diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index 7f20774..9ba7947 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -11,11 +11,11 @@ Patch-status: | From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- apps/CA.pl.in | 2 +- - apps/openssl.cnf | 13 +++++++++++-- - 2 files changed, 12 insertions(+), 3 deletions(-) + apps/openssl.cnf | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index f029470005..729f104a7e 100644 +index c0afb96716..d6a5fabd16 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; @@ -27,20 +27,24 @@ index f029470005..729f104a7e 100644 my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 8141ab20cd..3956235fda 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 +diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf +--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 ++++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 +@@ -53,6 +53,13 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect +# Load default TLS policy configuration +ssl_conf = ssl_module ++alg_section = evp_properties ++ ++[ evp_properties ] ++#This section is intentionally added empty here ++#to be tuned on particular systems # List of providers to load [provider_sect] -@@ -71,6 +73,13 @@ default = default_sect +@@ -64,6 +66,13 @@ default = default_sect [default_sect] # activate = 1 @@ -54,7 +58,7 @@ index 8141ab20cd..3956235fda 100644 #################################################################### [ ca ] -@@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section +@@ -72,7 +81,7 @@ default_ca = CA_default # The default c #################################################################### [ CA_default ] @@ -63,7 +67,7 @@ index 8141ab20cd..3956235fda 100644 certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. -@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section +@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default [ tsa_config1 ] # These are used by the TSA reply generation only. @@ -72,6 +76,3 @@ index 8141ab20cd..3956235fda 100644 serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate --- -2.41.0 - diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index 2997d1e..1a65417 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -13,11 +13,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd doc/man5/config.pod | 8 ++++++++ 2 files changed, 23 insertions(+), 22 deletions(-) -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 3956235fda..bddb6bc029 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 +diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 ++++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 +@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -32,9 +31,16 @@ index 3956235fda..bddb6bc029 100644 [openssl_init] providers = provider_sect # Load default TLS policy configuration - ssl_conf = ssl_module +@@ -42,23 +42,27 @@ [ evp_properties ] + #This section is intentionally added empty here + #to be tuned on particular systems -# List of providers to load +-[provider_sect] +-default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 @@ -43,13 +49,7 @@ index 3956235fda..bddb6bc029 100644 +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. -+ - [provider_sect] - default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect -- + -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# @@ -58,21 +58,26 @@ index 3956235fda..bddb6bc029 100644 -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. +-[default_sect] +-# activate = 1 ++[provider_sect] ++default = default_sect +##legacy = legacy_sect +## - [default_sect] --# activate = 1 ++[default_sect] +activate = 1 + +##[legacy_sect] +##activate = 1 ++ ++#Place the third party provider configuration files into this folder ++.include /etc/pki/tls/openssl.d [ ssl_module ] -diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index 8d312c661f..714a10437b 100644 ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod +diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod +--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 ++++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. @@ -88,6 +93,3 @@ index 8d312c661f..714a10437b 100644 =head3 Default provider and its activation If no providers are activated explicitly, the default one is activated implicitly. --- -2.41.0 - diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch index 02abc6b..985fadf 100644 --- a/0032-Force-fips.patch +++ b/0032-Force-fips.patch @@ -33,7 +33,16 @@ index 058fb58837..5274265a70 100644 if (ok == 1) { if (!ossl_provider_activate(prov, 1, 0)) { -@@ -309,6 +311,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) +@@ -268,6 +268,8 @@ static int provider_conf_activate(OSSL_L + + if (ok <= 0) + ossl_provider_free(prov); ++ } else { ++ ok = 1; + } + CRYPTO_THREAD_unlock(pcgbl->lock); + +@@ -309,6 +311,33 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) return 0; } @@ -55,6 +64,9 @@ index 058fb58837..5274265a70 100644 + if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) + return 0; + } ++ /* provider_conf_load can return 1 even when the test is failed so check explicitly */ ++ if (OSSL_PROVIDER_available(libctx, "fips") != 1) ++ return 0; + if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) + return 0; + if (EVP_default_properties_enable_fips(libctx, 1) != 1) diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch index b5ebe99..bdbeeed 100644 --- a/0033-FIPS-embed-hmac.patch +++ b/0033-FIPS-embed-hmac.patch @@ -426,3 +426,73 @@ diff -up openssl-3.2.0/providers/fips/self_test.c.fips-self openssl-3.2.0/provid if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); +diff -up openssl-3.2.1/providers/fips/self_test.c.0033-patch-new openssl-3.2.1/providers/fips/self_test.c +--- openssl-3.2.1/providers/fips/self_test.c.0033-patch-new 2024-06-04 14:42:03.748284524 +0200 ++++ openssl-3.2.1/providers/fips/self_test.c 2024-06-04 14:47:19.589758324 +0200 +@@ -369,23 +369,12 @@ static int verify_integrity(OSSL_CORE_BI + EVP_MAC *mac = NULL; + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; +- Dl_info info; +- void *extra_info = NULL; +- struct link_map *lm = NULL; +- unsigned long paddr; +- unsigned long off = 0; + + if (!integrity_self_test(ev, libctx)) + goto err; + + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + +- if (!dladdr1 ((const void *)fips_hmac_container, +- &info, &extra_info, RTLD_DL_LINKMAP)) +- goto err; +- lm = extra_info; +- paddr = (unsigned long)fips_hmac_container - lm->l_addr; +- + mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); + if (mac == NULL) + goto err; +@@ -399,40 +388,12 @@ static int verify_integrity(OSSL_CORE_BI + if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) + goto err; + +- while ((off + INTEGRITY_BUF_SIZE) <= paddr) { +- status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); +- if (status != 1) +- break; +- if (!EVP_MAC_update(ctx, buf, bytes_read)) +- goto err; +- off += bytes_read; +- } +- +- if (off + INTEGRITY_BUF_SIZE > paddr) { +- int delta = paddr - off; +- status = read_ex_cb(bio, buf, delta, &bytes_read); +- if (status != 1) +- goto err; +- if (!EVP_MAC_update(ctx, buf, bytes_read)) +- goto err; +- off += bytes_read; +- +- status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); +- memset(buf, 0, HMAC_LEN); +- if (status != 1) +- goto err; +- if (!EVP_MAC_update(ctx, buf, bytes_read)) +- goto err; +- off += bytes_read; +- } +- +- while (bytes_read > 0) { +- status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ while (1) { ++ status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; +- off += bytes_read; + } + + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch index 13a61b3..e9012e4 100644 --- a/0044-FIPS-140-3-keychecks.patch +++ b/0044-FIPS-140-3-keychecks.patch @@ -385,4 +385,20 @@ index cd5de6bd51..d4261e8f7d 100644 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, -- 2.41.0 +diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c +index e0d139d..35f23b2 100644 +--- a/crypto/rsa/rsa_gen.c ++++ b/crypto/rsa/rsa_gen.c +@@ -463,6 +463,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, + rsa->dmp1 = NULL; + rsa->dmq1 = NULL; + rsa->iqmp = NULL; ++#ifdef FIPS_MODULE ++ abort(); ++#endif /* defined(FIPS_MODULE) */ + } + } + return ok; +-- +2.41.0 diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch index 7aa410e..5c0087c 100644 --- a/0049-Allow-disabling-of-SHA1-signatures.patch +++ b/0049-Allow-disabling-of-SHA1-signatures.patch @@ -323,22 +323,6 @@ index 699ada7c52..e534ad0a5f 100644 return mdnid; } -@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid(md) != NID_undef; - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ } -+#endif -+ - return 1; - } diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c index 246323493e..2ca7a59f39 100644 --- a/providers/common/securitycheck_default.c diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch new file mode 100644 index 0000000..6b740ce --- /dev/null +++ b/0056-strcasecmp.patch @@ -0,0 +1,53 @@ +diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num +--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 ++++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 +@@ -5425,5 +5425,7 @@ ASN1_item_d2i_ex + X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: + OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: + BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c +--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 ++++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char + #endif + } + +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strcasecmp(const char *s1, const char *s2) + { + int t; + +@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c + return t; + } + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { + int t; + size_t i; +diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t +--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 ++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 +@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ + } diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch index 42899c3..7376d02 100644 --- a/0076-FIPS-140-3-DRBG.patch +++ b/0076-FIPS-140-3-DRBG.patch @@ -1,27 +1,26 @@ -From 89c00cc67b9b34bc94f9dc3a9fce9374bbaade03 Mon Sep 17 00:00:00 2001 +From 0329eb6523363705946887d4f145dd77c741ae4a Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:29 +0200 -Subject: [PATCH 32/48] 0076-FIPS-140-3-DRBG.patch +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 30/49] 0076-FIPS-140-3-DRBG.patch Patch-name: 0076-FIPS-140-3-DRBG.patch Patch-id: 76 Patch-status: | - # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) - # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/rand/prov_seed.c | 9 ++- providers/implementations/rands/crngt.c | 6 +- - providers/implementations/rands/drbg.c | 11 +++- + providers/implementations/rands/drbg.c | 11 ++- providers/implementations/rands/drbg_local.h | 2 +- - .../implementations/rands/seeding/rand_unix.c | 64 ++----------------- - 5 files changed, 28 insertions(+), 64 deletions(-) + .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- + 5 files changed, 28 insertions(+), 68 deletions(-) -diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c -index 96c499c957..61c4cd8779 100644 ---- a/crypto/rand/prov_seed.c -+++ b/crypto/rand/prov_seed.c -@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, +diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c +--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 ++++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 +@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused size_t entropy_available; RAND_POOL *pool; @@ -37,11 +36,10 @@ index 96c499c957..61c4cd8779 100644 if (pool == NULL) { ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); return 0; -diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c -index fa4a2db14a..1f13fc759e 100644 ---- a/providers/implementations/rands/crngt.c -+++ b/providers/implementations/rands/crngt.c -@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, +diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c +--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200 ++++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200 +@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG * to the nearest byte. If the entropy is of less than full quality, * the amount required should be scaled up appropriately here. */ @@ -54,11 +52,10 @@ index fa4a2db14a..1f13fc759e 100644 if (bytes_needed < min_len) bytes_needed = min_len; if (bytes_needed > max_len) -diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c -index ea55363bf8..1b2410b3db 100644 ---- a/providers/implementations/rands/drbg.c -+++ b/providers/implementations/rands/drbg.c -@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, +diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c +--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 ++++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200 +@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb #endif } @@ -68,7 +65,7 @@ index ea55363bf8..1b2410b3db 100644 /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, -@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, +@@ -669,8 +669,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d reseed_required = 1; } if (drbg->parent != NULL @@ -84,10 +81,9 @@ index ea55363bf8..1b2410b3db 100644 if (reseed_required || prediction_resistance) { if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, -diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h -index 3b5417b43b..d27c50950b 100644 ---- a/providers/implementations/rands/drbg_local.h -+++ b/providers/implementations/rands/drbg_local.h +diff -up openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg openssl-3.0.7/providers/implementations/rands/drbg_local.h +--- openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg 2023-03-13 12:17:47.705538612 +0100 ++++ openssl-3.0.7/providers/implementations/rands/drbg_local.h 2023-03-13 12:18:03.060702092 +0100 @@ -38,7 +38,7 @@ * * The value is in bytes. @@ -97,10 +93,9 @@ index 3b5417b43b..d27c50950b 100644 /* * Maximum input size for the DRBG (entropy, nonce, personalization string) -diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c -index cd02a0236d..98c917b6d8 100644 ---- a/providers/implementations/rands/seeding/rand_unix.c -+++ b/providers/implementations/rands/seeding/rand_unix.c +diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c +--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 ++++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 @@ -48,6 +48,8 @@ # include # include @@ -110,10 +105,7 @@ index cd02a0236d..98c917b6d8 100644 static uint64_t get_time_stamp(void); -diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c ---- openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch 2024-01-02 11:52:21.837712036 +0100 -+++ openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c 2024-01-02 11:54:40.576083169 +0100 -@@ -339,70 +339,8 @@ static ssize_t syscall_random(void *buf, +@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. */ @@ -181,8 +173,64 @@ diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand- - errno = ENOSYS; - return -1; -# endif -+ /* Red Hat uses downstream patch to always seed from getrandom() */ -+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); ++ int realbuflen = buflen > 32 ? 32 : buflen; /* Red Hat uses downstream patch to always seed from getrandom() */ ++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, realbuflen, GRND_RANDOM) : getrandom(buf, buflen, 0); } # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ +diff -up openssl-3.2.1/providers/implementations/rands/seed_src.c.xxx openssl-3.2.1/providers/implementations/rands/seed_src.c +--- openssl-3.2.1/providers/implementations/rands/seed_src.c.xxx 2024-04-10 13:14:38.984033920 +0200 ++++ openssl-3.2.1/providers/implementations/rands/seed_src.c 2024-04-10 13:15:20.565045748 +0200 +@@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed + return 0; + } + +- pool = ossl_rand_pool_new(strength, 1, outlen, outlen); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen); + if (pool == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); + return 0; +@@ -189,7 +189,14 @@ static size_t seed_get_seed(void *vseed, + size_t i; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); + return 0; +diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c +index 14999540ab..b05b84717b 100644 +--- a/crypto/rand/rand_lib.c ++++ b/crypto/rand/rand_lib.c +@@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx) + return ret; + } + +-#ifndef FIPS_MODULE +- if (dgbl->seed == NULL) { +- ERR_set_mark(); +- dgbl->seed = rand_new_seed(ctx); +- ERR_pop_to_mark(); +- } +-#endif +- +- ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, ++ ret = dgbl->primary = rand_new_drbg(ctx, NULL, + PRIMARY_RESEED_INTERVAL, + PRIMARY_RESEED_TIME_INTERVAL, 1); + /* diff --git a/0115-skip-quic-pairwise.patch b/0115-skip-quic-pairwise.patch index 9a35acd..98bfae5 100644 --- a/0115-skip-quic-pairwise.patch +++ b/0115-skip-quic-pairwise.patch @@ -1,50 +1,85 @@ -diff -up openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test openssl-3.2.0/test/recipes/30-test_pairwise_fail.t ---- openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test 2024-02-01 16:09:31.250757364 +0100 -+++ openssl-3.2.0/test/recipes/30-test_pairwise_fail.t 2024-02-01 16:09:43.243887179 +0100 -@@ -22,7 +22,7 @@ use lib bldtop_dir('.'); - plan skip_all => "These tests are unsupported in a non fips build" - if disabled("fips"); +From 42ed594a3a905830374fb65cced431748f8c639c Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 4 Apr 2024 11:50:58 +0200 +Subject: [PATCH 45/50] 0115-skip-quic-pairwise.patch + +Patch-name: 0115-skip-quic-pairwise.patch +Patch-id: 115 +Patch-status: | + # Amend tests according to Fedora/RHEL code +--- + test/quicapitest.c | 4 +++- + test/recipes/01-test_symbol_presence.t | 1 + + test/recipes/30-test_pairwise_fail.t | 13 +++++++++++-- + 3 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/test/quicapitest.c b/test/quicapitest.c +index 41cf0fc7a8..0fb7492700 100644 +--- a/test/quicapitest.c ++++ b/test/quicapitest.c +@@ -2139,7 +2139,9 @@ int setup_tests(void) + ADD_TEST(test_cipher_find); + ADD_TEST(test_version); + #if defined(DO_SSL_TRACE_TEST) +- ADD_TEST(test_ssl_trace); ++ if (is_fips == 0) { ++ ADD_TEST(test_ssl_trace); ++ } + #endif + ADD_TEST(test_quic_forbidden_apis_ctx); + ADD_TEST(test_quic_forbidden_apis); +diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t +index c837d48fb4..f06ef04b1a 100644 +--- a/test/recipes/30-test_pairwise_fail.t ++++ b/test/recipes/30-test_pairwise_fail.t +@@ -9,7 +9,7 @@ + use strict; + use warnings; --plan tests => 5; -+plan skip_all => 5; - my $provconf = srctop_file("test", "fips-and-base.cnf"); +-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file); ++use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with); + use OpenSSL::Test::Utils; - run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), -diff -up openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic openssl-3.2.0/test/recipes/75-test_quicapi.t ---- openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic 2024-02-01 16:13:37.974733154 +0100 -+++ openssl-3.2.0/test/recipes/75-test_quicapi.t 2024-02-01 16:14:13.450183541 +0100 -@@ -25,7 +25,7 @@ plan skip_all => "QUIC protocol is not s - plan skip_all => "These tests are not supported in a fuzz build" - if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/; + BEGIN { +@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), + SKIP: { + skip "Skip RSA test because of no rsa in this build", 1 + if disabled("rsa"); ++ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, ++ sub { + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "rsa"])), + "fips provider rsa keygen pairwise failure test"); ++ }); + } --plan tests => -+plan skip_all => - ($no_fips ? 0 : 1) # quicapitest with fips - + 1; # quicapitest with default provider + SKIP: { + skip "Skip EC test because of no ec in this build", 2 + if disabled("ec"); ++ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, ++ sub { + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "ec"])), + "fips provider ec keygen pairwise failure test"); ++ }); -diff -up openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record openssl-3.2.0/test/recipes/70-test_quic_record.t ---- openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record 2024-02-06 13:25:09.081772272 +0100 -+++ openssl-3.2.0/test/recipes/70-test_quic_record.t 2024-02-06 13:25:47.469243950 +0100 -@@ -17,6 +17,6 @@ plan skip_all => "QUIC protocol is not s - plan skip_all => "These tests are not supported in a fuzz build" - if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/; + skip "FIPS provider version is too old", 1 + if !$fips_exit; ++ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, ++ sub { + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "eckat"])), + "fips provider ec keygen kat failure test"); ++ }); + } --plan tests => 1; -+plan skip_all => 1; - - ok(run(test(["quic_record_test"]))); -diff -up openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 openssl-3.2.0/test/recipes/01-test_symbol_presence.t ---- openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 2024-02-06 13:55:48.981028882 +0100 -+++ openssl-3.2.0/test/recipes/01-test_symbol_presence.t 2024-02-06 13:56:56.896819560 +0100 -@@ -53,8 +53,9 @@ my $testcount - $testcount - += (scalar keys %shlibpath) # Check for missing symbols in shared lib - unless disabled('shared'); -- --plan tests => $testcount; -+#Fix later, skipping this test as it fails in i686 due to duplicate -+#symbol OPENSSL_ia32cap_P -+plan skip_all => $testcount; - - ###################################################################### - # Collect symbols + SKIP: { + skip "Skip DSA tests because of no dsa in this build", 2 +- if disabled("dsa"); ++ if 1; #if disabled("dsa"); + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])), + "fips provider dsa keygen pairwise failure test"); +-- +2.44.0 + diff --git a/0116-version-aliasing.patch b/0116-version-aliasing.patch index 401252b..73f7981 100644 --- a/0116-version-aliasing.patch +++ b/0116-version-aliasing.patch @@ -1,48 +1,75 @@ -diff -up openssl-3.2.1/crypto/evp/digest.c.dup-patch openssl-3.2.1/crypto/evp/digest.c ---- openssl-3.2.1/crypto/evp/digest.c.dup-patch 2024-02-09 20:41:56.277567514 +0100 -+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 20:42:59.317767764 +0100 -@@ -553,7 +554,10 @@ legacy: +From a2673b5e2e95bcf54a1746bfd409cca688275e75 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 46/49] 0116-version-aliasing.patch + +Patch-name: 0116-version-aliasing.patch +Patch-id: 116 +Patch-status: | + # Add version aliasing due to + # https://github.com/openssl/openssl/issues/23534 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/evp/digest.c | 7 ++++++- + crypto/evp/evp_enc.c | 7 ++++++- + test/recipes/01-test_symbol_presence.t | 1 + + util/libcrypto.num | 2 ++ + 4 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c +index 42331703da..3a280acc0e 100644 +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -553,7 +553,12 @@ legacy: return ret; } -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) +EVP_MD_CTX ++#if !defined(FIPS_MODULE) +__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) ++#endif +*EVP_MD_CTX_dup(const EVP_MD_CTX *in) { EVP_MD_CTX *out = EVP_MD_CTX_new(); -diff -up openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch openssl-3.2.1/crypto/evp/evp_enc.c ---- openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch 2024-02-09 18:47:04.054258303 +0100 -+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 20:43:00.926772711 +0100 -@@ -1444,7 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C +diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c +index e9faf31057..5a29b8dbb7 100644 +--- a/crypto/evp/evp_enc.c ++++ b/crypto/evp/evp_enc.c +@@ -1444,7 +1444,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) #endif /* FIPS_MODULE */ } -EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) +EVP_CIPHER_CTX ++#if !defined(FIPS_MODULE) +__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) ++#endif +*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) { EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); -diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl-3.2.1/test/recipes/01-test_symbol_presence.t ---- openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch 2024-02-09 20:44:10.860756724 +0100 -+++ openssl-3.2.1/test/recipes/01-test_symbol_presence.t 2024-02-09 20:45:14.981136289 +0100 -@@ -132,6 +132,7 @@ foreach (sort keys %stlibname) { - s| .*||; - # Drop OpenSSL dynamic version information if there is any - s|\@\@.+$||; -+ s|\@.+$||; - # Return the result - $_ - } -diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto.num ---- openssl-3.2.1/util/libcrypto.num.dup-patch 2024-02-09 18:16:43.006553105 +0100 -+++ openssl-3.2.1/util/libcrypto.num 2024-02-09 18:19:17.554159687 +0100 -@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 222b1886ae..7e2f65cccb 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -185,6 +185,8 @@ foreach (sort keys %stlibname) { + } + } + my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; ++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates; ++@duplicates = grep {($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp") } @duplicates; + if (@duplicates) { + note "Duplicates:"; + note join('\n', @duplicates); +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 8046454025..068e9904e2 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION: OSSL_STACK_OF_X509_free 5563 3_2_0 EXIST::FUNCTION: OSSL_trace_string 5564 3_2_0 EXIST::FUNCTION: EVP_MD_CTX_dup 5565 3_2_0 EXIST::FUNCTION: @@ -52,31 +79,6 @@ diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto BN_signed_bin2bn 5567 3_2_0 EXIST::FUNCTION: BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION: BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION: -diff -up openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup openssl-3.2.1/crypto/evp/evp_enc.c ---- openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup 2024-02-09 21:03:46.662261648 +0100 -+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 21:04:33.427691451 +0100 -@@ -1445,8 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C - } - - EVP_CIPHER_CTX -+#if !defined(FIPS_MODULE) - __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) -+#endif - *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) - { - EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); -diff -up openssl-3.2.1/crypto/evp/digest.c.new-fips-dup openssl-3.2.1/crypto/evp/digest.c ---- openssl-3.2.1/crypto/evp/digest.c.new-fips-dup 2024-02-09 21:08:11.605474971 +0100 -+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 21:08:47.095723742 +0100 -@@ -554,8 +554,10 @@ legacy: - } - - EVP_MD_CTX -+#if !defined(FIPS_MODULE) - __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) -+#endif - *EVP_MD_CTX_dup(const EVP_MD_CTX *in) - { - EVP_MD_CTX *out = EVP_MD_CTX_new(); +-- +2.44.0 + diff --git a/0117-ignore-unknown-sigalgorithms-groups.patch b/0117-ignore-unknown-sigalgorithms-groups.patch new file mode 100644 index 0000000..3c52277 --- /dev/null +++ b/0117-ignore-unknown-sigalgorithms-groups.patch @@ -0,0 +1,318 @@ +From 242c746690dd1d0e500fa554c60536877d77776d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 14 Dec 2023 17:08:56 +0100 +Subject: [PATCH 47/49] 0117-ignore-unknown-sigalgorithms-groups.patch + +Patch-name: 0117-ignore-unknown-sigalgorithms-groups.patch +Patch-id: 117 +Patch-status: | + # https://github.com/openssl/openssl/issues/23050 +--- + CHANGES.md | 13 +++++++ + doc/man3/SSL_CTX_set1_curves.pod | 6 ++- + doc/man3/SSL_CTX_set1_sigalgs.pod | 11 +++++- + ssl/t1_lib.c | 56 +++++++++++++++++++++------- + test/sslapitest.c | 61 +++++++++++++++++++++++++++++++ + 5 files changed, 132 insertions(+), 15 deletions(-) + +diff --git a/CHANGES.md b/CHANGES.md +index ca29762ac2..4e21d0ddf9 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -27,6 +27,19 @@ OpenSSL 3.2 + + ### Changes between 3.2.0 and 3.2.1 [30 Jan 2024] + ++ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms ++ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and ++ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are ++ ignored and the configuration will still be used. ++ ++ Similarly unknown entries that start with `?` character in a TLS ++ Groups config option or set with SSL[_CTX]_set1_groups_list() are ignored ++ and the configuration will still be used. ++ ++ In both cases if the resulting list is empty, an error is returned. ++ ++ *Tomáš Mráz* ++ + * A file in PKCS12 format can contain certificates and keys and may come from + an untrusted source. The PKCS12 specification allows certain fields to be + NULL, but OpenSSL did not correctly check for this case. A fix has been +diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod +index c26ef00306..f0566e148e 100644 +--- a/doc/man3/SSL_CTX_set1_curves.pod ++++ b/doc/man3/SSL_CTX_set1_curves.pod +@@ -58,7 +58,8 @@ string B. The string is a colon separated list of group names, for example + are B, B, B, B, B, B, + B, B, B, B, + B, B and B. Support for other groups may be +-added by external providers. ++added by external providers. If a group name is preceded with the C ++character, it will be ignored if an implementation is missing. + + SSL_set1_groups() and SSL_set1_groups_list() are similar except they set + supported groups for the SSL structure B. +@@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group + functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function + was added in OpenSSL 3.0.0. + ++Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and ++SSL_set1_groups_list() was added in OpenSSL 3.3. ++ + =head1 COPYRIGHT + + Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod +index eb31006346..5b7de7d956 100644 +--- a/doc/man3/SSL_CTX_set1_sigalgs.pod ++++ b/doc/man3/SSL_CTX_set1_sigalgs.pod +@@ -33,7 +33,9 @@ signature algorithms for B or B. The B parameter + must be a null terminated string consisting of a colon separated list of + elements, where each element is either a combination of a public key + algorithm and a digest separated by B<+>, or a TLS 1.3-style named +-SignatureScheme such as rsa_pss_pss_sha256. ++SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded ++with the C character, it will be ignored if an implementation is missing. ++ + + SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), + SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set +@@ -106,6 +108,13 @@ using a string: + L, L, + L + ++=head1 HISTORY ++ ++Support for ignoring unknown signature algorithms in ++SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(), ++SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() ++was added in OpenSSL 3.3. ++ + =head1 COPYRIGHT + + Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 056aae3863..fe680449c5 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -1052,9 +1052,15 @@ static int gid_cb(const char *elem, int len, void *arg) + size_t i; + uint16_t gid = 0; + char etmp[GROUP_NAME_BUFFER_LENGTH]; ++ int ignore_unknown = 0; + + if (elem == NULL) + return 0; ++ if (elem[0] == '?') { ++ ignore_unknown = 1; ++ ++elem; ++ --len; ++ } + if (garg->gidcnt == garg->gidmax) { + uint16_t *tmp = + OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT); +@@ -1070,13 +1076,14 @@ static int gid_cb(const char *elem, int len, void *arg) + + gid = tls1_group_name2id(garg->ctx, etmp); + if (gid == 0) { +- ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, +- "group '%s' cannot be set", etmp); +- return 0; ++ /* Unknown group - ignore, if ignore_unknown */ ++ return ignore_unknown; + } + for (i = 0; i < garg->gidcnt; i++) +- if (garg->gid_arr[i] == gid) +- return 0; ++ if (garg->gid_arr[i] == gid) { ++ /* Duplicate group - ignore */ ++ return 1; ++ } + garg->gid_arr[garg->gidcnt++] = gid; + return 1; + } +@@ -1097,6 +1104,11 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, + gcb.ctx = ctx; + if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb)) + goto end; ++ if (gcb.gidcnt == 0) { ++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, ++ "No valid groups in '%s'", str); ++ goto end; ++ } + if (pext == NULL) { + ret = 1; + goto end; +@@ -2905,8 +2917,15 @@ static int sig_cb(const char *elem, int len, void *arg) + const SIGALG_LOOKUP *s; + char etmp[TLS_MAX_SIGSTRING_LEN], *p; + int sig_alg = NID_undef, hash_alg = NID_undef; ++ int ignore_unknown = 0; ++ + if (elem == NULL) + return 0; ++ if (elem[0] == '?') { ++ ignore_unknown = 1; ++ ++elem; ++ --len; ++ } + if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT) + return 0; + if (len > (int)(sizeof(etmp) - 1)) +@@ -2931,8 +2950,10 @@ static int sig_cb(const char *elem, int len, void *arg) + break; + } + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) +- return 0; ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + } else { + *p = 0; + p++; +@@ -2940,8 +2961,10 @@ static int sig_cb(const char *elem, int len, void *arg) + return 0; + get_sigorhash(&sig_alg, &hash_alg, etmp); + get_sigorhash(&sig_alg, &hash_alg, p); +- if (sig_alg == NID_undef || hash_alg == NID_undef) +- return 0; ++ if (sig_alg == NID_undef || hash_alg == NID_undef) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + i++, s++) { + if (s->hash == hash_alg && s->sig == sig_alg) { +@@ -2949,15 +2972,17 @@ static int sig_cb(const char *elem, int len, void *arg) + break; + } + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) +- return 0; ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + } + +- /* Reject duplicates */ ++ /* Ignore duplicates */ + for (i = 0; i < sarg->sigalgcnt - 1; i++) { + if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { + sarg->sigalgcnt--; +- return 0; ++ return 1; + } + } + return 1; +@@ -2973,6 +2998,11 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) + sig.sigalgcnt = 0; + if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) + return 0; ++ if (sig.sigalgcnt == 0) { ++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, ++ "No valid signature algorithms in '%s'", str); ++ return 0; ++ } + if (c == NULL) + return 1; + return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 1c14f93ed1..184a0f1055 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -39,6 +39,7 @@ + #include "testutil.h" + #include "testutil/output.h" + #include "internal/nelem.h" ++#include "internal/tlsgroups.h" + #include "internal/ktls.h" + #include "../ssl/ssl_local.h" + #include "../ssl/record/methods/recmethod_local.h" +@@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = { + {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, + # endif + {NULL, 0, "RSA+SHA256", 1, 1}, ++ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1}, + # ifndef OPENSSL_NO_EC + {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, + {NULL, 0, "ECDSA+SHA512", 1, 0}, +@@ -9276,6 +9278,64 @@ static int test_servername(int tst) + return testresult; + } + ++static int test_unknown_sigalgs_groups(void) ++{ ++ int ret = 0; ++ SSL_CTX *ctx = NULL; ++ ++ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx, ++ "RSA+SHA256:?nonexistent:?RSA+SHA512"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2) ++ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) ++ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx, ++ "RSA+SHA256:?nonexistent:?RSA+SHA512"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2) ++ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) ++ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) ++ goto end; ++ ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "nonexistent"), ++ 0)) ++ goto end; ++ ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "?nonexistent1:?nonexistent2:?nonexistent3"), ++ 0)) ++ goto end; ++ ++#ifndef OPENSSL_NO_EC ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "P-256:nonexistent"), ++ 0)) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, ++ "P-384:?nonexistent:?P-521"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2) ++ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1) ++ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1)) ++ goto end; ++#endif ++ ++ ret = 1; ++ end: ++ SSL_CTX_free(ctx); ++ return ret; ++} ++ + #if !defined(OPENSSL_NO_EC) \ + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + /* +@@ -11519,6 +11579,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); + #endif + ADD_ALL_TESTS(test_servername, 10); ++ ADD_TEST(test_unknown_sigalgs_groups); + #if !defined(OPENSSL_NO_EC) \ + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + ADD_ALL_TESTS(test_sigalgs_available, 6); +-- +2.44.0 + diff --git a/0118-no-crl-memleak.patch b/0118-no-crl-memleak.patch new file mode 100644 index 0000000..ee7e745 --- /dev/null +++ b/0118-no-crl-memleak.patch @@ -0,0 +1,80 @@ +From 105217c7d58c726f4e646177e0aaefb6115aad3e Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Tue, 27 Feb 2024 15:22:58 +0100 +Subject: [PATCH 48/49] 0118-no-crl-memleak.patch + +Patch-name: 0118-no-crl-memleak.patch +Patch-id: 118 +Patch-status: | + # https://github.com/openssl/openssl/issues/23770 +--- + crypto/x509/by_file.c | 2 ++ + test/recipes/60-test_x509_load_cert_file.t | 3 ++- + test/x509_load_cert_file_test.c | 8 +++++++- + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 5073c137a2..85923804ac 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -198,6 +198,8 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) + goto err; + } + count++; ++ X509_CRL_free(x); ++ x = NULL; + } + } else if (type == X509_FILETYPE_ASN1) { + x = d2i_X509_CRL_bio(in, NULL); +diff --git a/test/recipes/60-test_x509_load_cert_file.t b/test/recipes/60-test_x509_load_cert_file.t +index 75aeac362c..e329d7675c 100644 +--- a/test/recipes/60-test_x509_load_cert_file.t ++++ b/test/recipes/60-test_x509_load_cert_file.t +@@ -12,4 +12,5 @@ setup("test_load_cert_file"); + + plan tests => 1; + +-ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem")]))); ++ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem"), ++ srctop_file("test", "certs", "cyrillic_crl.pem")]))); +diff --git a/test/x509_load_cert_file_test.c b/test/x509_load_cert_file_test.c +index 4a736071ae..c07d329915 100644 +--- a/test/x509_load_cert_file_test.c ++++ b/test/x509_load_cert_file_test.c +@@ -12,6 +12,7 @@ + #include "testutil.h" + + static const char *chain; ++static const char *crl; + + static int test_load_cert_file(void) + { +@@ -27,12 +28,15 @@ static int test_load_cert_file(void) + && TEST_int_eq(sk_X509_num(certs), 4)) + ret = 1; + ++ if (crl != NULL && !TEST_true(X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM))) ++ ret = 0; ++ + OSSL_STACK_OF_X509_free(certs); + X509_STORE_free(store); + return ret; + } + +-OPT_TEST_DECLARE_USAGE("cert.pem...\n") ++OPT_TEST_DECLARE_USAGE("cert.pem [crl.pem]\n") + + int setup_tests(void) + { +@@ -45,6 +49,8 @@ int setup_tests(void) + if (chain == NULL) + return 0; + ++ crl = test_get_argument(1); ++ + ADD_TEST(test_load_cert_file); + return 1; + } +-- +2.44.0 + diff --git a/0119-provider-sigalgs-in-signaturealgorithms-conf.patch b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch new file mode 100644 index 0000000..c363223 --- /dev/null +++ b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch @@ -0,0 +1,170 @@ +From f5b48604779362c91a22080b6905413fbba28b74 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 8 Mar 2024 11:18:12 +0100 +Subject: [PATCH 49/49] 0119-provider-sigalgs-in-signaturealgorithms-conf.patch + +Patch-name: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch +Patch-id: 119 +Patch-status: | + # https://github.com/openssl/openssl/issues/22779 +--- + ssl/s3_lib.c | 8 ++++---- + ssl/ssl_lib.c | 2 +- + ssl/ssl_local.h | 2 +- + ssl/t1_lib.c | 45 ++++++++++++++++++++++++++++++++++----------- + 4 files changed, 40 insertions(+), 17 deletions(-) + +diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c +index e8ec98c221..48a1aa0e61 100644 +--- a/ssl/s3_lib.c ++++ b/ssl/s3_lib.c +@@ -3685,13 +3685,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) + return tls1_set_sigalgs(sc->cert, parg, larg, 0); + + case SSL_CTRL_SET_SIGALGS_LIST: +- return tls1_set_sigalgs_list(sc->cert, parg, 0); ++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(sc->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(sc->cert, parg, 1); ++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1); + + case SSL_CTRL_GET_CLIENT_CERT_TYPES: + { +@@ -3968,13 +3968,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + return tls1_set_sigalgs(ctx->cert, parg, larg, 0); + + case SSL_CTRL_SET_SIGALGS_LIST: +- return tls1_set_sigalgs_list(ctx->cert, parg, 0); ++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(ctx->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(ctx->cert, parg, 1); ++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1); + + case SSL_CTRL_SET_CLIENT_CERT_TYPES: + return ssl3_set_req_cert_type(ctx->cert, parg, larg); +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 1329841aaf..4d95ab71cd 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3078,7 +3078,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + return tls1_set_groups_list(ctx, NULL, NULL, parg); + case SSL_CTRL_SET_SIGALGS_LIST: + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(NULL, parg, 0); ++ return tls1_set_sigalgs_list(ctx, NULL, parg, 0); + default: + return 0; + } +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index 0d3acfbe66..a73b2c4770 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h +@@ -2796,7 +2796,7 @@ __owur int tls_use_ticket(SSL_CONNECTION *s); + + void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op); + +-__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); ++__owur int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client); + __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, + int client); + __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index fe680449c5..87f2ae7000 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -716,6 +716,7 @@ int ssl_load_sigalgs(SSL_CTX *ctx) + + /* now populate ctx->ssl_cert_info */ + if (ctx->sigalg_list_len > 0) { ++ OPENSSL_free(ctx->ssl_cert_info); + ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len); + if (ctx->ssl_cert_info == NULL) + return 0; +@@ -2889,6 +2890,7 @@ typedef struct { + size_t sigalgcnt; + /* TLSEXT_SIGALG_XXX values */ + uint16_t sigalgs[TLS_MAX_SIGALGCNT]; ++ SSL_CTX *ctx; + } sig_cb_st; + + static void get_sigorhash(int *psig, int *phash, const char *str) +@@ -2913,7 +2915,8 @@ static void get_sigorhash(int *psig, int *phash, const char *str) + static int sig_cb(const char *elem, int len, void *arg) + { + sig_cb_st *sarg = arg; +- size_t i; ++ size_t i = 0; ++ int load_success = 0; + const SIGALG_LOOKUP *s; + char etmp[TLS_MAX_SIGSTRING_LEN], *p; + int sig_alg = NID_undef, hash_alg = NID_undef; +@@ -2943,17 +2946,36 @@ static int sig_cb(const char *elem, int len, void *arg) + * in the table. + */ + if (p == NULL) { +- for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); +- i++, s++) { +- if (s->name != NULL && strcmp(etmp, s->name) == 0) { +- sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; +- break; +- } ++ /* Load provider sigalgs */ ++ if (sarg->ctx) { ++ load_success = ssl_load_sigalgs(sarg->ctx); + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) { +- /* Ignore unknown algorithms if ignore_unknown */ +- return ignore_unknown; ++ if (load_success) { ++ /* Check if a provider supports the sigalg */ ++ for (i = 0; i < sarg->ctx->sigalg_list_len; i++) { ++ if (sarg->ctx->sigalg_list[i].sigalg_name != NULL ++ && strcmp(etmp, ++ sarg->ctx->sigalg_list[i].sigalg_name) == 0) { ++ sarg->sigalgs[sarg->sigalgcnt++] = ++ sarg->ctx->sigalg_list[i].code_point; ++ break; ++ } ++ } + } ++ /* Check the built-in sigalgs */ ++ if (!sarg->ctx || !load_success || i == sarg->ctx->sigalg_list_len) { ++ for (i = 0, s = sigalg_lookup_tbl; ++ i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) { ++ if (s->name != NULL && strcmp(etmp, s->name) == 0) { ++ sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; ++ break; ++ } ++ } ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } ++ } + } else { + *p = 0; + p++; +@@ -2992,10 +3014,11 @@ static int sig_cb(const char *elem, int len, void *arg) + * Set supported signature algorithms based on a colon separated list of the + * form sig+hash e.g. RSA+SHA512:DSA+SHA512 + */ +-int tls1_set_sigalgs_list(CERT *c, const char *str, int client) ++int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client) + { + sig_cb_st sig; + sig.sigalgcnt = 0; ++ sig.ctx = ctx; + if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) + return 0; + if (sig.sigalgcnt == 0) { +-- +2.44.0 + diff --git a/0121-FIPS-cms-defaults.patch b/0121-FIPS-cms-defaults.patch new file mode 100644 index 0000000..7598512 --- /dev/null +++ b/0121-FIPS-cms-defaults.patch @@ -0,0 +1,65 @@ +diff -up openssl-3.0.7/apps/cms.c.fips_cms openssl-3.0.7/apps/cms.c +--- openssl-3.0.7/apps/cms.c.fips_cms 2023-05-18 14:03:56.360555106 +0200 ++++ openssl-3.0.7/apps/cms.c 2023-05-18 14:13:33.765183185 +0200 +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + static int save_certs(char *signerfile, STACK_OF(X509) *signers); + static int cms_cb(int ok, X509_STORE_CTX *ctx); +@@ -810,12 +811,16 @@ int cms_main(int argc, char **argv) + + if (operation == SMIME_ENCRYPT) { + if (!cipher) { ++ if (FIPS_mode()) { ++ cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); ++ } else { + #ifndef OPENSSL_NO_DES +- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); ++ cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); + #else +- BIO_printf(bio_err, "No cipher selected\n"); +- goto end; ++ BIO_printf(bio_err, "No cipher selected\n"); ++ goto end; + #endif ++ } + } + + if (secret_key && !secret_keyid) { +diff -up openssl-3.0.7/crypto/cms/cms_env.c.fips_cms openssl-3.0.7/crypto/cms/cms_env.c +--- openssl-3.0.7/crypto/cms/cms_env.c.fips_cms 2023-05-22 10:06:50.276528155 +0200 ++++ openssl-3.0.7/crypto/cms/cms_env.c 2023-05-22 10:08:58.406073945 +0200 +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + #include "internal/sizes.h" + #include "crypto/asn1.h" + #include "crypto/evp.h" +@@ -321,6 +321,10 @@ static int cms_RecipientInfo_ktri_init(C + return 0; + if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) + return 0; ++ if (FIPS_mode()) { ++ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0) ++ return 0; ++ } + } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) + return 0; + return 1; +@@ -484,6 +489,11 @@ static int cms_RecipientInfo_ktri_encryp + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; ++ ++ if (FIPS_mode()) { ++ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0) ++ goto err; ++ } + } + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) diff --git a/openssl.spec b/openssl.spec index 88a3572..fcafd10 100644 --- a/openssl.spec +++ b/openssl.spec @@ -91,6 +91,12 @@ Patch47: 0047-FIPS-early-KATS.patch Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch # # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +# Originally from https://github.com/openssl/openssl/pull/18103 +# As we rebased to 3.0.7 and used the version of the function +# not matching the upstream one, we have to use aliasing. +# When we eliminate this patch, the `-Wl,--allow-multiple-definition` +# should also be removed +Patch56: 0056-strcasecmp.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch # # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 @@ -143,11 +149,19 @@ Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch # # We believe that some changes present in CentOS are not necessary # # because ustream has a check for FIPS version Patch114: 0114-FIPS-enforce-EMS-support.patch -# skip quic and pairwise tests temporarily +# Amend tests according to Fedora/RHEL code Patch115: 0115-skip-quic-pairwise.patch # Add version aliasing due to # https://github.com/openssl/openssl/issues/23534 Patch116: 0116-version-aliasing.patch +# https://github.com/openssl/openssl/issues/23050 +Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch +# https://github.com/openssl/openssl/issues/23770 +Patch118: 0118-no-crl-memleak.patch +# https://github.com/openssl/openssl/issues/22779 +Patch119: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch +# From CentOS 9 +Patch121: 0121-FIPS-cms-defaults.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -176,10 +190,8 @@ protocols. Summary: A general purpose cryptography library with TLS implementation Requires: ca-certificates >= 2008-5 Requires: crypto-policies >= 20180730 -%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10 -Recommends: pkcs11-provider%{?_isa} -%else -Recommends: openssl-pkcs11%{?_isa} +%if ( %{defined rhel} && (! %{defined centos}) ) +Requires: openssl-fips-provider %endif %description libs @@ -292,7 +304,7 @@ export HASHBANGPERL=/usr/bin/perl --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ - enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE \ + enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ -Wl,--allow-multiple-definition @@ -324,14 +336,12 @@ patch -p1 < %{SOURCE14} OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY -%if 0%{?rhel} OPENSSL_ENABLE_SHA1_SIGNATURES= export OPENSSL_ENABLE_SHA1_SIGNATURES -%endif OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE #embed HMAC into fips provider for test run -OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac +LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac mv providers/fips.so.mac providers/fips.so #run tests itself @@ -340,15 +350,24 @@ make test HARNESS_JOBS=8 # Add generation of HMAC checksum of the final stripped library # We manually copy standard definition of __spec_install_post # and add hmac calculation/embedding to fips.so +%if ( %{defined rhel} && (! %{defined centos}) ) +%define __spec_install_post \ + rm -rf $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ +%{nil} +%else %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ + LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \ mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ %{nil} +%endif %define __provides_exclude_from %{_libdir}/openssl @@ -372,6 +391,7 @@ done # Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert @@ -431,6 +451,7 @@ cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \ install -m644 %{SOURCE9} \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h %endif +ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fips_local.cnf %files %{!?_licensedir:%global license %%doc} @@ -453,8 +474,10 @@ install -m644 %{SOURCE9} \ %dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private +%dir %{_sysconfdir}/pki/tls/openssl.d %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf +%config %{_sysconfdir}/pki/tls/fips_local.cnf %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} @@ -484,6 +507,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Mon Jun 03 2024 Sahana Prasad - 1:3.2.1-4 +- Synchronize patches from c9s and Fedora +- Resolves: RHEL-31762 + * Tue Feb 13 2024 Sahana Prasad - 1:3.2.1-3 - Temporarily disable ktls to unblock c10s builds - Resolves: RHEL-25259