
+
|
||||
+#ifndef FIPS_MODULE
|
||||
+ {
|
||||
+ int mdnid = EVP_MD_nid(md);
|
||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
||||
index de7f0d3a0a..ce54a94fbc 100644
|
||||
--- a/providers/common/securitycheck_default.c
|
||||
|
@ -19,7 +19,7 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
||||
|
||||
-int OPENSSL_strcasecmp(const char *s1, const char *s2)
|
||||
+int
|
||||
+#ifndef FIPS_MODULE
|
||||
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
|
||||
+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
|
||||
+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
|
||||
+#endif
|
||||
@ -33,7 +33,7 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
||||
|
||||
-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
|
||||
+int
|
||||
+#ifndef FIPS_MODULE
|
||||
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
|
||||
+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
|
||||
+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
|
||||
+#endif
|
||||
|
@ -9,21 +9,23 @@ party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme and key
|
||||
agreement schemes, but explicit key confirmation is not implemented and
|
||||
cannot be implemented without protocol changes, and the FIPS provider
|
||||
does not implement trusted third party validation, since it relies on
|
||||
its callers to do that. We must thus mark RSA-OAEP encryption and RSASVE
|
||||
as unapproved until we have received clarification from NIST on how
|
||||
library modules such as OpenSSL should implement TTP validation.
|
||||
its callers to do that. A request for guidance sent to NIST did clarify
|
||||
that OpenSSL can claim KTS-OAEP and RSASVE as approved, but we did add
|
||||
an indicator to mark them as unapproved previously and should thus keep
|
||||
the indicator available.
|
||||
|
||||
This does not affect RSA-OAEP decryption, because it is approved as
|
||||
a component according to the FIPS 140-3 IG, section 2.4.G.
|
||||
|
||||
Resolves: rhbz#2179331
|
||||
Resolves: RHEL-14083
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
include/openssl/core_names.h | 2 ++
|
||||
include/openssl/evp.h | 4 +++
|
||||
.../implementations/asymciphers/rsa_enc.c | 24 +++++++++++++++
|
||||
providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
|
||||
4 files changed, 59 insertions(+), 1 deletion(-)
|
||||
.../implementations/asymciphers/rsa_enc.c | 19 ++++++++++++
|
||||
providers/implementations/kem/rsa_kem.c | 29 ++++++++++++++++++-
|
||||
4 files changed, 53 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 832502a034..e15d208421 100644
|
||||
@ -37,7 +39,7 @@ index 832502a034..e15d208421 100644
|
||||
|
||||
/*
|
||||
* Encoder / decoder parameters
|
||||
@@ -503,6 +504,7 @@ extern "C" {
|
||||
@@ -511,6 +512,7 @@ extern "C" {
|
||||
|
||||
/* KEM parameters */
|
||||
#define OSSL_KEM_PARAM_OPERATION "operation"
|
||||
@ -49,7 +51,7 @@ diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||
index ec2ba46fbd..3803b03422 100644
|
||||
--- a/include/openssl/evp.h
|
||||
+++ b/include/openssl/evp.h
|
||||
@@ -1757,6 +1757,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
|
||||
@@ -1764,6 +1764,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
|
||||
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
|
||||
# endif
|
||||
|
||||
@ -64,25 +66,22 @@ diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/impleme
|
||||
index 568452ec56..2e7ea632d7 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -399,6 +399,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
@@ -452,6 +452,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
|
||||
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
|
||||
+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
|
||||
+ * explicit key confirmation is not implemented here and cannot be
|
||||
+ * implemented without protocol changes, and the FIPS provider does not
|
||||
+ * implement trusted third party validation, since it relies on its
|
||||
+ * callers to do that. We must thus mark RSA-OAEP as unapproved until
|
||||
+ * we have received clarification from NIST on how library modules such
|
||||
+ * as OpenSSL should implement TTP validation. */
|
||||
+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ * callers to do that. A request for guidance sent to NIST resulted in
|
||||
+ * further clarification which allows OpenSSL to claim RSA-OAEP. */
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
@ -92,7 +91,7 @@ index 568452ec56..2e7ea632d7 100644
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -465,6 +493,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
@@ -465,6 +483,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||
#ifdef FIPS_MODULE
|
||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||
@ -104,7 +103,7 @@ diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations
|
||||
index 882cf16125..b4cc0f9237 100644
|
||||
--- a/providers/implementations/kem/rsa_kem.c
|
||||
+++ b/providers/implementations/kem/rsa_kem.c
|
||||
@@ -151,11 +151,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
|
||||
@@ -151,11 +151,38 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
|
||||
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
{
|
||||
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
|
||||
@ -124,10 +123,9 @@ index 882cf16125..b4cc0f9237 100644
|
||||
+ * explicit key confirmation is not implemented here and cannot be
|
||||
+ * implemented without protocol changes, and the FIPS provider does not
|
||||
+ * implement trusted third party validation, since it relies on its
|
||||
+ * callers to do that. We must thus mark RSASVE unapproved until we
|
||||
+ * have received clarification from NIST on how library modules such as
|
||||
+ * OpenSSL should implement TTP validation. */
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ * callers to do that. A request for guidance sent to NIST resulted in
|
||||
+ * further clarification which allows OpenSSL to claim RSASVE. */
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
|
30
SOURCES/0125-CVE-2023-2975.patch
Normal file
30
SOURCES/0125-CVE-2023-2975.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
|
||||
index 45010b90db..b396c8651a 100644
|
||||
--- a/providers/implementations/ciphers/cipher_aes_siv.c
|
||||
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
|
||||
@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
|
||||
- if (inl == 0) {
|
||||
- *outl = 0;
|
||||
- return 1;
|
||||
- }
|
||||
+ /* Ignore just empty encryption/decryption call and not AAD. */
|
||||
+ if (out != NULL) {
|
||||
+ if (inl == 0) {
|
||||
+ if (outl != NULL)
|
||||
+ *outl = 0;
|
||||
+ return 1;
|
||||
+ }
|
||||
|
||||
- if (outsize < inl) {
|
||||
- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
||||
- return 0;
|
||||
+ if (outsize < inl) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
|
74
SOURCES/0126-CVE-2023-3446.patch
Normal file
74
SOURCES/0126-CVE-2023-3446.patch
Normal file
@ -0,0 +1,74 @@
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 0b391910d6..84a926998e 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
|
||||
if (nid != NID_undef)
|
||||
return 1;
|
||||
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (!DH_check_params(dh, ret))
|
||||
return 0;
|
||||
|
||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
||||
index b97871eca7..36420f51d8 100644
|
||||
--- a/include/openssl/dh.h
|
||||
+++ b/include/openssl/dh.h
|
||||
@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
|
||||
# include <openssl/dherr.h>
|
||||
|
||||
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
||||
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
+# endif
|
||||
+
|
||||
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
|
||||
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
|
||||
# endif
|
||||
|
||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
||||
diff --git a/test/dhtest.c b/test/dhtest.c
|
||||
index 7b587f3cfa..f8dd8f3aa7 100644
|
||||
--- a/test/dhtest.c
|
||||
+++ b/test/dhtest.c
|
||||
@@ -73,7 +73,7 @@ static int dh_test(void)
|
||||
goto err1;
|
||||
|
||||
/* check fails, because p is way too small */
|
||||
- if (!DH_check(dh, &i))
|
||||
+ if (!TEST_true(DH_check(dh, &i)))
|
||||
goto err2;
|
||||
i ^= DH_MODULUS_TOO_SMALL;
|
||||
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||
@@ -124,6 +124,17 @@ static int dh_test(void)
|
||||
/* We'll have a stale error on the queue from the above test so clear it */
|
||||
ERR_clear_error();
|
||||
|
||||
+ /* Modulus of size: dh check max modulus bits + 1 */
|
||||
+ if (!TEST_true(BN_set_word(p, 1))
|
||||
+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
|
||||
+ goto err3;
|
||||
+
|
||||
+ /*
|
||||
+ * We expect no checks at all for an excessively large modulus
|
||||
+ */
|
||||
+ if (!TEST_false(DH_check(dh, &i)))
|
||||
+ goto err3;
|
||||
+
|
||||
/*
|
||||
* II) key generation
|
||||
*/
|
||||
@@ -138,7 +149,7 @@ static int dh_test(void)
|
||||
goto err3;
|
||||
|
||||
/* ... and check whether it is valid */
|
||||
- if (!DH_check(a, &i))
|
||||
+ if (!TEST_true(DH_check(a, &i)))
|
||||
goto err3;
|
||||
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|
57
SOURCES/0127-CVE-2023-3817.patch
Normal file
57
SOURCES/0127-CVE-2023-3817.patch
Normal file
@ -0,0 +1,57 @@
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index aef6f9b1b7..fbe2797569 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret)
|
||||
#ifdef FIPS_MODULE
|
||||
return DH_check_params(dh, ret);
|
||||
#else
|
||||
- int ok = 0, r;
|
||||
+ int ok = 0, r, q_good = 0;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||
int nid = DH_get_nid((DH *)dh);
|
||||
@@ -172,6 +172,13 @@ int DH_check(const DH *dh, int *ret)
|
||||
goto err;
|
||||
|
||||
if (dh->params.q != NULL) {
|
||||
+ if (BN_ucmp(dh->params.p, dh->params.q) > 0)
|
||||
+ q_good = 1;
|
||||
+ else
|
||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
|
||||
+ }
|
||||
+
|
||||
+ if (q_good) {
|
||||
if (BN_cmp(dh->params.g, BN_value_one()) <= 0)
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
else if (BN_cmp(dh->params.g, dh->params.p) >= 0)
|
||||
diff --git a/test/dhtest.c b/test/dhtest.c
|
||||
index f8dd8f3aa7..d02b3b7c58 100644
|
||||
--- a/test/dhtest.c
|
||||
+++ b/test/dhtest.c
|
||||
@@ -124,6 +124,15 @@ static int dh_test(void)
|
||||
/* We'll have a stale error on the queue from the above test so clear it */
|
||||
ERR_clear_error();
|
||||
|
||||
+ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
|
||||
+ goto err3;
|
||||
+
|
||||
+ if (!TEST_true(DH_check(dh, &i)))
|
||||
+ goto err3;
|
||||
+ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
|
||||
+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
|
||||
+ goto err3;
|
||||
+
|
||||
/* Modulus of size: dh check max modulus bits + 1 */
|
||||
if (!TEST_true(BN_set_word(p, 1))
|
||||
|| !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
|
||||
@@ -135,6 +144,9 @@ static int dh_test(void)
|
||||
if (!TEST_false(DH_check(dh, &i)))
|
||||
goto err3;
|
||||
|
||||
+ /* We'll have a stale error on the queue from the above test so clear it */
|
||||
+ ERR_clear_error();
|
||||
+
|
||||
/*
|
||||
* II) key generation
|
||||
*/
|
318
SOURCES/0128-CVE-2023-5363.patch
Normal file
318
SOURCES/0128-CVE-2023-5363.patch
Normal file
@ -0,0 +1,318 @@
|
||||
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
|
||||
index d2ed3fd378..6a819590e6 100644
|
||||
--- a/crypto/evp/evp_enc.c
|
||||
+++ b/crypto/evp/evp_enc.c
|
||||
@@ -223,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
+ /*
|
||||
+ * Fix for CVE-2023-5363
|
||||
+ * Passing in a size as part of the init call takes effect late
|
||||
+ * so, force such to occur before the initialisation.
|
||||
+ *
|
||||
+ * The FIPS provider's internal library context is used in a manner
|
||||
+ * such that this is not an issue.
|
||||
+ */
|
||||
+ if (params != NULL) {
|
||||
+ OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
|
||||
+ OSSL_PARAM_END };
|
||||
+ OSSL_PARAM *q = param_lens;
|
||||
+ const OSSL_PARAM *p;
|
||||
+
|
||||
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
|
||||
+ if (p != NULL)
|
||||
+ memcpy(q++, p, sizeof(*q));
|
||||
+
|
||||
+ /*
|
||||
+ * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
|
||||
+ * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
|
||||
+ */
|
||||
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
|
||||
+ if (p != NULL)
|
||||
+ memcpy(q++, p, sizeof(*q));
|
||||
+
|
||||
+ if (q != param_lens) {
|
||||
+ if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
|
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (enc) {
|
||||
if (ctx->cipher->einit == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
|
||||
index cfffa21350..2318bf6a68 100644
|
||||
--- a/test/evp_extra_test.c
|
||||
+++ b/test/evp_extra_test.c
|
||||
@@ -4851,6 +4851,253 @@ static int test_ecx_not_private_key(int tst)
|
||||
return options;
|
||||
}
|
||||
|
||||
+static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
|
||||
+ const unsigned char *gcm_iv, size_t gcm_ivlen,
|
||||
+ const unsigned char *gcm_pt, size_t gcm_pt_s,
|
||||
+ const unsigned char *gcm_aad, size_t gcm_aad_s,
|
||||
+ const unsigned char *gcm_ct, size_t gcm_ct_s,
|
||||
+ const unsigned char *gcm_tag, size_t gcm_tag_s)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_CIPHER_CTX *ctx;
|
||||
+ EVP_CIPHER *cipher = NULL;
|
||||
+ int outlen, tmplen;
|
||||
+ unsigned char outbuf[1024];
|
||||
+ unsigned char outtag[16];
|
||||
+ OSSL_PARAM params[2] = {
|
||||
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||
+ };
|
||||
+
|
||||
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|
||||
+ || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
|
||||
+ &gcm_ivlen);
|
||||
+
|
||||
+ if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
|
||||
+ || (gcm_aad != NULL
|
||||
+ && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
|
||||
+ gcm_aad, gcm_aad_s)))
|
||||
+ || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
|
||||
+ gcm_pt, gcm_pt_s))
|
||||
+ || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
||||
+ outtag, sizeof(outtag));
|
||||
+
|
||||
+ if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
|
||||
+ || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
|
||||
+ || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
|
||||
+ goto err;
|
||||
+
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ EVP_CIPHER_free(cipher);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
|
||||
+ const unsigned char *gcm_iv, size_t gcm_ivlen,
|
||||
+ const unsigned char *gcm_pt, size_t gcm_pt_s,
|
||||
+ const unsigned char *gcm_aad, size_t gcm_aad_s,
|
||||
+ const unsigned char *gcm_ct, size_t gcm_ct_s,
|
||||
+ const unsigned char *gcm_tag, size_t gcm_tag_s)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_CIPHER_CTX *ctx;
|
||||
+ EVP_CIPHER *cipher = NULL;
|
||||
+ int outlen;
|
||||
+ unsigned char outbuf[1024];
|
||||
+ OSSL_PARAM params[2] = {
|
||||
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||
+ };
|
||||
+
|
||||
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
|
||||
+ &gcm_ivlen);
|
||||
+
|
||||
+ if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
|
||||
+ || (gcm_aad != NULL
|
||||
+ && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
|
||||
+ gcm_aad, gcm_aad_s)))
|
||||
+ || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
|
||||
+ gcm_ct, gcm_ct_s))
|
||||
+ || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
||||
+ (void*)gcm_tag, gcm_tag_s);
|
||||
+
|
||||
+ if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
|
||||
+ ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
|
||||
+ goto err;
|
||||
+
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ EVP_CIPHER_free(cipher);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
|
||||
+{
|
||||
+ /* AES-GCM test data obtained from NIST public test vectors */
|
||||
+ static const unsigned char gcm_key[] = {
|
||||
+ 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
|
||||
+ 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
|
||||
+ 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
|
||||
+ };
|
||||
+ static const unsigned char gcm_iv[] = {
|
||||
+ 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
|
||||
+ 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
|
||||
+ 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
|
||||
+ 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
|
||||
+ 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
|
||||
+ 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
|
||||
+ 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
|
||||
+ 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
|
||||
+ 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
|
||||
+ 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
|
||||
+ 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
|
||||
+ };
|
||||
+ static const unsigned char gcm_pt[] = {
|
||||
+ 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
|
||||
+ 0x4f, 0xe3, 0x6f, 0x81,
|
||||
+ };
|
||||
+ static const unsigned char gcm_ct[] = {
|
||||
+ 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
|
||||
+ 0xe2, 0xd0, 0xec, 0xed,
|
||||
+ };
|
||||
+ static const unsigned char gcm_tag[] = {
|
||||
+ 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
|
||||
+ 0xdb, 0x99, 0x6c, 0x21,
|
||||
+ };
|
||||
+
|
||||
+ return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
|
||||
+ gcm_pt, sizeof(gcm_pt), NULL, 0,
|
||||
+ gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
|
||||
+ && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
|
||||
+ gcm_pt, sizeof(gcm_pt), NULL, 0,
|
||||
+ gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
|
||||
+}
|
||||
+
|
||||
+#ifndef OPENSSL_NO_RC4
|
||||
+static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
|
||||
+ const unsigned char *rc4_pt, size_t rc4_pt_s,
|
||||
+ const unsigned char *rc4_ct, size_t rc4_ct_s)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_CIPHER_CTX *ctx;
|
||||
+ EVP_CIPHER *cipher = NULL;
|
||||
+ int outlen, tmplen;
|
||||
+ unsigned char outbuf[1024];
|
||||
+ OSSL_PARAM params[2] = {
|
||||
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||
+ };
|
||||
+
|
||||
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|
||||
+ || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
|
||||
+ &rc4_key_s);
|
||||
+
|
||||
+ if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
|
||||
+ || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
|
||||
+ rc4_pt, rc4_pt_s))
|
||||
+ || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
|
||||
+ goto err;
|
||||
+
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ EVP_CIPHER_free(cipher);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
|
||||
+ const unsigned char *rc4_pt, size_t rc4_pt_s,
|
||||
+ const unsigned char *rc4_ct, size_t rc4_ct_s)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_CIPHER_CTX *ctx;
|
||||
+ EVP_CIPHER *cipher = NULL;
|
||||
+ int outlen;
|
||||
+ unsigned char outbuf[1024];
|
||||
+ OSSL_PARAM params[2] = {
|
||||
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||
+ };
|
||||
+
|
||||
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
|
||||
+ &rc4_key_s);
|
||||
+
|
||||
+ if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
|
||||
+ || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
|
||||
+ rc4_ct, rc4_ct_s))
|
||||
+ || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
|
||||
+ goto err;
|
||||
+
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ EVP_CIPHER_free(cipher);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int test_aes_rc4_keylen_change_cve_2023_5363(void)
|
||||
+{
|
||||
+ /* RC4 test data obtained from RFC 6229 */
|
||||
+ static const struct {
|
||||
+ unsigned char key[5];
|
||||
+ unsigned char padding[11];
|
||||
+ } rc4_key = {
|
||||
+ { /* Five bytes of key material */
|
||||
+ 0x83, 0x32, 0x22, 0x77, 0x2a,
|
||||
+ },
|
||||
+ { /* Random padding to 16 bytes */
|
||||
+ 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
|
||||
+ }
|
||||
+ };
|
||||
+ static const unsigned char rc4_pt[] = {
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
+ };
|
||||
+ static const unsigned char rc4_ct[] = {
|
||||
+ 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
|
||||
+ 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
|
||||
+ };
|
||||
+
|
||||
+ if (lgcyprov == NULL)
|
||||
+ return TEST_skip("Test requires legacy provider to be loaded");
|
||||
+
|
||||
+ return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
|
||||
+ rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
|
||||
+ && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
|
||||
+ rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
OPTION_CHOICE o;
|
||||
@@ -4994,6 +5241,12 @@ int setup_tests(void)
|
||||
|
||||
ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
|
||||
|
||||
+ /* Test cases for CVE-2023-5363 */
|
||||
+ ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
|
||||
+#ifndef OPENSSL_NO_RC4
|
||||
+ ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
|
||||
+#endif
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
49
SOURCES/0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
49
SOURCES/0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From 0d873f9f647764df147d818a6e998b1c318bac31 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Mon, 16 Oct 2023 15:30:26 +0200
|
||||
Subject: [PATCH] rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check
|
||||
|
||||
The code did not yet check that the length of the RSA key is positive
|
||||
and even.
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
Upstream-Status: Backport [8b268541d9aabee51699aef22963407362830ef9]
|
||||
---
|
||||
crypto/rsa/rsa_sp800_56b_check.c | 5 +++++
|
||||
test/rsa_sp800_56b_test.c | 4 ++++
|
||||
2 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
|
||||
index fc8f19b487..e6b79e953d 100644
|
||||
--- a/crypto/rsa/rsa_sp800_56b_check.c
|
||||
+++ b/crypto/rsa/rsa_sp800_56b_check.c
|
||||
@@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||
return 0;
|
||||
}
|
||||
+ /* (Step 3.c): check that the modulus length is a positive even integer */
|
||||
+ if (nbits <= 0 || (nbits & 0x1)) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
ctx = BN_CTX_new_ex(rsa->libctx);
|
||||
if (ctx == NULL)
|
||||
diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c
|
||||
index 7660019f47..aa58bbbe6c 100644
|
||||
--- a/test/rsa_sp800_56b_test.c
|
||||
+++ b/test/rsa_sp800_56b_test.c
|
||||
@@ -458,6 +458,10 @@ static int test_invalid_keypair(void)
|
||||
&& TEST_true(BN_add_word(n, 1))
|
||||
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
|
||||
&& TEST_true(BN_sub_word(n, 1))
|
||||
+ /* check that validation fails if len(n) is not even */
|
||||
+ && TEST_true(BN_lshift1(n, n))
|
||||
+ && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2049))
|
||||
+ && TEST_true(BN_rshift1(n, n))
|
||||
/* check p */
|
||||
&& TEST_true(BN_sub_word(p, 2))
|
||||
&& TEST_true(BN_mul(n, p, q, ctx))
|
||||
--
|
||||
2.41.0
|
||||
|
143
SOURCES/0130-CVE-2023-5678.patch
Normal file
143
SOURCES/0130-CVE-2023-5678.patch
Normal file
@ -0,0 +1,143 @@
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 7ba2beae7f..e20eb62081 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
|
||||
*/
|
||||
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
|
||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
|
||||
}
|
||||
|
||||
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
||||
index 4152397426..f76ac0dd14 100644
|
||||
--- a/crypto/dh/dh_err.c
|
||||
+++ b/crypto/dh/dh_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
||||
"parameter encoding error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
|
||||
"unable to check generator"},
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index d84ea99241..afc49f5cdc 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
goto err;
|
||||
}
|
||||
|
||||
+ if (dh->params.q != NULL
|
||||
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
|
||||
return 0;
|
||||
@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (dh->params.q != NULL
|
||||
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
|
||||
return 0;
|
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||
index e51504b7ab..36de321b74 100644
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -500,6 +500,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
|
||||
DH_R_NO_PRIVATE_VALUE:100:no private value
|
||||
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
||||
DH_R_PEER_KEY_ERROR:111:peer key error
|
||||
+DH_R_Q_TOO_LARGE:130:q too large
|
||||
DH_R_SHARED_INFO_ERROR:113:shared info error
|
||||
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
|
||||
DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
|
||||
diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
|
||||
index bb24d131eb..519327f795 100644
|
||||
--- a/include/crypto/dherr.h
|
||||
+++ b/include/crypto/dherr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
||||
index 6533260f20..50e0cf54be 100644
|
||||
--- a/include/openssl/dh.h
|
||||
+++ b/include/openssl/dh.h
|
||||
@@ -141,7 +141,7 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||
# define DH_GENERATOR_3 3
|
||||
# define DH_GENERATOR_5 5
|
||||
|
||||
-/* DH_check error codes */
|
||||
+/* DH_check error codes, some of them shared with DH_check_pub_key */
|
||||
/*
|
||||
* NB: These values must align with the equivalently named macros in
|
||||
* internal/ffc.h.
|
||||
@@ -151,10 +151,10 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||
# define DH_NOT_SUITABLE_GENERATOR 0x08
|
||||
# define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
-# define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
|
||||
# define DH_CHECK_INVALID_J_VALUE 0x40
|
||||
# define DH_MODULUS_TOO_SMALL 0x80
|
||||
-# define DH_MODULUS_TOO_LARGE 0x100
|
||||
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
|
||||
|
||||
/* DH_check_pub_key error codes */
|
||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
||||
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
||||
index 5d2a762a96..074a70145f 100644
|
||||
--- a/include/openssl/dherr.h
|
||||
+++ b/include/openssl/dherr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -50,6 +50,7 @@
|
||||
# define DH_R_NO_PRIVATE_VALUE 100
|
||||
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
||||
# define DH_R_PEER_KEY_ERROR 111
|
||||
+# define DH_R_Q_TOO_LARGE 130
|
||||
# define DH_R_SHARED_INFO_ERROR 113
|
||||
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
|
||||
|
12
SOURCES/0131-sslgroups-memleak.patch
Normal file
12
SOURCES/0131-sslgroups-memleak.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||
index 51c2283db915d..0928a30c2d37b 100644
|
||||
--- a/ssl/t1_lib.c
|
||||
+++ b/ssl/t1_lib.c
|
||||
@@ -765,6 +765,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
|
||||
tmparr = OPENSSL_memdup(gcb.gid_arr, gcb.gidcnt * sizeof(*tmparr));
|
||||
if (tmparr == NULL)
|
||||
goto end;
|
||||
+ OPENSSL_free(*pext);
|
||||
*pext = tmparr;
|
||||
*pextlen = gcb.gidcnt;
|
||||
ret = 1;
|
86
SOURCES/0132-CVE-2023-6129.patch
Normal file
86
SOURCES/0132-CVE-2023-6129.patch
Normal file
@ -0,0 +1,86 @@
|
||||
diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl
|
||||
index 9f86134d923fb..2e601bb9c24be 100755
|
||||
--- a/crypto/poly1305/asm/poly1305-ppc.pl
|
||||
+++ b/crypto/poly1305/asm/poly1305-ppc.pl
|
||||
@@ -744,7 +744,7 @@
|
||||
my $LOCALS= 6*$SIZE_T;
|
||||
my $VSXFRAME = $LOCALS + 6*$SIZE_T;
|
||||
$VSXFRAME += 128; # local variables
|
||||
- $VSXFRAME += 13*16; # v20-v31 offload
|
||||
+ $VSXFRAME += 12*16; # v20-v31 offload
|
||||
|
||||
my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0;
|
||||
|
||||
@@ -919,12 +919,12 @@
|
||||
addi r11,r11,32
|
||||
stvx v22,r10,$sp
|
||||
addi r10,r10,32
|
||||
- stvx v23,r10,$sp
|
||||
- addi r10,r10,32
|
||||
- stvx v24,r11,$sp
|
||||
+ stvx v23,r11,$sp
|
||||
addi r11,r11,32
|
||||
- stvx v25,r10,$sp
|
||||
+ stvx v24,r10,$sp
|
||||
addi r10,r10,32
|
||||
+ stvx v25,r11,$sp
|
||||
+ addi r11,r11,32
|
||||
stvx v26,r10,$sp
|
||||
addi r10,r10,32
|
||||
stvx v27,r11,$sp
|
||||
@@ -1153,12 +1153,12 @@
|
||||
addi r11,r11,32
|
||||
stvx v22,r10,$sp
|
||||
addi r10,r10,32
|
||||
- stvx v23,r10,$sp
|
||||
- addi r10,r10,32
|
||||
- stvx v24,r11,$sp
|
||||
+ stvx v23,r11,$sp
|
||||
addi r11,r11,32
|
||||
- stvx v25,r10,$sp
|
||||
+ stvx v24,r10,$sp
|
||||
addi r10,r10,32
|
||||
+ stvx v25,r11,$sp
|
||||
+ addi r11,r11,32
|
||||
stvx v26,r10,$sp
|
||||
addi r10,r10,32
|
||||
stvx v27,r11,$sp
|
||||
@@ -1899,26 +1899,26 @@
|
||||
mtspr 256,r12 # restore vrsave
|
||||
lvx v20,r10,$sp
|
||||
addi r10,r10,32
|
||||
- lvx v21,r10,$sp
|
||||
- addi r10,r10,32
|
||||
- lvx v22,r11,$sp
|
||||
+ lvx v21,r11,$sp
|
||||
addi r11,r11,32
|
||||
- lvx v23,r10,$sp
|
||||
+ lvx v22,r10,$sp
|
||||
addi r10,r10,32
|
||||
- lvx v24,r11,$sp
|
||||
+ lvx v23,r11,$sp
|
||||
addi r11,r11,32
|
||||
- lvx v25,r10,$sp
|
||||
+ lvx v24,r10,$sp
|
||||
addi r10,r10,32
|
||||
- lvx v26,r11,$sp
|
||||
+ lvx v25,r11,$sp
|
||||
addi r11,r11,32
|
||||
- lvx v27,r10,$sp
|
||||
+ lvx v26,r10,$sp
|
||||
addi r10,r10,32
|
||||
- lvx v28,r11,$sp
|
||||
+ lvx v27,r11,$sp
|
||||
addi r11,r11,32
|
||||
- lvx v29,r10,$sp
|
||||
+ lvx v28,r10,$sp
|
||||
addi r10,r10,32
|
||||
- lvx v30,r11,$sp
|
||||
- lvx v31,r10,$sp
|
||||
+ lvx v29,r11,$sp
|
||||
+ addi r11,r11,32
|
||||
+ lvx v30,r10,$sp
|
||||
+ lvx v31,r11,$sp
|
||||
$POP r27,`$VSXFRAME-$SIZE_T*5`($sp)
|
||||
$POP r28,`$VSXFRAME-$SIZE_T*4`($sp)
|
||||
$POP r29,`$VSXFRAME-$SIZE_T*3`($sp)
|
93
SOURCES/0133-CVE-2023-6237.patch
Normal file
93
SOURCES/0133-CVE-2023-6237.patch
Normal file
@ -0,0 +1,93 @@
|
||||
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
|
||||
index fc8f19b48770b..bcbdd24fb8199 100644
|
||||
--- a/crypto/rsa/rsa_sp800_56b_check.c
|
||||
+++ b/crypto/rsa/rsa_sp800_56b_check.c
|
||||
@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
|
||||
return 0;
|
||||
|
||||
nbits = BN_num_bits(rsa->n);
|
||||
+ if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
#ifdef FIPS_MODULE
|
||||
/*
|
||||
* (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
|
||||
@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
|
||||
goto err;
|
||||
}
|
||||
|
||||
- ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
|
||||
+ /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
|
||||
+ ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
|
||||
#ifdef FIPS_MODULE
|
||||
if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
|
||||
#else
|
||||
diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
|
||||
index dc7cc64533af2..f8088df14d36c 100644
|
||||
--- a/test/recipes/91-test_pkey_check.t
|
||||
+++ b/test/recipes/91-test_pkey_check.t
|
||||
@@ -70,7 +70,7 @@ push(@positive_tests, (
|
||||
"dhpkey.pem"
|
||||
)) unless disabled("dh");
|
||||
|
||||
-my @negative_pubtests = ();
|
||||
+my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key
|
||||
|
||||
push(@negative_pubtests, (
|
||||
"dsapub_noparam.der"
|
||||
diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
|
||||
new file mode 100644
|
||||
index 0000000000000..9a2eaedaf1b22
|
||||
--- /dev/null
|
||||
+++ b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
|
||||
@@ -0,0 +1,48 @@
|
||||
+-----BEGIN PUBLIC KEY-----
|
||||
+MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR
|
||||
+B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph
|
||||
+gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2
|
||||
+GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/
|
||||
+XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj
|
||||
+b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2
|
||||
+gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq
|
||||
+TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1
|
||||
+vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0
|
||||
+V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j
|
||||
+/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH
|
||||
+SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa
|
||||
+PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y
|
||||
+Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu
|
||||
+C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J
|
||||
+xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo
|
||||
+F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id
|
||||
+aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB
|
||||
+nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi
|
||||
+R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7
|
||||
+kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN
|
||||
+mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux
|
||||
+AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O
|
||||
+f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi
|
||||
+ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH
|
||||
+UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx
|
||||
+wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP
|
||||
+fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4
|
||||
+y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS
|
||||
+Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL
|
||||
+HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ
|
||||
+eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ
|
||||
+EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz
|
||||
+chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq
|
||||
+4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW
|
||||
+gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC
|
||||
+A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK
|
||||
+FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys
|
||||
+26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC
|
||||
+xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J
|
||||
+pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+
|
||||
+k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa
|
||||
+2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q
|
||||
+Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb
|
||||
+77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID
|
||||
+AQAB
|
||||
+-----END PUBLIC KEY-----
|
47
SOURCES/0134-engine-based-ECDHE-kex.patch
Normal file
47
SOURCES/0134-engine-based-ECDHE-kex.patch
Normal file
@ -0,0 +1,47 @@
|
||||
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
|
||||
index 448a3c3043c1c..9010fa6c4638c 100644
|
||||
--- a/crypto/evp/ctrl_params_translate.c
|
||||
+++ b/crypto/evp/ctrl_params_translate.c
|
||||
@@ -1134,6 +1134,7 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
||||
const struct translation_st *translation,
|
||||
struct translation_ctx_st *ctx)
|
||||
{
|
||||
+ char *p2 = NULL;
|
||||
int ret;
|
||||
|
||||
if ((ret = default_check(state, translation, ctx)) <= 0)
|
||||
@@ -1146,13 +1147,25 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
||||
if (state == PRE_CTRL_TO_PARAMS) {
|
||||
ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
|
||||
ctx->p1 = 0;
|
||||
+ } else if (state == PRE_PARAMS_TO_CTRL) {
|
||||
+ /*
|
||||
+ * We're translating from params to ctrl and setting the curve name.
|
||||
+ * The ctrl function needs it to be a NID, but meanwhile, we need
|
||||
+ * space to get the curve name from the param. |ctx->name_buf| is
|
||||
+ * sufficient for that.
|
||||
+ * The double indirection is necessary for default_fixup_args()'s
|
||||
+ * call of OSSL_PARAM_get_utf8_string() to be done correctly.
|
||||
+ */
|
||||
+ p2 = ctx->name_buf;
|
||||
+ ctx->p2 = &p2;
|
||||
+ ctx->sz = sizeof(ctx->name_buf);
|
||||
}
|
||||
|
||||
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
|
||||
return ret;
|
||||
|
||||
if (state == PRE_PARAMS_TO_CTRL) {
|
||||
- ctx->p1 = OBJ_sn2nid(ctx->p2);
|
||||
+ ctx->p1 = OBJ_sn2nid(p2);
|
||||
ctx->p2 = NULL;
|
||||
}
|
||||
|
||||
@@ -2789,6 +2802,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
|
||||
if (translation->fixup_args != NULL)
|
||||
fixup = translation->fixup_args;
|
||||
ctx.action_type = translation->action_type;
|
||||
+ ctx.ctrl_cmd = translation->ctrl_num;
|
||||
}
|
||||
ctx.pctx = pctx;
|
||||
ctx.params = params;
|
178
SOURCES/0135-CVE-2024-0727.patch
Normal file
178
SOURCES/0135-CVE-2024-0727.patch
Normal file
@ -0,0 +1,178 @@
|
||||
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
|
||||
index 6fd4184af5a52..80ce31b3bca66 100644
|
||||
--- a/crypto/pkcs12/p12_add.c
|
||||
+++ b/crypto/pkcs12/p12_add.c
|
||||
@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
|
||||
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+ if (p7->d.data == NULL) {
|
||||
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
|
||||
}
|
||||
|
||||
@@ -150,6 +156,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
|
||||
{
|
||||
if (!PKCS7_type_is_encrypted(p7))
|
||||
return NULL;
|
||||
+
|
||||
+ if (p7->d.encrypted == NULL) {
|
||||
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,
|
||||
ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
|
||||
pass, passlen,
|
||||
@@ -188,6 +200,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
|
||||
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+ if (p12->authsafes->d.data == NULL) {
|
||||
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
p7s = ASN1_item_unpack(p12->authsafes->d.data,
|
||||
ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
|
||||
if (p7s != NULL) {
|
||||
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
|
||||
index 67a885a45f89e..68ff54d0e90ee 100644
|
||||
--- a/crypto/pkcs12/p12_mutl.c
|
||||
+++ b/crypto/pkcs12/p12_mutl.c
|
||||
@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (p12->authsafes->d.data == NULL) {
|
||||
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
salt = p12->mac->salt->data;
|
||||
saltlen = p12->mac->salt->length;
|
||||
if (p12->mac->iter == NULL)
|
||||
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
|
||||
index 62230bc6187ff..1e5b5495991a4 100644
|
||||
--- a/crypto/pkcs12/p12_npas.c
|
||||
+++ b/crypto/pkcs12/p12_npas.c
|
||||
@@ -77,8 +77,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
|
||||
- if (!alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
- &pbe_nid, &pbe_iter, &pbe_saltlen))
|
||||
+ if (p7->d.encrypted == NULL
|
||||
+ || !alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
|
||||
goto err;
|
||||
} else {
|
||||
continue;
|
||||
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
|
||||
index 49a0da5f819c4..8228315eeaa3a 100644
|
||||
--- a/crypto/pkcs7/pk7_mime.c
|
||||
+++ b/crypto/pkcs7/pk7_mime.c
|
||||
@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
|
||||
int ctype_nid = OBJ_obj2nid(p7->type);
|
||||
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
|
||||
|
||||
- if (ctype_nid == NID_pkcs7_signed)
|
||||
+ if (ctype_nid == NID_pkcs7_signed) {
|
||||
+ if (p7->d.sign == NULL)
|
||||
+ return 0;
|
||||
mdalgs = p7->d.sign->md_algs;
|
||||
- else
|
||||
+ } else {
|
||||
mdalgs = NULL;
|
||||
+ }
|
||||
|
||||
flags ^= SMIME_OLDMIME;
|
||||
|
||||
diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
|
||||
index 1f0cb4d501488..b2c376249646d 100644
|
||||
--- a/test/recipes/80-test_pkcs12.t
|
||||
+++ b/test/recipes/80-test_pkcs12.t
|
||||
@@ -9,7 +9,7 @@
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
|
||||
+use OpenSSL::Test qw/:DEFAULT srctop_file with/;
|
||||
use OpenSSL::Test::Utils;
|
||||
|
||||
use Encode;
|
||||
@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) {
|
||||
}
|
||||
$ENV{OPENSSL_WIN32_UTF8}=1;
|
||||
|
||||
-plan tests => 13;
|
||||
+plan tests => 17;
|
||||
|
||||
# Test different PKCS#12 formats
|
||||
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
|
||||
@@ -148,4 +148,25 @@ ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
|
||||
# Test that the expected friendly name is present in the output
|
||||
ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
|
||||
|
||||
+# Test some bad pkcs12 files
|
||||
+my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12");
|
||||
+my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12");
|
||||
+my $bad3 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad3.p12");
|
||||
+
|
||||
+with({ exit_checker => sub { return shift == 1; } },
|
||||
+ sub {
|
||||
+ ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:"])),
|
||||
+ "test bad pkcs12 file 1");
|
||||
+
|
||||
+ ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:",
|
||||
+ "-nomacver"])),
|
||||
+ "test bad pkcs12 file 1 (nomacver)");
|
||||
+
|
||||
+ ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])),
|
||||
+ "test bad pkcs12 file 2");
|
||||
+
|
||||
+ ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])),
|
||||
+ "test bad pkcs12 file 3");
|
||||
+ });
|
||||
+
|
||||
SetConsoleOutputCP($savedcp) if (defined($savedcp));
|
||||
diff --git a/test/recipes/80-test_pkcs12_data/bad1.p12 b/test/recipes/80-test_pkcs12_data/bad1.p12
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..8f3387c7e356e4aa374729f3f3939343557b9c09
|
||||
GIT binary patch
|
||||
literal 85
|
||||
zcmV-b0IL5mQvv}4Fbf6=Duzgg_YDCD0Wd)@F)$4V31Egu0c8UO0s#d81R(r{)waiY
|
||||
rfR=Py6XX<mRyon58xHv)BAVy}k(l(hJwF5pk-=q7<yb@T0s;sC$etR(
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
diff --git a/test/recipes/80-test_pkcs12_data/bad2.p12 b/test/recipes/80-test_pkcs12_data/bad2.p12
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..113cb6f1cd523e880db869f518e60142dc875115
|
||||
GIT binary patch
|
||||
literal 104
|
||||
zcmXp=V`5}BkYnT2YV&CO&dbQoxImDF-+<SE8zIDI;AmiIz{|#&(B{FI%FM#V$jZQ?
|
||||
z@Tpc|>#<$m7-wj)xrauuD`}hF=<J_T`^8$QMBK7d>Ng9=0`~S~)@=J%OiUaM0Oze6
|
||||
AD*ylh
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
diff --git a/test/recipes/80-test_pkcs12_data/bad3.p12 b/test/recipes/80-test_pkcs12_data/bad3.p12
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..ef86a1d86fb0bc09471ca2596d82e7d521d973a4
|
||||
GIT binary patch
|
||||
literal 104
|
||||
zcmXp=V`5}BkYnT2YV&CO&dbQoxImDF-+<SE8%fB((ZJAvmyI)_&4V$OnT3gwm4QWp
|
||||
zJ2GXlSm>oA$5$MVJL*60=F*5iN*C_e&wD%dwCM*q{=+OBX|Z+F7XSHN#>B+I003La
|
||||
BAqM~e
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.7
|
||||
Release: 24%{?dist}
|
||||
Release: 27%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -197,6 +197,23 @@ Patch121: 0121-FIPS-cms-defaults.patch
|
||||
Patch122: 0122-CVE-2023-2650.patch
|
||||
# https://github.com/openssl/openssl/pull/19386
|
||||
Patch123: 0123-ibmca-atexit-crash.patch
|
||||
Patch125: 0125-CVE-2023-2975.patch
|
||||
Patch126: 0126-CVE-2023-3446.patch
|
||||
Patch127: 0127-CVE-2023-3817.patch
|
||||
Patch128: 0128-CVE-2023-5363.patch
|
||||
# https://github.com/openssl/openssl/pull/22403
|
||||
Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
||||
Patch130: 0130-CVE-2023-5678.patch
|
||||
# https://github.com/openssl/openssl/pull/20317
|
||||
Patch131: 0131-sslgroups-memleak.patch
|
||||
# https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
|
||||
Patch132: 0132-CVE-2023-6129.patch
|
||||
# https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a
|
||||
Patch133: 0133-CVE-2023-6237.patch
|
||||
# https://github.com/openssl/openssl/pull/20780
|
||||
Patch134: 0134-engine-based-ECDHE-kex.patch
|
||||
# https://github.com/openssl/openssl/pull/23362
|
||||
Patch135: 0135-CVE-2024-0727.patch
|
||||
|
||||
License: ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -224,6 +241,9 @@ protocols.
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Requires: ca-certificates >= 2008-5
|
||||
Requires: crypto-policies >= 20180730
|
||||
%if ( %{defined rhel} && (! %{defined centos}) )
|
||||
Requires: openssl-fips-provider
|
||||
%endif
|
||||
|
||||
%description libs
|
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
|
||||
@ -376,6 +396,14 @@ make test HARNESS_JOBS=8
|
||||
# Add generation of HMAC checksum of the final stripped library
|
||||
# We manually copy standard definition of __spec_install_post
|
||||
# and add hmac calculation/embedding to fips.so
|
||||
%if ( %{defined rhel} && (! %{defined centos}) )
|
||||
%define __spec_install_post \
|
||||
rm -rf $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
%{nil}
|
||||
%else
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
@ -385,6 +413,7 @@ make test HARNESS_JOBS=8
|
||||
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
%{nil}
|
||||
%endif
|
||||
|
||||
%define __provides_exclude_from %{_libdir}/openssl
|
||||
|
||||
@ -408,6 +437,7 @@ done
|
||||
# Install a makefile for generating keys and self-signed certs, and a script
|
||||
# for generating them on the fly.
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
|
||||
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
|
||||
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
|
||||
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
|
||||
@ -490,6 +520,7 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
||||
%dir %{_sysconfdir}/pki/tls/certs
|
||||
%dir %{_sysconfdir}/pki/tls/misc
|
||||
%dir %{_sysconfdir}/pki/tls/private
|
||||
%dir %{_sysconfdir}/pki/tls/openssl.d
|
||||
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
|
||||
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
|
||||
%config %{_sysconfdir}/pki/tls/fips_local.cnf
|
||||
@ -522,6 +553,60 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27
|
||||
- Use certified FIPS module instead of freshly built one in Red Hat distribution
|
||||
Related: RHEL-23474
|
||||
|
||||
* Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26
|
||||
- Avoid implicit function declaration when building openssl
|
||||
Related: RHEL-1780
|
||||
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
|
||||
Resolves: RHEL-17104
|
||||
- Add a directory for OpenSSL providers configuration
|
||||
Resolves: RHEL-17193
|
||||
- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
|
||||
Resolves: RHEL-19515
|
||||
- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
|
||||
Resolves: RHEL-21151
|
||||
- Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
|
||||
Resolves: RHEL-21654
|
||||
- SSL ECDHE Kex fails when pkcs11 engine is set in config file
|
||||
Resolves: RHEL-20249
|
||||
- Denial of service via null dereference in PKCS#12
|
||||
Resolves: RHEL-22486
|
||||
- Use certified FIPS module instead of freshly built one in Red Hat distribution
|
||||
Resolves: RHEL-23474
|
||||
|
||||
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
|
||||
- Provide relevant diagnostics when FIPS checksum is corrupted
|
||||
Resolves: RHEL-5317
|
||||
- Don't limit using SHA1 in KDFs in non-FIPS mode.
|
||||
Resolves: RHEL-5295
|
||||
- Provide empty evp_properties section in main OpenSSL configuration file
|
||||
Resolves: RHEL-11439
|
||||
- Avoid implicit function declaration when building openssl
|
||||
Resolves: RHEL-1780
|
||||
- Forbid explicit curves when created via EVP_PKEY_fromdata
|
||||
Resolves: RHEL-5304
|
||||
- AES-SIV cipher implementation contains a bug that causes it to ignore empty
|
||||
associated data entries (CVE-2023-2975)
|
||||
Resolves: RHEL-5302
|
||||
- Excessive time spent checking DH keys and parameters (CVE-2023-3446)
|
||||
Resolves: RHEL-5306
|
||||
- Excessive time spent checking DH q parameter value (CVE-2023-3817)
|
||||
Resolves: RHEL-5308
|
||||
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
|
||||
Resolves: RHEL-13251
|
||||
- Switch explicit FIPS indicator for RSA-OAEP to approved following
|
||||
clarification with CMVP
|
||||
Resolves: RHEL-14083
|
||||
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
|
||||
Resolves: RHEL-14083
|
||||
- Add missing ECDH Public Key Check in FIPS mode
|
||||
Resolves: RHEL-15990
|
||||
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
|
||||
Resolves: RHEL-15954
|
||||
|
||||
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
||||
- Make FIPS module configuration more crypto-policies friendly
|
||||
Related: rhbz#2216256
|
||||
|
Loading…
Reference in New Issue
Block a user