Commit Graph

177 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
b393177f7d openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode
Resolves: rhbz#2083240
2022-05-23 19:16:09 +02:00
Clemens Lang
389313b118 FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}
1. Deny SHA-1 signature verification in FIPS provider

For RHEL, we already disable SHA-1 signatures by default in the default
provider, so it is unexpected that the FIPS provider would have a more
lenient configuration in this regard. Additionally, we do not think
continuing to accept SHA-1 signatures is a good idea due to the
published chosen-prefix collision attacks.

As a consequence, disable verification of SHA-1 signatures in the FIPS
provider.

This requires adjusting a few tests that would otherwise fail:
- 30-test_acvp: Remove the test vectors that use SHA-1.
- 30-test_evp: Mark tests in evppkey_rsa_common.txt and
  evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default",
  which will not run them when the FIPS provider is enabled.
- 80-test_cms: Re-generate all certificates in test/smime-certificates
  using the mksmime-certs.sh script, because most of them were signed
  with SHA-1 and thus fail verification in the FIPS provider. Keep
  smec3.pem, which was used to sign static test data in
  test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms, which would
  otherwise no longer verify. Note that smec3.pem was signed with
  a smroot.pem, which was now re-generated. This does not affect the
  test.
  Fix some other tests by explicitly running them in the default
  provider, where SHA-1 is available.
- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with
  the FIPS provider.

2. Disable EVP_PKEY_{sign,verify} in FIPS provider

The APIs to compute both digest and signature in one step,
EVP_DigestSign*/EVP_DigestVerify* and EVP_Sign*/EVP_Verify*, should be
used instead. This ensures that the digest is computed inside of the
FIPS module, and that only approved digests are used.

Update documentation for EVP_PKEY_{sign,verify} to reflect this.

Since the KATs use EVP_PKEY_sign/EVP_PKEY_verify, modify the tests to
set the OSSL_SIGNATURE_PARAM_KAT parameter and use EVP_PKEY_sign_init_ex
and EVP_PKEY_verify_init_ex where these parameters can be passed on
creation and allow EVP_PKEY_sign/EVP_PKEY_verify when this parameter is
set and evaluates as true.

Move tests that use the EVP_PKEY API to only run in the default
provider, since they would fail in the FIPS provider. This also affects
a number of CMS tests where error handling is insufficient and failure
to sign would only show up when verifying the CMS structure due to
a parse error.

Resolves: rhbz#2087147
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-05-23 17:02:25 +02:00
Dmitry Belyavskiy
87f109e9fb Use KAT for ECDSA signature tests
Resolves: rhbz#2069235
2022-05-16 18:54:17 +02:00
Dmitry Belyavskiy
69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
Resolves: rhbz#2063947
2022-05-12 13:45:42 +02:00
Dmitry Belyavskiy
b4d281e4de -config argument of openssl app should work properly
Resolves: rhbz#2083274
2022-05-12 13:29:27 +02:00
Dmitry Belyavskiy
1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
Resolves: rhbz#2058663
2022-05-06 17:41:32 +02:00
Clemens Lang
1447e64bc3 Include hash in FIPS module version
Include a hash of specfile, patches, and sources in the FIPS module
version. This should allow us to uniquely identify a build that we do,
so that we can be sure which specific binary is being submitted for
validation and was certified.

The previous solution used $(date +%Y%m%d), which had some risks related
to build server timezone and build date differences on different
architectures.

Resolves: rhbz#2070550
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-05-06 13:16:36 +02:00
Dmitry Belyavskiy
ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms
Resolves: rhbz#2081378
2022-05-05 17:34:49 +02:00
Dmitry Belyavskiy
6ba0e5efa3 When FIPS provider is in use, we forbid only some padding modes - spec
Resolves: rhbz#2053289
2022-05-02 18:33:35 +02:00
Clemens Lang
9afaa3d1f4 Fix regression in evp_pkey_name2type caused by tr_TR locale fix
Resolves: rhbz#2071631
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-04-28 13:39:35 +02:00
Dmitry Belyavskiy
a711ac2e4f Fix openssl curl error with LANG=tr_TR.utf8
Resolves: rhbz#2071631
2022-04-21 15:16:46 +02:00
Dmitry Belyavskiy
7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport
Resolves: rhbz#2053289
2022-03-29 13:32:47 +02:00
Clemens Lang
93ff3f8fe5 Fix occasional internal error in TLS when DHE is used
Resolves: rhbz#2004915
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-22 13:04:16 +01:00
Clemens Lang
153f593fa6 Fix SHA1 certs in LEGACY without openssl lib ctxt
Resolves: rhbz#2065400
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-18 13:36:55 +01:00
Clemens Lang
4eb630f7d5 Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
Resolves: rhbz#2065400
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-18 09:27:51 +01:00
Dmitry Belyavskiy
03697fff80 CVE-2022-0778 fix
Resolves: rhbz#2062315
2022-03-16 15:03:25 +01:00
Clemens Lang
bc7dfd9722 Fix RSA PSS padding with SHA-1 disabled
Invocations of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING)
before setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
would fail with SHA-1 use in signatures disabled, because OpenSSL's
internal default for the digest was SHA-1.

This isn't documented in any of the manpages, hence we expect users to
always call both EVP_PKEY_CTX_set_rsa_padding() and
EVP_PKEY_CTX_set_signature_md(). We do not want set_rsa_padding() to
fail if users set a non-SHA-1 signature algorithm after setting the
padding mode, though, so change the internal default to SHA-256 if SHA-1
is disabled.

Resolves: rhbz#2062640
2022-03-10 13:29:29 +01:00
Clemens Lang
3c66c99bd5 Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
We want legacy policy to be able to talk to older RHEL that only
supports SHA1 signature algorithms, so allow SHA1 signatures even in
seclevel 2 if rh-allow-sha1-signatures is set to yes.

Resolves: rhbz#2060510
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-04 10:19:04 +01:00
Clemens Lang
ede38fcb54 Prevent use of SHA1 with ECDSA
providers/implementations/signature/{ec,}dsa_sig.c accept a NID_undef
digest, so to prevent SHA1 from working with ECDSA and DSA, we must
return a negative value in securitycheck.c.

Resolves: rhbz#2031742
2022-02-25 14:45:22 +01:00
Dmitry Belyavskiy
ea9f0a5726 OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Resolves: rhbz#1977867
2022-02-25 12:37:01 +01:00
Peter Robinson
849a9965ee Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261
Signed-off-by: Peter Robinson <pbrobinson@redhat.com>
2022-02-24 10:14:16 +00:00
Clemens Lang
53f53fedec Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-23 17:53:55 +01:00
Dmitry Belyavskiy
b33dfd3fc3 Spec bump
Resolves: rhbz#2031742
2022-02-23 11:47:25 +01:00
Clemens Lang
5a9ab1160e Allow SHA1 usage in HMAC in TLS
The EVP_DigestSign API is used in TLS to compute a SHA1 HMAC, which is
OK from our point of view, but was blocked so far. Modify
0049-Selectively-disallow-SHA1-signatures.patch to check the EVP_PKEY
type for HMAC (and TLS1-PRF and HKDF), and allow SHA1 for these cases.

Note that TLS1.1 signs a MD5-SHA1 hash with a private key, which does
not work with rh-allow-sha1-signatures = no, so the minimum TLS version
will be TLS 1.2.

Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-22 19:40:20 +01:00
Dmitry Belyavskiy
53b85f538c OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Resolves: rhbz#1977867
2022-02-22 16:32:34 +01:00
Clemens Lang
78fb78d307 Disable SHA1 signature creation and verification by default
Set rh-allow-sha1-signatures = yes to re-enable

Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-22 12:25:35 +01:00
Sahana Prasad
0a5c81da78 s_server: correctly handle 2^14 byte long records
Resolves: rhbz#2042011

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-02-03 15:37:48 +01:00
Dmitry Belyavskiy
922b5301ea Adjust FIPS provider version
FIPS provider version is now autofilled from release and date
Related: rhbz#2026445
2022-02-01 16:02:01 +01:00
Dmitry Belyavskiy
8c3b745547 On the s390x, zeroize all the copies of TLS premaster secret
Related: rhbz#2040448
2022-01-26 16:50:19 +01:00
Dmitry Belyavskiy
92e721fa5d Rebuild
Related: rhbz#2026445
2022-01-21 14:40:57 +01:00
Dmitry Belyavskiy
d237e7f301 Restoring fips=yes to SHA-1
Related: rhbz#2026445
2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy
9df33eabbe KATS self-tests should run before HMAC verifcation
Related: rhbz#2041994
2022-01-21 13:48:28 +01:00
Sahana Prasad
f5421022ee Adds enable-buildtest-c++ to the configure options.
Related: rhbz#1990814

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-20 16:37:50 +01:00
Sahana Prasad
78a467efcc Rebase to upstream version 3.0.1
Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Resolves: rhbz#2038910, rhbz#2035148

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-18 18:30:10 +01:00
Dmitry Belyavskiy
e63c4b68b2 Update spec file, remove fipsmodule.cnf
Related: rhbz#2026445
2022-01-17 14:18:22 +01:00
Dmitry Belyavskiy
225b6d37b9 openssl speed should run in FIPS mode
Related: rhbz#1977318
2021-12-21 16:16:07 +01:00
Dmitry Belyavskiy
4c1c00d6af Updated spec, some cleanup done
Related: rhbz#1985362
2021-11-24 13:44:25 +01:00
Dmitry Belyavskiy
9422ae52de Always activate default provider via config
Related: rhbz#1985362
2021-11-23 16:52:23 +01:00
Dmitry Belyavskiy
210c37e906 Disable fipsinstall application
Related: rhbz#1985362
2021-11-23 15:02:48 +01:00
Dmitry Belyavskiy
3ff0db7558 Embed correct HMAC into fips provider
We have stripped production version and unstripped version for tests.
Related: rhbz#1985362
2021-11-23 15:02:14 +01:00
Dmitry Belyavskiy
694c426faf Fix memory leak in s_client
Related: rhbz#1996092
2021-10-07 19:08:23 +02:00
Dmitry Belyavskiy
b76c2316a3 KTLS and FIPS may interfere, so tests need to be tuned
Resolves: rhbz#1961643
2021-09-22 17:15:22 +02:00
Dmitry Belyavskiy
3edf474b5d Avoid double-free on error seeding the RNG.
Resolves: rhbz#1952844
2021-09-20 17:13:26 +02:00
Sahana Prasad
34d46544a5 Rebase to upstream version 3.0.0
Related: rhbz#1990814

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-09-09 13:07:02 +02:00
Sahana Prasad
07de966235 - Removes the dual-abi build as it not required anymore. The mass rebuild
was completed and all packages are rebuilt against Beta version.
Resolves: rhbz#1984097

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-25 17:02:52 +02:00
Dmitry Belyavskiy
ddd1eb3708 Correctly processing CMS reading from /dev/stdin
Resolves: rhbz#1986315
2021-08-23 10:45:49 +02:00
Sahana Prasad
49de59749c Add instruction for loading legacy provider in openssl.cnf
Resolves: rhbz#1975836

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-16 14:16:12 +02:00
Sahana Prasad
03899fca38 Adds support for IDEA encryption.
Resolves: rhbz#1990602

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-16 11:44:00 +02:00
Sahana Prasad
0c6f4a599c - Fixes core dump in openssl req -modulus
- Fixes 'openssl req' to not ask for password when non-encrypted private key
  is used
- cms: Do not try to check binary format on stdin and -rctform fix
- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-10 16:54:16 +02:00
Mohan Boddu
2862adca42 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:44:21 +00:00
Dmitry Belyavskiy
ecb6630fd3 When signature_algorithm extension is omitted, use more relevant alerts
Resolves: rhbz#1965017
2021-08-04 15:55:01 +02:00
Sahana Prasad
fe7445d93d Rebase to upstream version beta2
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-08-03 15:11:22 +02:00
Sahana Prasad
0b6afca185 - Prevents creation of duplicate cert entries in PKCS #12 files
Resolves: rhbz#1978670

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-22 15:38:17 +02:00
Sahana Prasad
e3d0ba4f1e NVR Bump to Update to OpenSSL 3.0 Beta1 version
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-21 14:37:35 +02:00
Sahana Prasad
529b968a17 Update patch dual-abi.patch to add the #define macros in implementation
files instead of public header files

Related: rhbz#1903209
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-19 14:00:13 +02:00
Sahana Prasad
a3158ae4f7 Removes unused patch dual-abi.patch
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-14 14:20:07 +02:00
Sahana Prasad
d4e97b3110 Update to Beta1 version
Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16

Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-14 13:31:08 +02:00
Sahana Prasad
90bf702df6 - Fixes override of openssl_conf in openssl.cnf
- Use AI_ADDRCONFIG only when explicit host name is given
- Temporarily remove fipsmodule.cnf for arch i686
- Fixes segmentation fault in BN_lebin2bn

Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-06 22:35:53 +02:00
Sahana Prasad
4f728a9f3f Fixes override of openssl_conf in openssl.cnf
Resolves: rhbz#1975847

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-06 13:56:08 +02:00
Sahana Prasad
826e7990ea Adds FIPS mode compatibility patch
Related: rhbz#1977318
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-02 21:05:44 +02:00
Sahana Prasad
240131b9eb - Fixes system hang issue when booted in FIPS mode
- Temporarily disable downstream FIPS patches
Related: rhbz#1977318

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-02 20:15:32 +02:00
Mohan Boddu
220d8a96f5 Spec bump and changelog for Speeding up building openssl
Related: rhbz#1903209

Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-14 08:56:05 -04:00
Dmitry Belyavskiy
b0a763c723 Speeding up building openssl
Resolves: rhbz#1903209
Signed-off-by: Dmitry Belyavskiy <dbelyavs@redhat.com>
2021-06-11 13:10:06 +02:00
Sahana Prasad
e863fff325 Fix reading SPKAC data from stdin
Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
Return 0 after cleanup in OPENSSL_init_crypto()
Cleanup the peer point formats on regotiation
Fix default digest to SHA256

Resolves: rhbz#1958045, rhbz#1952850, rhbz#1961687
Related: rhbz#1958033
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-06-04 11:07:23 +02:00
Sahana Prasad
5fa0564b3a Enable FIPS via config options
Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-05-27 15:53:25 +02:00
Sahana Prasad
ef962954ab Update to alpha 16 version
Avoids sending alert after orderly connection close
Resolves: rhbz#1952901, rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-05-17 11:37:19 +02:00
Sahana Prasad
eeabdb936d Merge gitlab.com:redhat/centos-stream/rpms/openssl into c9s 2021-04-26 21:39:03 +02:00
Sahana Prasad
007b0e01a9 Update to alpha 15 version
Resolves: openssl speed crashes rhbz#1952598
  Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-26 19:31:15 +02:00
Mohan Boddu
620c697740 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:42:42 +00:00
Sahana Prasad
ec7ef62793 Rebase to OpenSSL version 3.0.0
Note: This is a W.I.P as this is a huge rebase.
Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-12 00:34:30 +02:00
DistroBaker
098f88f008 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#0f5f931f9a64a3fe3221c75ed799914cfd90b0db
2021-03-31 15:25:23 +00:00
DistroBaker
efa5f39ef0 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
2021-03-11 19:58:41 +00:00
DistroBaker
f731f488ac Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#fb8e66a58fb43344f23aefb4eaefe1b6ca04a80d
2021-02-11 17:09:01 +00:00
DistroBaker
6cc21a3e02 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#d34c6392bf98cf355fca2f80538dcfdfd5c281f1
2021-02-03 20:19:33 +00:00
DistroBaker
e33651f416 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#a07706cf0e50b02a61d3cb10ecad554d4ac4240c
2020-12-10 01:32:28 +01:00
DistroBaker
a99ab8f40a Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#3413ff9700373616a74dcf14fe75868d046e22e2
2020-11-09 15:40:36 +00:00
Petr Šabata
16459847f1 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/openssl#7ae2c9cd854539d3f09c5da76a55f6ff55ce55a8
2020-10-15 22:27:53 +02:00