additional changes required for FIPS validation

2013-11-15 16:13:44 +01:00 · 2013-11-15 16:13:44 +01:00 · e64d4ea7bb
commit e64d4ea7bb
parent 9caf868063
2 changed files with 152 additions and 1 deletions
--- a/openssl-1.0.1e-new-fips-reqs.patch
+++ b/openssl-1.0.1e-new-fips-reqs.patch
@ -0,0 +1,146 @@
 diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
 --- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs	2013-11-15 15:01:29.183051556 +0100
 +++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c	2013-11-15 15:21:32.041438042 +0100
@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
   0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
 };
 +static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
 +	{
 +	unsigned char *ctbuf = NULL, *ptbuf = NULL;
 +	int ret = 0;
 +	int len;
 +
 +	ctbuf = OPENSSL_malloc(RSA_size(rsa));
 +	if (!ctbuf)
 +		goto err;
 +
 +	len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
 +	if (len <= 0)
 +		goto err;
 +	/* Check ciphertext doesn't match plaintext */
 +	if ((len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
 +		goto err;
 +
 +	ptbuf = OPENSSL_malloc(RSA_size(rsa));
 +	if (!ptbuf)
 +		goto err;
 +
 +	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
 +	if (len != ptlen)
 +		goto err;
 +	if (memcmp(ptbuf, plaintext, len))
 +		goto err;
 +
 +	ret = 1;
 +
 +	err:
 +	if (ctbuf)
 +		OPENSSL_free(ctbuf);
 +	if (ptbuf)
 +		OPENSSL_free(ptbuf);
 +	return ret;
 +	}
 int FIPS_selftest_rsa()
 	{
@@ -353,7 +389,7 @@ int FIPS_selftest_rsa()
 	if ((pk=EVP_PKEY_new()) == NULL)
 		goto err;
 -	EVP_PKEY_assign_RSA(pk, key);
 +	EVP_PKEY_set1_RSA(pk, key);
 	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
 				kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
@@ -430,13 +466,15 @@ int FIPS_selftest_rsa()
 			"RSA SHA512 X931"))
 		goto err;
 +	if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)
 +		goto err;
 	ret = 1;
 	err:
 	if (pk)
 		EVP_PKEY_free(pk);
 -	else if (key)
 +	if (key)
 		RSA_free(key);
 	return ret;
 	}
 diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c
 --- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
 +++ openssl-1.0.1e/crypto/modes/gcm128.c	2013-11-15 16:12:52.626015247 +0100
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 # endif
 #endif
 +	ctx->totlen += len;
 +	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
 +		return -1;
 +
 #if 0
 	n = (unsigned int)mlen%16; /* alternative to ctx->mres */
 #endif
@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 # endif
 #endif
 +	ctx->totlen += len;
 +	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
 +		return -1;
 +
 	mlen += len;
 	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
 		return -1;
 diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h
 --- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs	2013-11-15 15:01:28.000000000 +0100
 +++ openssl-1.0.1e/crypto/modes/modes_lcl.h	2013-11-15 15:44:12.351278461 +0100
@@ -115,6 +115,7 @@ struct gcm128_context {
 	unsigned int mres, ares;
 	block128_f block;
 	void *key;
 +	u64 totlen;
 };
 struct xts128_context {
 diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
 --- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs	2013-11-15 15:01:28.922045831 +0100
 +++ openssl-1.0.1e/crypto/rand/rand_lcl.h	2013-11-15 15:01:29.220052368 +0100
@@ -112,7 +112,7 @@
 #ifndef HEADER_RAND_LCL_H
 #define HEADER_RAND_LCL_H
 -#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
 +#define ENTROPY_NEEDED 48  /* require 384 bits = 48 bytes of randomness */
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
 --- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
 +++ openssl-1.0.1e/crypto/rand/rand_lib.c	2013-11-15 15:01:29.220052368 +0100
@@ -68,6 +68,7 @@
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
 +#include "../fips/fips_rand_lcl.h"
 #endif
 #ifndef OPENSSL_NO_ENGINE
@@ -239,12 +240,14 @@ static int drbg_rand_add(DRBG_CTX *ctx,
 				double entropy)
 	{
 	RAND_SSLeay()->add(in, inlen, entropy);
 +	ctx->status = DRBG_STATUS_RESEED;
 	return 1;
 	}
 static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
 	{
 	RAND_SSLeay()->seed(in, inlen);
 +	ctx->status = DRBG_STATUS_RESEED;
 	return 1;
 	}
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 32%{?dist}
+Release: 33%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -75,6 +75,7 @@ Patch71: openssl-1.0.1e-manfix.patch
 Patch72: openssl-1.0.1e-fips-ctor.patch
 Patch73: openssl-1.0.1e-ecc-suiteb.patch
 Patch74: openssl-1.0.1e-no-md5-verify.patch
 Patch75: openssl-1.0.1e-new-fips-reqs.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
 Patch82: openssl-1.0.1e-backports.patch
@ -190,6 +191,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch72 -p1 -b .fips-ctor
 %patch73 -p1 -b .suiteb
 %patch74 -p1 -b .no-md5-verify
 %patch75 -p1 -b .fips-reqs
 %patch81 -p1 -b .padlock64
 %patch82 -p1 -b .backports
@ -460,6 +462,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 %changelog
 * Fri Nov 15 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-33
 - additional changes required for FIPS validation
 * Wed Nov 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-32
 - disable verification of certificate, CRL, and OCSP signatures
  using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable