forked from rpms/openssl
import UBI openssl-3.0.7-25.el9_3
This commit is contained in:
parent
0323d10a44
commit
f1a8fed1ed
@ -57,7 +57,21 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
|||||||
dh->dirty_cnt++;
|
dh->dirty_cnt++;
|
||||||
ok = 1;
|
ok = 1;
|
||||||
err:
|
err:
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
diff -up openssl-3.0.7/crypto/ec/ec_key.c.f188 openssl-3.0.7/crypto/ec/ec_key.c
|
||||||
|
--- openssl-3.0.7/crypto/ec/ec_key.c.f188 2023-11-08 10:58:05.910031253 +0100
|
||||||
|
+++ openssl-3.0.7/crypto/ec/ec_key.c 2023-11-08 10:59:42.338526883 +0100
|
||||||
|
@@ -326,6 +326,11 @@ static int ec_generate_key(EC_KEY *eckey
|
||||||
|
eckey->dirty_cnt++;
|
||||||
|
|
||||||
|
#ifdef FIPS_MODULE
|
||||||
|
+ if (ossl_ec_key_public_check(eckey, ctx) <= 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
pairwise_test = 1;
|
||||||
|
#endif /* FIPS_MODULE */
|
||||||
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
|
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
|
||||||
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
|
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
|
||||||
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
|
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
|
||||||
@ -360,3 +374,17 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op
|
|||||||
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
|
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
|
||||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
|
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
|
||||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
|
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
|
||||||
|
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
|
||||||
|
index e0d139d..35f23b2 100644
|
||||||
|
--- a/crypto/rsa/rsa_gen.c
|
||||||
|
+++ b/crypto/rsa/rsa_gen.c
|
||||||
|
@@ -463,6 +463,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
|
||||||
|
rsa->dmp1 = NULL;
|
||||||
|
rsa->dmq1 = NULL;
|
||||||
|
rsa->iqmp = NULL;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ abort();
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ok;
|
||||||
|
@ -9,21 +9,23 @@ party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme and key
|
|||||||
agreement schemes, but explicit key confirmation is not implemented and
|
agreement schemes, but explicit key confirmation is not implemented and
|
||||||
cannot be implemented without protocol changes, and the FIPS provider
|
cannot be implemented without protocol changes, and the FIPS provider
|
||||||
does not implement trusted third party validation, since it relies on
|
does not implement trusted third party validation, since it relies on
|
||||||
its callers to do that. We must thus mark RSA-OAEP encryption and RSASVE
|
its callers to do that. A request for guidance sent to NIST did clarify
|
||||||
as unapproved until we have received clarification from NIST on how
|
that OpenSSL can claim KTS-OAEP and RSASVE as approved, but we did add
|
||||||
library modules such as OpenSSL should implement TTP validation.
|
an indicator to mark them as unapproved previously and should thus keep
|
||||||
|
the indicator available.
|
||||||
|
|
||||||
This does not affect RSA-OAEP decryption, because it is approved as
|
This does not affect RSA-OAEP decryption, because it is approved as
|
||||||
a component according to the FIPS 140-3 IG, section 2.4.G.
|
a component according to the FIPS 140-3 IG, section 2.4.G.
|
||||||
|
|
||||||
Resolves: rhbz#2179331
|
Resolves: rhbz#2179331
|
||||||
|
Resolves: RHEL-14083
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
---
|
---
|
||||||
include/openssl/core_names.h | 2 ++
|
include/openssl/core_names.h | 2 ++
|
||||||
include/openssl/evp.h | 4 +++
|
include/openssl/evp.h | 4 +++
|
||||||
.../implementations/asymciphers/rsa_enc.c | 24 +++++++++++++++
|
.../implementations/asymciphers/rsa_enc.c | 19 ++++++++++++
|
||||||
providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
|
providers/implementations/kem/rsa_kem.c | 29 ++++++++++++++++++-
|
||||||
4 files changed, 59 insertions(+), 1 deletion(-)
|
4 files changed, 53 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
index 832502a034..e15d208421 100644
|
index 832502a034..e15d208421 100644
|
||||||
@ -37,7 +39,7 @@ index 832502a034..e15d208421 100644
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Encoder / decoder parameters
|
* Encoder / decoder parameters
|
||||||
@@ -503,6 +504,7 @@ extern "C" {
|
@@ -511,6 +512,7 @@ extern "C" {
|
||||||
|
|
||||||
/* KEM parameters */
|
/* KEM parameters */
|
||||||
#define OSSL_KEM_PARAM_OPERATION "operation"
|
#define OSSL_KEM_PARAM_OPERATION "operation"
|
||||||
@ -49,7 +51,7 @@ diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
|||||||
index ec2ba46fbd..3803b03422 100644
|
index ec2ba46fbd..3803b03422 100644
|
||||||
--- a/include/openssl/evp.h
|
--- a/include/openssl/evp.h
|
||||||
+++ b/include/openssl/evp.h
|
+++ b/include/openssl/evp.h
|
||||||
@@ -1757,6 +1757,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
|
@@ -1764,6 +1764,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
|
||||||
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
|
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
@ -64,25 +66,22 @@ diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/impleme
|
|||||||
index 568452ec56..2e7ea632d7 100644
|
index 568452ec56..2e7ea632d7 100644
|
||||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||||
@@ -399,6 +399,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
@@ -452,6 +452,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||||
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
|
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
|
+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
|
||||||
+ if (p != NULL) {
|
+ if (p != NULL) {
|
||||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
|
||||||
+
|
|
||||||
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
|
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
|
||||||
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
|
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
|
||||||
+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
|
+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
|
||||||
+ * explicit key confirmation is not implemented here and cannot be
|
+ * explicit key confirmation is not implemented here and cannot be
|
||||||
+ * implemented without protocol changes, and the FIPS provider does not
|
+ * implemented without protocol changes, and the FIPS provider does not
|
||||||
+ * implement trusted third party validation, since it relies on its
|
+ * implement trusted third party validation, since it relies on its
|
||||||
+ * callers to do that. We must thus mark RSA-OAEP as unapproved until
|
+ * callers to do that. A request for guidance sent to NIST resulted in
|
||||||
+ * we have received clarification from NIST on how library modules such
|
+ * further clarification which allows OpenSSL to claim RSA-OAEP. */
|
||||||
+ * as OpenSSL should implement TTP validation. */
|
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
||||||
+
|
+
|
||||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||||
+ return 0;
|
+ return 0;
|
||||||
@ -92,7 +91,7 @@ index 568452ec56..2e7ea632d7 100644
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -465,6 +493,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
@@ -465,6 +483,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||||
#ifdef FIPS_MODULE
|
#ifdef FIPS_MODULE
|
||||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||||
@ -104,7 +103,7 @@ diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations
|
|||||||
index 882cf16125..b4cc0f9237 100644
|
index 882cf16125..b4cc0f9237 100644
|
||||||
--- a/providers/implementations/kem/rsa_kem.c
|
--- a/providers/implementations/kem/rsa_kem.c
|
||||||
+++ b/providers/implementations/kem/rsa_kem.c
|
+++ b/providers/implementations/kem/rsa_kem.c
|
||||||
@@ -151,11 +151,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
|
@@ -151,11 +151,38 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
|
||||||
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||||
{
|
{
|
||||||
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
|
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
|
||||||
@ -124,10 +123,9 @@ index 882cf16125..b4cc0f9237 100644
|
|||||||
+ * explicit key confirmation is not implemented here and cannot be
|
+ * explicit key confirmation is not implemented here and cannot be
|
||||||
+ * implemented without protocol changes, and the FIPS provider does not
|
+ * implemented without protocol changes, and the FIPS provider does not
|
||||||
+ * implement trusted third party validation, since it relies on its
|
+ * implement trusted third party validation, since it relies on its
|
||||||
+ * callers to do that. We must thus mark RSASVE unapproved until we
|
+ * callers to do that. A request for guidance sent to NIST resulted in
|
||||||
+ * have received clarification from NIST on how library modules such as
|
+ * further clarification which allows OpenSSL to claim RSASVE. */
|
||||||
+ * OpenSSL should implement TTP validation. */
|
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
||||||
+
|
+
|
||||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||||
+ return 0;
|
+ return 0;
|
||||||
|
318
SOURCES/0128-CVE-2023-5363.patch
Normal file
318
SOURCES/0128-CVE-2023-5363.patch
Normal file
@ -0,0 +1,318 @@
|
|||||||
|
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
|
||||||
|
index d2ed3fd378..6a819590e6 100644
|
||||||
|
--- a/crypto/evp/evp_enc.c
|
||||||
|
+++ b/crypto/evp/evp_enc.c
|
||||||
|
@@ -223,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ /*
|
||||||
|
+ * Fix for CVE-2023-5363
|
||||||
|
+ * Passing in a size as part of the init call takes effect late
|
||||||
|
+ * so, force such to occur before the initialisation.
|
||||||
|
+ *
|
||||||
|
+ * The FIPS provider's internal library context is used in a manner
|
||||||
|
+ * such that this is not an issue.
|
||||||
|
+ */
|
||||||
|
+ if (params != NULL) {
|
||||||
|
+ OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
|
||||||
|
+ OSSL_PARAM_END };
|
||||||
|
+ OSSL_PARAM *q = param_lens;
|
||||||
|
+ const OSSL_PARAM *p;
|
||||||
|
+
|
||||||
|
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
|
||||||
|
+ if (p != NULL)
|
||||||
|
+ memcpy(q++, p, sizeof(*q));
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
|
||||||
|
+ * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
|
||||||
|
+ */
|
||||||
|
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
|
||||||
|
+ if (p != NULL)
|
||||||
|
+ memcpy(q++, p, sizeof(*q));
|
||||||
|
+
|
||||||
|
+ if (q != param_lens) {
|
||||||
|
+ if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
|
||||||
|
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (enc) {
|
||||||
|
if (ctx->cipher->einit == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
|
||||||
|
index cfffa21350..2318bf6a68 100644
|
||||||
|
--- a/test/evp_extra_test.c
|
||||||
|
+++ b/test/evp_extra_test.c
|
||||||
|
@@ -4851,6 +4851,253 @@ static int test_ecx_not_private_key(int tst)
|
||||||
|
return options;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
|
||||||
|
+ const unsigned char *gcm_iv, size_t gcm_ivlen,
|
||||||
|
+ const unsigned char *gcm_pt, size_t gcm_pt_s,
|
||||||
|
+ const unsigned char *gcm_aad, size_t gcm_aad_s,
|
||||||
|
+ const unsigned char *gcm_ct, size_t gcm_ct_s,
|
||||||
|
+ const unsigned char *gcm_tag, size_t gcm_tag_s)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_CIPHER_CTX *ctx;
|
||||||
|
+ EVP_CIPHER *cipher = NULL;
|
||||||
|
+ int outlen, tmplen;
|
||||||
|
+ unsigned char outbuf[1024];
|
||||||
|
+ unsigned char outtag[16];
|
||||||
|
+ OSSL_PARAM params[2] = {
|
||||||
|
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|
||||||
|
+ || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
|
||||||
|
+ &gcm_ivlen);
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
|
||||||
|
+ || (gcm_aad != NULL
|
||||||
|
+ && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
|
||||||
|
+ gcm_aad, gcm_aad_s)))
|
||||||
|
+ || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
|
||||||
|
+ gcm_pt, gcm_pt_s))
|
||||||
|
+ || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
||||||
|
+ outtag, sizeof(outtag));
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
|
||||||
|
+ || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
|
||||||
|
+ || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+err:
|
||||||
|
+ EVP_CIPHER_free(cipher);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
|
||||||
|
+ const unsigned char *gcm_iv, size_t gcm_ivlen,
|
||||||
|
+ const unsigned char *gcm_pt, size_t gcm_pt_s,
|
||||||
|
+ const unsigned char *gcm_aad, size_t gcm_aad_s,
|
||||||
|
+ const unsigned char *gcm_ct, size_t gcm_ct_s,
|
||||||
|
+ const unsigned char *gcm_tag, size_t gcm_tag_s)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_CIPHER_CTX *ctx;
|
||||||
|
+ EVP_CIPHER *cipher = NULL;
|
||||||
|
+ int outlen;
|
||||||
|
+ unsigned char outbuf[1024];
|
||||||
|
+ OSSL_PARAM params[2] = {
|
||||||
|
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
|
||||||
|
+ &gcm_ivlen);
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
|
||||||
|
+ || (gcm_aad != NULL
|
||||||
|
+ && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
|
||||||
|
+ gcm_aad, gcm_aad_s)))
|
||||||
|
+ || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
|
||||||
|
+ gcm_ct, gcm_ct_s))
|
||||||
|
+ || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
||||||
|
+ (void*)gcm_tag, gcm_tag_s);
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
|
||||||
|
+ ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+err:
|
||||||
|
+ EVP_CIPHER_free(cipher);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
|
||||||
|
+{
|
||||||
|
+ /* AES-GCM test data obtained from NIST public test vectors */
|
||||||
|
+ static const unsigned char gcm_key[] = {
|
||||||
|
+ 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
|
||||||
|
+ 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
|
||||||
|
+ 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char gcm_iv[] = {
|
||||||
|
+ 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
|
||||||
|
+ 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
|
||||||
|
+ 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
|
||||||
|
+ 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
|
||||||
|
+ 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
|
||||||
|
+ 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
|
||||||
|
+ 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
|
||||||
|
+ 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
|
||||||
|
+ 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
|
||||||
|
+ 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
|
||||||
|
+ 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char gcm_pt[] = {
|
||||||
|
+ 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
|
||||||
|
+ 0x4f, 0xe3, 0x6f, 0x81,
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char gcm_ct[] = {
|
||||||
|
+ 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
|
||||||
|
+ 0xe2, 0xd0, 0xec, 0xed,
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char gcm_tag[] = {
|
||||||
|
+ 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
|
||||||
|
+ 0xdb, 0x99, 0x6c, 0x21,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
|
||||||
|
+ gcm_pt, sizeof(gcm_pt), NULL, 0,
|
||||||
|
+ gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
|
||||||
|
+ && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
|
||||||
|
+ gcm_pt, sizeof(gcm_pt), NULL, 0,
|
||||||
|
+ gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#ifndef OPENSSL_NO_RC4
|
||||||
|
+static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
|
||||||
|
+ const unsigned char *rc4_pt, size_t rc4_pt_s,
|
||||||
|
+ const unsigned char *rc4_ct, size_t rc4_ct_s)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_CIPHER_CTX *ctx;
|
||||||
|
+ EVP_CIPHER *cipher = NULL;
|
||||||
|
+ int outlen, tmplen;
|
||||||
|
+ unsigned char outbuf[1024];
|
||||||
|
+ OSSL_PARAM params[2] = {
|
||||||
|
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|
||||||
|
+ || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
|
||||||
|
+ &rc4_key_s);
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
|
||||||
|
+ || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
|
||||||
|
+ rc4_pt, rc4_pt_s))
|
||||||
|
+ || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+err:
|
||||||
|
+ EVP_CIPHER_free(cipher);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
|
||||||
|
+ const unsigned char *rc4_pt, size_t rc4_pt_s,
|
||||||
|
+ const unsigned char *rc4_ct, size_t rc4_ct_s)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_CIPHER_CTX *ctx;
|
||||||
|
+ EVP_CIPHER *cipher = NULL;
|
||||||
|
+ int outlen;
|
||||||
|
+ unsigned char outbuf[1024];
|
||||||
|
+ OSSL_PARAM params[2] = {
|
||||||
|
+ OSSL_PARAM_END, OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
|
||||||
|
+ &rc4_key_s);
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
|
||||||
|
+ || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
|
||||||
|
+ rc4_ct, rc4_ct_s))
|
||||||
|
+ || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+err:
|
||||||
|
+ EVP_CIPHER_free(cipher);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int test_aes_rc4_keylen_change_cve_2023_5363(void)
|
||||||
|
+{
|
||||||
|
+ /* RC4 test data obtained from RFC 6229 */
|
||||||
|
+ static const struct {
|
||||||
|
+ unsigned char key[5];
|
||||||
|
+ unsigned char padding[11];
|
||||||
|
+ } rc4_key = {
|
||||||
|
+ { /* Five bytes of key material */
|
||||||
|
+ 0x83, 0x32, 0x22, 0x77, 0x2a,
|
||||||
|
+ },
|
||||||
|
+ { /* Random padding to 16 bytes */
|
||||||
|
+ 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
|
||||||
|
+ }
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char rc4_pt[] = {
|
||||||
|
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||||
|
+ };
|
||||||
|
+ static const unsigned char rc4_ct[] = {
|
||||||
|
+ 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
|
||||||
|
+ 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if (lgcyprov == NULL)
|
||||||
|
+ return TEST_skip("Test requires legacy provider to be loaded");
|
||||||
|
+
|
||||||
|
+ return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
|
||||||
|
+ rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
|
||||||
|
+ && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
|
||||||
|
+ rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
int setup_tests(void)
|
||||||
|
{
|
||||||
|
OPTION_CHOICE o;
|
||||||
|
@@ -4994,6 +5241,12 @@ int setup_tests(void)
|
||||||
|
|
||||||
|
ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
|
||||||
|
|
||||||
|
+ /* Test cases for CVE-2023-5363 */
|
||||||
|
+ ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
|
||||||
|
+#ifndef OPENSSL_NO_RC4
|
||||||
|
+ ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
49
SOURCES/0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
49
SOURCES/0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
From 0d873f9f647764df147d818a6e998b1c318bac31 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Mon, 16 Oct 2023 15:30:26 +0200
|
||||||
|
Subject: [PATCH] rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check
|
||||||
|
|
||||||
|
The code did not yet check that the length of the RSA key is positive
|
||||||
|
and even.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
Upstream-Status: Backport [8b268541d9aabee51699aef22963407362830ef9]
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_sp800_56b_check.c | 5 +++++
|
||||||
|
test/rsa_sp800_56b_test.c | 4 ++++
|
||||||
|
2 files changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
|
||||||
|
index fc8f19b487..e6b79e953d 100644
|
||||||
|
--- a/crypto/rsa/rsa_sp800_56b_check.c
|
||||||
|
+++ b/crypto/rsa/rsa_sp800_56b_check.c
|
||||||
|
@@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+ /* (Step 3.c): check that the modulus length is a positive even integer */
|
||||||
|
+ if (nbits <= 0 || (nbits & 0x1)) {
|
||||||
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ctx = BN_CTX_new_ex(rsa->libctx);
|
||||||
|
if (ctx == NULL)
|
||||||
|
diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c
|
||||||
|
index 7660019f47..aa58bbbe6c 100644
|
||||||
|
--- a/test/rsa_sp800_56b_test.c
|
||||||
|
+++ b/test/rsa_sp800_56b_test.c
|
||||||
|
@@ -458,6 +458,10 @@ static int test_invalid_keypair(void)
|
||||||
|
&& TEST_true(BN_add_word(n, 1))
|
||||||
|
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
|
||||||
|
&& TEST_true(BN_sub_word(n, 1))
|
||||||
|
+ /* check that validation fails if len(n) is not even */
|
||||||
|
+ && TEST_true(BN_lshift1(n, n))
|
||||||
|
+ && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2049))
|
||||||
|
+ && TEST_true(BN_rshift1(n, n))
|
||||||
|
/* check p */
|
||||||
|
&& TEST_true(BN_sub_word(p, 2))
|
||||||
|
&& TEST_true(BN_mul(n, p, q, ctx))
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 24%{?dist}
|
Release: 25%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -197,6 +197,9 @@ Patch121: 0121-FIPS-cms-defaults.patch
|
|||||||
Patch122: 0122-CVE-2023-2650.patch
|
Patch122: 0122-CVE-2023-2650.patch
|
||||||
# https://github.com/openssl/openssl/pull/19386
|
# https://github.com/openssl/openssl/pull/19386
|
||||||
Patch123: 0123-ibmca-atexit-crash.patch
|
Patch123: 0123-ibmca-atexit-crash.patch
|
||||||
|
Patch128: 0128-CVE-2023-5363.patch
|
||||||
|
# https://github.com/openssl/openssl/pull/22403
|
||||||
|
Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -522,6 +525,19 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 25 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
|
||||||
|
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
|
||||||
|
Resolves: RHEL-13249
|
||||||
|
- Switch explicit FIPS indicator for RSA-OAEP to approved following
|
||||||
|
clarification with CMVP
|
||||||
|
Resolves: RHEL-14614
|
||||||
|
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
|
||||||
|
Resolves: RHEL-14614
|
||||||
|
- Add missing ECDH Public Key Check in FIPS mode
|
||||||
|
Resolves: RHEL-15993
|
||||||
|
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
|
||||||
|
Resolves: RHEL-17111
|
||||||
|
|
||||||
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
||||||
- Make FIPS module configuration more crypto-policies friendly
|
- Make FIPS module configuration more crypto-policies friendly
|
||||||
Related: rhbz#2216256
|
Related: rhbz#2216256
|
||||||
|
Loading…
Reference in New Issue
Block a user