diff --git a/.gitignore b/.gitignore index 31ec31d..3f8b238 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.1.4.tar.gz /openssl-3.2.1.tar.gz /openssl-3.2.2.tar.gz +/openssl-3.5.0.tar.gz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch similarity index 58% rename from 0001-Aarch64-and-ppc64le-use-lib64.patch rename to 0001-RH-Aarch64-and-ppc64le-use-lib64.patch index e5d23ba..6cb27b1 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch @@ -1,18 +1,23 @@ -From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:01:41 +0200 -Subject: Aarch64 and ppc64le use lib64 +From fb792883f3ccc55997fdc21a9c1052f778dea1ac Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 01/50] RH: Aarch64 and ppc64le use lib64 -(Was openssl-1.1.1-build.patch) +Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch +Patch-id: 1 +Patch-status: | + # # Patches exported from source git + # # Aarch64 and ppc64le use lib64 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- Configurations/10-main.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index d7580bf3e1..a7dbfd7f40 100644 +index cba57b4127..3e327017ef 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf -@@ -723,6 +723,7 @@ my %targets = ( +@@ -726,6 +726,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', perlasm_scheme => "linux64le", @@ -20,7 +25,7 @@ index d7580bf3e1..a7dbfd7f40 100644 }, "linux-armv4" => { -@@ -765,6 +766,7 @@ my %targets = ( +@@ -768,6 +769,7 @@ my %targets = ( inherit_from => [ "linux-generic64" ], asm_arch => 'aarch64', perlasm_scheme => "linux64", @@ -29,5 +34,5 @@ index d7580bf3e1..a7dbfd7f40 100644 "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32" ], -- -2.26.2 +2.49.0 diff --git a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch new file mode 100644 index 0000000..f0808db --- /dev/null +++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch @@ -0,0 +1,456 @@ +From 193d88dfd8d131d2057fc69b4e2abb66f51924d0 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 6 Mar 2025 08:40:29 -0500 +Subject: [PATCH 02/50] Add a separate config file to use for rpm installs + +In RHEL/Fedora systems we want to use a slightly different set +of defaults, but we do not want to change the standard config file +because there are many assumptions about its configuration in +openssl upstream tests. + +So we create a separate one to use to override the default on on +installation. + +This config file differs from upstream for: +- CA directory tree paths +- Instructions about legacy provider +- Default certificate digest (set to sha256) + +Signed-off-by: Simo Sorce +--- + doc/man5/config.pod | 8 + + rh-openssl.cnf | 403 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 411 insertions(+) + create mode 100644 rh-openssl.cnf + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index e24ea0c595..39fa468320 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -284,6 +284,14 @@ Note this setting defaults to off if not provided + All parameters in the section as well as sub-sections are made + available to the provider. + ++=head3 Loading the legacy provider ++ ++Uncomment the sections that start with ## in openssl.cnf ++to enable the legacy provider. ++Note: In general it is not recommended to use the above mentioned algorithms for ++security critical operations, as they are cryptographically weak or vulnerable ++to side-channel attacks and as such have been deprecated. ++ + =head3 Default provider and its activation + + If no providers are activated explicitly, the default one is activated implicitly. +diff --git a/rh-openssl.cnf b/rh-openssl.cnf +new file mode 100644 +index 0000000000..20f5962541 +--- /dev/null ++++ b/rh-openssl.cnf +@@ -0,0 +1,403 @@ ++# ++# OpenSSL example configuration file. ++# See doc/man5/config.pod for more info. ++# ++# This is mostly being used for generation of certificate requests, ++# but may be used for auto loading of providers ++ ++# Note that you can include other files from the main configuration ++# file using the .include directive. ++#.include filename ++ ++# This definition stops the following lines choking if HOME isn't ++# defined. ++HOME = . ++ ++# Use this in order to automatically load providers. ++openssl_conf = openssl_init ++ ++# Comment out the next line to ignore configuration errors ++config_diagnostics = 0 ++ ++# Extra OBJECT IDENTIFIER info: ++# oid_file = $ENV::HOME/.oid ++oid_section = new_oids ++ ++# To use this configuration file with the "-extfile" option of the ++# "openssl x509" utility, name here the section containing the ++# X.509v3 extensions to use: ++# extensions = ++# (Alternatively, use a configuration file that has only ++# X.509v3 extensions in its main [= default] section.) ++ ++[ new_oids ] ++# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. ++# Add a simple OID like this: ++# testoid1=1.2.3.4 ++# Or use config file substitution like this: ++# testoid2=${testoid1}.5.6 ++ ++# Policies used by the TSA examples. ++tsa_policy1 = 1.2.3.4.1 ++tsa_policy2 = 1.2.3.4.5.6 ++tsa_policy3 = 1.2.3.4.5.7 ++ ++[openssl_init] ++providers = provider_sect ++# Uncomment the sections that start with ## below to enable the legacy provider. ++# Loading the legacy provider enables support for the following algorithms: ++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 ++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED ++# Key Derivation Function (KDF): PBKDF1 ++# In general it is not recommended to use the above mentioned algorithms for ++# security critical operations, as they are cryptographically weak or vulnerable ++# to side-channel attacks and as such have been deprecated. ++ ++# Load default TLS policy configuration ++ssl_conf = ssl_module ++alg_section = evp_properties ++ ++[ evp_properties ] ++#This section is intentionally added empty here ++#to be tuned on particular systems ++ ++# List of providers to load ++[provider_sect] ++default = default_sect ++##legacy = legacy_sect ++## ++[default_sect] ++activate = 1 ++ ++##[legacy_sect] ++##activate = 1 ++ ++#Place the third party provider configuration files into this folder ++.include /etc/pki/tls/openssl.d ++ ++ ++[ ssl_module ] ++ ++system_default = crypto_policy ++ ++[ crypto_policy ] ++ ++.include = /etc/crypto-policies/back-ends/opensslcnf.config ++ ++#################################################################### ++[ ca ] ++default_ca = CA_default # The default ca section ++ ++#################################################################### ++[ CA_default ] ++ ++dir = /etc/pki/CA # Where everything is kept ++certs = $dir/certs # Where the issued certs are kept ++crl_dir = $dir/crl # Where the issued crl are kept ++database = $dir/index.txt # database index file. ++#unique_subject = no # Set to 'no' to allow creation of ++ # several certs with same subject. ++new_certs_dir = $dir/newcerts # default place for new certs. ++ ++certificate = $dir/cacert.pem # The CA certificate ++serial = $dir/serial # The current serial number ++crlnumber = $dir/crlnumber # the current crl number ++ # must be commented out to leave a V1 CRL ++crl = $dir/crl.pem # The current CRL ++private_key = $dir/private/cakey.pem # The private key ++ ++x509_extensions = usr_cert # The extensions to add to the cert ++ ++# Comment out the following two lines for the "traditional" ++# (and highly broken) format. ++name_opt = ca_default # Subject Name options ++cert_opt = ca_default # Certificate field options ++ ++# Extension copying option: use with caution. ++# copy_extensions = copy ++ ++# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs ++# so this is commented out by default to leave a V1 CRL. ++# crlnumber must also be commented out to leave a V1 CRL. ++# crl_extensions = crl_ext ++ ++default_days = 365 # how long to certify for ++default_crl_days= 30 # how long before next CRL ++default_md = sha256 # use SHA-256 by default ++preserve = no # keep passed DN ordering ++ ++# A few difference way of specifying how similar the request should look ++# For type CA, the listed attributes must be the same, and the optional ++# and supplied fields are just that :-) ++policy = policy_match ++ ++# For the CA policy ++[ policy_match ] ++countryName = match ++stateOrProvinceName = match ++organizationName = match ++organizationalUnitName = optional ++commonName = supplied ++emailAddress = optional ++ ++# For the 'anything' policy ++# At this point in time, you must list all acceptable 'object' ++# types. ++[ policy_anything ] ++countryName = optional ++stateOrProvinceName = optional ++localityName = optional ++organizationName = optional ++organizationalUnitName = optional ++commonName = supplied ++emailAddress = optional ++ ++#################################################################### ++[ req ] ++default_bits = 2048 ++default_keyfile = privkey.pem ++distinguished_name = req_distinguished_name ++attributes = req_attributes ++x509_extensions = v3_ca # The extensions to add to the self signed cert ++ ++# Passwords for private keys if not present they will be prompted for ++# input_password = secret ++# output_password = secret ++ ++# This sets a mask for permitted string types. There are several options. ++# default: PrintableString, T61String, BMPString. ++# pkix : PrintableString, BMPString (PKIX recommendation before 2004) ++# utf8only: only UTF8Strings (PKIX recommendation after 2004). ++# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). ++# MASK:XXXX a literal mask value. ++# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. ++string_mask = utf8only ++ ++# req_extensions = v3_req # The extensions to add to a certificate request ++ ++[ req_distinguished_name ] ++countryName = Country Name (2 letter code) ++countryName_default = XX ++countryName_min = 2 ++countryName_max = 2 ++ ++stateOrProvinceName = State or Province Name (full name) ++#stateOrProvinceName_default = Default Province ++ ++localityName = Locality Name (eg, city) ++localityName_default = Default City ++ ++0.organizationName = Organization Name (eg, company) ++0.organizationName_default = Default Company Ltd ++ ++# we can do this but it is not needed normally :-) ++#1.organizationName = Second Organization Name (eg, company) ++#1.organizationName_default = World Wide Web Pty Ltd ++ ++organizationalUnitName = Organizational Unit Name (eg, section) ++#organizationalUnitName_default = ++ ++commonName = Common Name (eg, your name or your server\'s hostname) ++commonName_max = 64 ++ ++emailAddress = Email Address ++emailAddress_max = 64 ++ ++# SET-ex3 = SET extension number 3 ++ ++[ req_attributes ] ++challengePassword = A challenge password ++challengePassword_min = 4 ++challengePassword_max = 20 ++ ++unstructuredName = An optional company name ++ ++[ usr_cert ] ++ ++# These extensions are added when 'ca' signs a request. ++ ++# This goes against PKIX guidelines but some CAs do it and some software ++# requires this to avoid interpreting an end user certificate as a CA. ++ ++basicConstraints=CA:FALSE ++ ++# This is typical in keyUsage for a client certificate. ++# keyUsage = nonRepudiation, digitalSignature, keyEncipherment ++ ++# PKIX recommendations harmless if included in all certificates. ++subjectKeyIdentifier=hash ++authorityKeyIdentifier=keyid,issuer ++ ++# This stuff is for subjectAltName and issuerAltname. ++# Import the email address. ++# subjectAltName=email:copy ++# An alternative to produce certificates that aren't ++# deprecated according to PKIX. ++# subjectAltName=email:move ++ ++# Copy subject details ++# issuerAltName=issuer:copy ++ ++# This is required for TSA certificates. ++# extendedKeyUsage = critical,timeStamping ++ ++[ v3_req ] ++ ++# Extensions to add to a certificate request ++ ++basicConstraints = CA:FALSE ++keyUsage = nonRepudiation, digitalSignature, keyEncipherment ++ ++[ v3_ca ] ++ ++ ++# Extensions for a typical CA ++ ++ ++# PKIX recommendation. ++ ++subjectKeyIdentifier=hash ++ ++authorityKeyIdentifier=keyid:always,issuer ++ ++basicConstraints = critical,CA:true ++ ++# Key usage: this is typical for a CA certificate. However since it will ++# prevent it being used as an test self-signed certificate it is best ++# left out by default. ++# keyUsage = cRLSign, keyCertSign ++ ++# Include email address in subject alt name: another PKIX recommendation ++# subjectAltName=email:copy ++# Copy issuer details ++# issuerAltName=issuer:copy ++ ++# DER hex encoding of an extension: beware experts only! ++# obj=DER:02:03 ++# Where 'obj' is a standard or added object ++# You can even override a supported extension: ++# basicConstraints= critical, DER:30:03:01:01:FF ++ ++[ crl_ext ] ++ ++# CRL extensions. ++# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. ++ ++# issuerAltName=issuer:copy ++authorityKeyIdentifier=keyid:always ++ ++[ proxy_cert_ext ] ++# These extensions should be added when creating a proxy certificate ++ ++# This goes against PKIX guidelines but some CAs do it and some software ++# requires this to avoid interpreting an end user certificate as a CA. ++ ++basicConstraints=CA:FALSE ++ ++# This is typical in keyUsage for a client certificate. ++# keyUsage = nonRepudiation, digitalSignature, keyEncipherment ++ ++# PKIX recommendations harmless if included in all certificates. ++subjectKeyIdentifier=hash ++authorityKeyIdentifier=keyid,issuer ++ ++# This stuff is for subjectAltName and issuerAltname. ++# Import the email address. ++# subjectAltName=email:copy ++# An alternative to produce certificates that aren't ++# deprecated according to PKIX. ++# subjectAltName=email:move ++ ++# Copy subject details ++# issuerAltName=issuer:copy ++ ++# This really needs to be in place for it to be a proxy certificate. ++proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo ++ ++#################################################################### ++[ tsa ] ++ ++default_tsa = tsa_config1 # the default TSA section ++ ++[ tsa_config1 ] ++ ++# These are used by the TSA reply generation only. ++dir = /etc/pki/CA # TSA root directory ++serial = $dir/tsaserial # The current serial number (mandatory) ++crypto_device = builtin # OpenSSL engine to use for signing ++signer_cert = $dir/tsacert.pem # The TSA signing certificate ++ # (optional) ++certs = $dir/cacert.pem # Certificate chain to include in reply ++ # (optional) ++signer_key = $dir/private/tsakey.pem # The TSA private key (optional) ++signer_digest = sha256 # Signing digest to use. (Optional) ++default_policy = tsa_policy1 # Policy if request did not specify it ++ # (optional) ++other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) ++digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) ++accuracy = secs:1, millisecs:500, microsecs:100 # (optional) ++clock_precision_digits = 0 # number of digits after dot. (optional) ++ordering = yes # Is ordering defined for timestamps? ++ # (optional, default: no) ++tsa_name = yes # Must the TSA name be included in the reply? ++ # (optional, default: no) ++ess_cert_id_chain = no # Must the ESS cert id chain be included? ++ # (optional, default: no) ++ess_cert_id_alg = sha256 # algorithm to compute certificate ++ # identifier (optional, default: sha256) ++ ++[insta] # CMP using Insta Demo CA ++# Message transfer ++server = pki.certificate.fi:8700 ++# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 ++# tls_use = 0 ++path = pkix/ ++ ++# Server authentication ++recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer ++ignore_keyusage = 1 # potentially needed quirk ++unprotected_errors = 1 # potentially needed quirk ++extracertsout = insta.extracerts.pem ++ ++# Client authentication ++ref = 3078 # user identification ++secret = pass:insta # can be used for both client and server side ++ ++# Generic message options ++cmd = ir # default operation, can be overridden on cmd line with, e.g., kur ++ ++# Certificate enrollment ++subject = "/CN=openssl-cmp-test" ++newkey = insta.priv.pem ++out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature ++certout = insta.cert.pem ++ ++[pbm] # Password-based protection for Insta CA ++# Server and client authentication ++ref = $insta::ref # 3078 ++secret = $insta::secret # pass:insta ++ ++[signature] # Signature-based protection for Insta CA ++# Server authentication ++trusted = $insta::out_trusted # apps/insta.ca.crt ++ ++# Client authentication ++secret = # disable PBM ++key = $insta::newkey # insta.priv.pem ++cert = $insta::certout # insta.cert.pem ++ ++[ir] ++cmd = ir ++ ++[cr] ++cmd = cr ++ ++[kur] ++# Certificate update ++cmd = kur ++oldcert = $insta::certout # insta.cert.pem ++ ++[rr] ++# Certificate revocation ++cmd = rr ++oldcert = $insta::certout # insta.cert.pem +-- +2.49.0 + diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch deleted file mode 100644 index 83ed599..0000000 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:03:40 +0200 -Subject: Use more general default values in openssl.cnf - -Also set sha256 as default hash, although that should not be -necessary anymore. - -(was openssl-1.1.1-defaults.patch) ---- - apps/openssl.cnf | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 97567a67be..eb25a0ac48 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options - - default_days = 365 # how long to certify for - default_crl_days= 30 # how long before next CRL --default_md = default # use public key default MD -+default_md = sha256 # use SHA-256 by default - preserve = no # keep passed DN ordering - - # A few difference way of specifying how similar the request should look -@@ -136,6 +136,7 @@ emailAddress = optional - #################################################################### - [ req ] - default_bits = 2048 -+default_md = sha256 - default_keyfile = privkey.pem - distinguished_name = req_distinguished_name - attributes = req_attributes -@@ -158,17 +159,18 @@ string_mask = utf8only - - [ req_distinguished_name ] - countryName = Country Name (2 letter code) --countryName_default = AU -+countryName_default = XX - countryName_min = 2 - countryName_max = 2 - - stateOrProvinceName = State or Province Name (full name) --stateOrProvinceName_default = Some-State -+#stateOrProvinceName_default = Default Province - - localityName = Locality Name (eg, city) -+localityName_default = Default City - - 0.organizationName = Organization Name (eg, company) --0.organizationName_default = Internet Widgits Pty Ltd -+0.organizationName_default = Default Company Ltd - - # we can do this but it is not needed normally :-) - #1.organizationName = Second Organization Name (eg, company) -@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) - organizationalUnitName = Organizational Unit Name (eg, section) - #organizationalUnitName_default = - --commonName = Common Name (e.g. server FQDN or YOUR name) -+commonName = Common Name (eg, your name or your server\'s hostname) - commonName_max = 64 - - emailAddress = Email Address --- -2.26.2 - diff --git a/0003-Do-not-install-html-docs.patch b/0003-RH-Do-not-install-html-docs.patch similarity index 69% rename from 0003-Do-not-install-html-docs.patch rename to 0003-RH-Do-not-install-html-docs.patch index 6be6e68..52ebff1 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-RH-Do-not-install-html-docs.patch @@ -1,22 +1,22 @@ -From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001 +From 786b3456ad2d3d37e9729b83d0ddce8794060fb1 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Thu, 19 Oct 2023 13:12:39 +0200 -Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 03/50] RH: Do not install html docs Patch-name: 0003-Do-not-install-html-docs.patch Patch-id: 3 Patch-status: | # # Do not install html docs -From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- Configurations/unix-Makefile.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index a48fae5fb8..56b42926e7 100644 +index e85763ccf8..8a829be037 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime +@@ -658,7 +658,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev ## Uninstall the software and libraries @@ -26,5 +26,5 @@ index a48fae5fb8..56b42926e7 100644 uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation $(RM) -r "$(DESTDIR)$(DOCDIR)" -- -2.41.0 +2.49.0 diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch deleted file mode 100644 index 9ba7947..0000000 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:27 +0200 -Subject: [PATCH 04/35] - 0004-Override-default-paths-for-the-CA-directory-tree.patch - -Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch -Patch-id: 4 -Patch-status: | - # Override default paths for the CA directory tree -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - apps/CA.pl.in | 2 +- - apps/openssl.cnf | 20 ++++++++++++++++++-- - 2 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index c0afb96716..d6a5fabd16 100644 ---- a/apps/CA.pl.in -+++ b/apps/CA.pl.in -@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; - my $PKCS12 = "$openssl pkcs12"; - - # Default values for various configuration settings. --my $CATOP = "./demoCA"; -+my $CATOP = "/etc/pki/CA"; - my $CAKEY = "cakey.pem"; - my $CAREQ = "careq.pem"; - my $CACERT = "cacert.pem"; -diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf ---- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 -+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 -@@ -53,6 +53,13 @@ tsa_policy3 = 1.2.3.4.5.7 - - [openssl_init] - providers = provider_sect -+# Load default TLS policy configuration -+ssl_conf = ssl_module -+alg_section = evp_properties -+ -+[ evp_properties ] -+#This section is intentionally added empty here -+#to be tuned on particular systems - - # List of providers to load - [provider_sect] -@@ -64,6 +66,13 @@ default = default_sect - [default_sect] - # activate = 1 - -+[ ssl_module ] -+ -+system_default = crypto_policy -+ -+[ crypto_policy ] -+ -+.include = /etc/crypto-policies/back-ends/opensslcnf.config - - #################################################################### - [ ca ] -@@ -72,7 +81,7 @@ default_ca = CA_default # The default c - #################################################################### - [ CA_default ] - --dir = ./demoCA # Where everything is kept -+dir = /etc/pki/CA # Where everything is kept - certs = $dir/certs # Where the issued certs are kept - crl_dir = $dir/crl # Where the issued crl are kept - database = $dir/index.txt # database index file. -@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default - [ tsa_config1 ] - - # These are used by the TSA reply generation only. --dir = ./demoCA # TSA root directory -+dir = /etc/pki/CA # TSA root directory - serial = $dir/tsaserial # The current serial number (mandatory) - crypto_device = builtin # OpenSSL engine to use for signing - signer_cert = $dir/tsacert.pem # The TSA signing certificate diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch similarity index 53% rename from 0005-apps-ca-fix-md-option-help-text.patch rename to 0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch index 1fed4c4..f0c1852 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch @@ -1,20 +1,22 @@ -From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:27:18 +0200 -Subject: apps/ca: fix md option help text +From 9e410805cbd962214f0c0db785320f5fd594ea75 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 04/50] RH: apps ca fix md option help text.patch - DROP? -upstreamable - -(was openssl-1.1.1-apps-dgst.patch) +Patch-name: 0005-apps-ca-fix-md-option-help-text.patch +Patch-id: 5 +Patch-status: | + # # apps/ca: fix md option help text +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- apps/ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c -index 0f21b4fa1c..3d4b2c1673 100755 +index 6d1d1c0a6e..a7553ba609 100644 --- a/apps/ca.c +++ b/apps/ca.c -@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { +@@ -216,7 +216,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, OPT_SECTION("Signing"), @@ -24,5 +26,5 @@ index 0f21b4fa1c..3d4b2c1673 100755 {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, -- -2.26.2 +2.49.0 diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch similarity index 54% rename from 0006-Disable-signature-verification-with-totally-unsafe-h.patch rename to 0005-RH-Disable-signature-verification-with-bad-digests-R.patch index f9dd2dd..ac6b340 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch @@ -1,18 +1,23 @@ -From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:51:34 +0200 -Subject: Disable signature verification with totally unsafe hash algorithms +From fc8b2977d0b92f5a2e62131e398857ee431bff6e Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 05/50] RH: Disable signature verification with bad digests - + REVIEW -(was openssl-1.1.1-no-weak-verify.patch) +Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +Patch-id: 6 +Patch-status: | + # # Disable signature verification with totally unsafe hash algorithms +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/asn1/a_verify.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c -index b7eed914b0..af62f0ef08 100644 +index f6cac80962..fbc6ce6e30 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c -@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, +@@ -151,6 +151,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) goto err; @@ -25,5 +30,5 @@ index b7eed914b0..af62f0ef08 100644 const EVP_MD *type = NULL; -- -2.26.2 +2.49.0 diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch similarity index 87% rename from 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch rename to 0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch index 83d5c23..12a7dfc 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch @@ -1,8 +1,8 @@ -From 8be4ef77c64fcada41041c00e02c34b07658ba66 Mon Sep 17 00:00:00 2001 +From e4f78101181c2a16343c0f281d218fde34b84637 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 07/49] - 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +Subject: [PATCH 06/50] RH: Add support for PROFILE SYSTEM system default + cipher Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Patch-id: 7 @@ -14,16 +14,16 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce Configure | 11 +++- doc/man1/openssl-ciphers.pod.in | 9 ++++ include/openssl/ssl.h.in | 5 ++ - ssl/ssl_ciph.c | 86 +++++++++++++++++++++++++++---- + ssl/ssl_ciph.c | 83 +++++++++++++++++++++++++++---- ssl/ssl_lib.c | 4 +- test/cipherlist_test.c | 2 + - 7 files changed, 109 insertions(+), 13 deletions(-) + 7 files changed, 105 insertions(+), 14 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 5d61ce9550..e9fba957f1 100644 +index 8a829be037..ba1266659a 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man +@@ -344,6 +344,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -34,7 +34,7 @@ index 5d61ce9550..e9fba957f1 100644 # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -347,6 +351,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} +@@ -367,6 +371,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CPPFLAGS={- our $cppflags1 = join(" ", (map { "-D".$_} @{$config{CPPDEFINES}}), @@ -43,7 +43,7 @@ index 5d61ce9550..e9fba957f1 100644 @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} diff --git a/Configure b/Configure -index cca1ac8d16..2ae1cd0bc2 100755 +index 15054f9403..7945d6b750 100755 --- a/Configure +++ b/Configure @@ -27,7 +27,7 @@ use OpenSSL::config; @@ -66,7 +66,7 @@ index cca1ac8d16..2ae1cd0bc2 100755 # --banner=".." Output specified text instead of default completion banner # # -w Don't wait after showing a Configure warning -@@ -394,6 +398,7 @@ $config{prefix}=""; +@@ -408,6 +412,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -74,7 +74,7 @@ index cca1ac8d16..2ae1cd0bc2 100755 my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -1047,6 +1052,10 @@ while (@argvcopy) +@@ -1104,6 +1109,10 @@ while (@argvcopy) die "FIPS key too long (64 bytes max)\n" if length $1 > 64; } @@ -86,17 +86,17 @@ index cca1ac8d16..2ae1cd0bc2 100755 { $banner = $1 . "\n"; diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in -index d4df30686f..cec4835268 100644 +index 69195bcdcb..a6e0ede570 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in -@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. +@@ -189,6 +189,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. The cipher suites not enabled by B, currently B. +=item B + +The list of enabled cipher suites will be loaded from the system crypto policy -+configuration file B. ++configuration file B. +See also L. +This is the default behavior unless an application explicitly sets a cipher +list. If used in a cipher list configuration value this string must be at the @@ -106,7 +106,7 @@ index d4df30686f..cec4835268 100644 "High" encryption cipher suites. This currently means those with key lengths diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index 9f91039f8a..fc34d4ca61 100644 +index b342079968..0b2232b01c 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -209,6 +209,11 @@ extern "C" { @@ -122,10 +122,18 @@ index 9f91039f8a..fc34d4ca61 100644 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 8360991ce4..33c23efb0d 100644 +index 6127cb7a4b..19420d6c6a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1455,6 +1455,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str) +@@ -9,6 +9,7 @@ + * https://www.openssl.org/source/license.html + */ + ++#define _GNU_SOURCE + #include + #include + #include +@@ -1421,6 +1422,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -175,7 +183,7 @@ index 8360991ce4..33c23efb0d 100644 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1435,15 +1479,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -203,7 +211,7 @@ index 8360991ce4..33c23efb0d 100644 /* * To reduce the work to do we only want to process the compiled -@@ -1499,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1465,7 +1519,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, if (num_of_ciphers > 0) { co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) @@ -212,7 +220,7 @@ index 8360991ce4..33c23efb0d 100644 } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1531,8 +1585,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -222,7 +230,7 @@ index 8360991ce4..33c23efb0d 100644 } /* -@@ -1611,8 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1576,8 +1629,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -232,7 +240,7 @@ index 8360991ce4..33c23efb0d 100644 } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1637,8 +1693,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1603,8 +1655,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -242,7 +250,7 @@ index 8360991ce4..33c23efb0d 100644 } /* -@@ -1646,10 +1701,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1612,10 +1663,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -258,7 +266,7 @@ index 8360991ce4..33c23efb0d 100644 /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1701,6 +1759,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1667,6 +1721,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -269,15 +277,14 @@ index 8360991ce4..33c23efb0d 100644 + OPENSSL_free(new_rules); +#endif + return NULL; -+ } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index cf59d2dfa5..1329841aaf 100644 +index 4c7b62e142..7af3f29cd8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -700,7 +700,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +@@ -679,7 +679,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -286,7 +293,7 @@ index cf59d2dfa5..1329841aaf 100644 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3966,7 +3966,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +@@ -4099,7 +4099,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -310,5 +317,5 @@ index c46e431b00..19d05e860b 100644 ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_stdname_cipherlist); -- -2.44.0 +2.49.0 diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0007-RH-Add-FIPS_mode-compatibility-macro.patch similarity index 81% rename from 0008-Add-FIPS_mode-compatibility-macro.patch rename to 0007-RH-Add-FIPS_mode-compatibility-macro.patch index c05aa79..cc5fe88 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0007-RH-Add-FIPS_mode-compatibility-macro.patch @@ -1,13 +1,13 @@ -From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001 +From 6778626185fb566b9b89f548ff18f481c10ce808 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:27 +0200 -Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 07/50] RH: Add FIPS_mode compatibility macro Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch Patch-id: 8 Patch-status: | - # Add FIPS_mode() compatibility macro -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Add FIPS_mode() compatibility macro +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- include/openssl/fips.h | 26 ++++++++++++++++++++++++++ test/property_test.c | 14 ++++++++++++++ @@ -47,10 +47,10 @@ index 0000000000..4162cbf88e +# endif +#endif diff --git a/test/property_test.c b/test/property_test.c -index 45b1db3e85..8894c1c1cb 100644 +index 18f8cc8740..6864b1a3c1 100644 --- a/test/property_test.c +++ b/test/property_test.c -@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i) +@@ -687,6 +687,19 @@ static int test_property_list_to_string(int i) return ret; } @@ -70,7 +70,7 @@ index 45b1db3e85..8894c1c1cb 100644 int setup_tests(void) { ADD_TEST(test_property_string); -@@ -690,6 +703,7 @@ int setup_tests(void) +@@ -700,6 +713,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); @@ -79,5 +79,5 @@ index 45b1db3e85..8894c1c1cb 100644 return 1; } -- -2.41.0 +2.49.0 diff --git a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch new file mode 100644 index 0000000..aaebff7 --- /dev/null +++ b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch @@ -0,0 +1,92 @@ +From 9df43c7443d85c5685f87c132de448a7c4e652b5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 08/50] RH: Add Kernel FIPS mode flag support - FIXSTYLE + +Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch +Patch-id: 9 +Patch-status: | + # # Add check to see if fips flag is enabled in kernel +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/context.c | 35 +++++++++++++++++++++++++++++++++++ + include/internal/provider.h | 3 +++ + 2 files changed, 38 insertions(+) + +diff --git a/crypto/context.c b/crypto/context.c +index f15bc3d755..614c8a2c88 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -7,6 +7,7 @@ + * https://www.openssl.org/source/license.html + */ + ++#define _GNU_SOURCE /* needed for secure_getenv */ + #include "crypto/cryptlib.h" + #include + #include +@@ -19,6 +20,38 @@ + #include "crypto/decoder.h" + #include "crypto/context.h" + ++# include ++# include ++# include ++# include ++# include ++ ++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" ++ ++static int kernel_fips_flag; ++ ++static void read_kernel_fips_flag(void) ++{ ++ char buf[2] = "0"; ++ int fd; ++ ++ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ buf[0] = '1'; ++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { ++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; ++ close(fd); ++ } ++ ++ if (buf[0] == '1') { ++ kernel_fips_flag = 1; ++ } ++} ++ ++int ossl_get_kernel_fips_flag() ++{ ++ return kernel_fips_flag; ++} ++ + struct ossl_lib_ctx_st { + CRYPTO_RWLOCK *lock; + OSSL_EX_DATA_GLOBAL global; +@@ -393,6 +426,8 @@ static int default_context_inited = 0; + + DEFINE_RUN_ONCE_STATIC(default_context_do_init) + { ++ read_kernel_fips_flag(); ++ + if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) + goto err; + +diff --git a/include/internal/provider.h b/include/internal/provider.h +index 6909a1919c..9d2e355251 100644 +--- a/include/internal/provider.h ++++ b/include/internal/provider.h +@@ -111,6 +111,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, + const OSSL_DISPATCH *in); + void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + ++/* FIPS flag access */ ++int ossl_get_kernel_fips_flag(void); ++ + # ifdef __cplusplus + } + # endif +-- +2.49.0 + diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch deleted file mode 100644 index 0848473..0000000 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ /dev/null @@ -1,86 +0,0 @@ -From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:27 +0200 -Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch - -Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch -Patch-id: 9 -Patch-status: | - # Add check to see if fips flag is enabled in kernel -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++ - include/internal/provider.h | 3 +++ - 2 files changed, 39 insertions(+) - -diff --git a/crypto/context.c b/crypto/context.c -index e294ea1512..51002ba79a 100644 ---- a/crypto/context.c -+++ b/crypto/context.c -@@ -16,6 +16,41 @@ - #include "crypto/decoder.h" - #include "crypto/context.h" - -+# include -+# include -+# include -+# include -+# include -+ -+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" -+ -+static int kernel_fips_flag; -+ -+static void read_kernel_fips_flag(void) -+{ -+ char buf[2] = "0"; -+ int fd; -+ -+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { -+ buf[0] = '1'; -+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { -+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; -+ close(fd); -+ } -+ -+ if (buf[0] == '1') { -+ kernel_fips_flag = 1; -+ } -+ -+ return; -+} -+ -+int ossl_get_kernel_fips_flag() -+{ -+ return kernel_fips_flag; -+} -+ -+ - struct ossl_lib_ctx_st { - CRYPTO_RWLOCK *lock, *rand_crngt_lock; - OSSL_EX_DATA_GLOBAL global; -@@ -336,6 +371,7 @@ static int default_context_inited = 0; - - DEFINE_RUN_ONCE_STATIC(default_context_do_init) - { -+ read_kernel_fips_flag(); - if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) - goto err; - -diff --git a/include/internal/provider.h b/include/internal/provider.h -index 18937f84c7..1446bf7afb 100644 ---- a/include/internal/provider.h -+++ b/include/internal/provider.h -@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_DISPATCH *in); - void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); - -+/* FIPS flag access */ -+int ossl_get_kernel_fips_flag(void); -+ - # ifdef __cplusplus - } - # endif --- -2.41.0 - diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch similarity index 80% rename from 0010-Add-changes-to-ectest-and-eccurve.patch rename to 0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch index 63a2ca2..9fd2610 100644 --- a/0010-Add-changes-to-ectest-and-eccurve.patch +++ b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch @@ -1,21 +1,74 @@ -From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001 +From f9d74e58291461804defa0e2de9635aad76e5d57 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:27 +0200 -Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 09/50] RH: Drop weak curve definitions - RENAMED/SQUASHED Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch Patch-id: 10 Patch-status: | - # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so - # that new modifications made to these files by upstream are not lost. -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - crypto/ec/ec_curve.c | 844 ------------------------------------------- - test/ectest.c | 174 +-------- - 2 files changed, 8 insertions(+), 1010 deletions(-) + # # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so + # # that new modifications made to these files by upstream are not lost. +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +commit #2: +Patch-name: 0011-Remove-EC-curves.patch +Patch-id: 11 +Patch-status: | + # # remove unsupported EC curves +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + apps/speed.c | 8 +- + crypto/ec/ec_curve.c | 844 ------------------ + crypto/evp/ec_support.c | 87 -- + test/acvp_test.inc | 9 - + test/ecdsatest.h | 17 - + test/ectest.c | 174 +--- + test/recipes/15-test_genec.t | 27 - + test/recipes/30-test_evp_data/evppkey_ecc.txt | 1 + + 8 files changed, 10 insertions(+), 1157 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index f52f2c839d..1edf9b8485 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -405,7 +405,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ + #endif /* OPENSSL_NO_DH */ + + enum ec_curves_t { +- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, ++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, + #ifndef OPENSSL_NO_EC2M + R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, + R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +@@ -415,8 +415,6 @@ enum ec_curves_t { + }; + /* list of ecdsa curves */ + static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, +@@ -449,8 +447,6 @@ enum { + }; + /* list of ecdh curves, extension of |ecdsa_choices| list above */ + static const OPT_PAIR ecdh_choices[EC_NUM] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, +@@ -1966,8 +1962,6 @@ int speed_main(int argc, char **argv) + */ + static const EC_CURVE ec_curves[EC_NUM] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c -index b5b2f3342d..d32a768fe6 100644 +index f46aac5d33..8c5ba5b839 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -30,38 +30,6 @@ typedef struct { @@ -244,8 +297,8 @@ index b5b2f3342d..d32a768fe6 100644 - static const struct { EC_CURVE_DATA h; - unsigned char data[20 + 32 * 6]; -@@ -421,294 +208,6 @@ static const struct { + unsigned char data[20 + 32 * 8]; +@@ -429,294 +216,6 @@ static const struct { #ifndef FIPS_MODULE /* the secg prime curves (minus the nist and x9.62 prime curves) */ @@ -540,7 +593,7 @@ index b5b2f3342d..d32a768fe6 100644 static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; -@@ -745,102 +244,6 @@ static const struct { +@@ -753,102 +252,6 @@ static const struct { } }; @@ -643,7 +696,7 @@ index b5b2f3342d..d32a768fe6 100644 #endif /* FIPS_MODULE */ #ifndef OPENSSL_NO_EC2M -@@ -2236,198 +1639,6 @@ static const struct { +@@ -2244,198 +1647,6 @@ static const struct { */ #ifndef FIPS_MODULE @@ -842,7 +895,7 @@ index b5b2f3342d..d32a768fe6 100644 static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; -@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = { +@@ -2864,8 +2075,6 @@ static const ec_list_element curve_list[] = { "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ @@ -851,7 +904,7 @@ index b5b2f3342d..d32a768fe6 100644 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, # if defined(ECP_NISTZ256_ASM) EC_GFp_nistz256_method, -@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = { +@@ -2909,25 +2118,6 @@ static const ec_list_element curve_list[] = { static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ @@ -877,7 +930,7 @@ index b5b2f3342d..d32a768fe6 100644 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field"}, -@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = { +@@ -2957,18 +2147,6 @@ static const ec_list_element curve_list[] = { # endif "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ @@ -896,7 +949,7 @@ index b5b2f3342d..d32a768fe6 100644 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, # if defined(ECP_NISTZ256_ASM) EC_GFp_nistz256_method, -@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = { +@@ -3065,22 +2243,12 @@ static const ec_list_element curve_list[] = { {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"}, # endif @@ -919,7 +972,7 @@ index b5b2f3342d..d32a768fe6 100644 # ifndef OPENSSL_NO_EC2M /* IPSec curves */ {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, -@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = { +@@ -3091,18 +2259,6 @@ static const ec_list_element curve_list[] = { "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, # endif /* brainpool curves */ @@ -938,8 +991,177 @@ index b5b2f3342d..d32a768fe6 100644 {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, +diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c +index 1ec10143d2..82b95294b4 100644 +--- a/crypto/evp/ec_support.c ++++ b/crypto/evp/ec_support.c +@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp112r1", NID_secp112r1 }, +- {"secp112r2", NID_secp112r2 }, +- {"secp128r1", NID_secp128r1 }, +- {"secp128r2", NID_secp128r2 }, +- {"secp160k1", NID_secp160k1 }, +- {"secp160r1", NID_secp160r1 }, +- {"secp160r2", NID_secp160r2 }, +- {"secp192k1", NID_secp192k1 }, +- {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, + {"secp521r1", NID_secp521r1 }, + /* X9.62 curves */ +- {"prime192v1", NID_X9_62_prime192v1 }, +- {"prime192v2", NID_X9_62_prime192v2 }, +- {"prime192v3", NID_X9_62_prime192v3 }, +- {"prime239v1", NID_X9_62_prime239v1 }, +- {"prime239v2", NID_X9_62_prime239v2 }, +- {"prime239v3", NID_X9_62_prime239v3 }, + {"prime256v1", NID_X9_62_prime256v1 }, + /* characteristic two field curves */ + /* NIST/SECG curves */ +- {"sect113r1", NID_sect113r1 }, +- {"sect113r2", NID_sect113r2 }, +- {"sect131r1", NID_sect131r1 }, +- {"sect131r2", NID_sect131r2 }, +- {"sect163k1", NID_sect163k1 }, +- {"sect163r1", NID_sect163r1 }, +- {"sect163r2", NID_sect163r2 }, +- {"sect193r1", NID_sect193r1 }, +- {"sect193r2", NID_sect193r2 }, +- {"sect233k1", NID_sect233k1 }, +- {"sect233r1", NID_sect233r1 }, +- {"sect239k1", NID_sect239k1 }, +- {"sect283k1", NID_sect283k1 }, +- {"sect283r1", NID_sect283r1 }, +- {"sect409k1", NID_sect409k1 }, +- {"sect409r1", NID_sect409r1 }, +- {"sect571k1", NID_sect571k1 }, +- {"sect571r1", NID_sect571r1 }, +- /* X9.62 curves */ +- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, +- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, +- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, +- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, +- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, +- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, +- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, +- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, +- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, +- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, +- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, +- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, +- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, +- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, +- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, +- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, +- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, +- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, +- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, +- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, +- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, +- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, +- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, +- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, +- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, +- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, +- /* IPSec curves */ +- {"Oakley-EC2N-3", NID_ipsec3 }, +- {"Oakley-EC2N-4", NID_ipsec4 }, + /* brainpool curves */ +- {"brainpoolP160r1", NID_brainpoolP160r1 }, +- {"brainpoolP160t1", NID_brainpoolP160t1 }, +- {"brainpoolP192r1", NID_brainpoolP192r1 }, +- {"brainpoolP192t1", NID_brainpoolP192t1 }, +- {"brainpoolP224r1", NID_brainpoolP224r1 }, +- {"brainpoolP224t1", NID_brainpoolP224t1 }, + {"brainpoolP256r1", NID_brainpoolP256r1 }, + {"brainpoolP256t1", NID_brainpoolP256t1 }, + {"brainpoolP320r1", NID_brainpoolP320r1 }, +@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = { + {"brainpoolP384t1", NID_brainpoolP384t1 }, + {"brainpoolP512r1", NID_brainpoolP512r1 }, + {"brainpoolP512t1", NID_brainpoolP512t1 }, +- /* SM2 curve */ +- {"SM2", NID_sm2 }, + }; + + const char *OSSL_EC_curve_nid2name(int nid) +@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name) + /* Functions to translate between common NIST curve names and NIDs */ + + static const EC_NAME2NID nist_curves[] = { +- {"B-163", NID_sect163r2}, +- {"B-233", NID_sect233r1}, +- {"B-283", NID_sect283r1}, +- {"B-409", NID_sect409r1}, +- {"B-571", NID_sect571r1}, +- {"K-163", NID_sect163k1}, +- {"K-233", NID_sect233k1}, +- {"K-283", NID_sect283k1}, +- {"K-409", NID_sect409k1}, +- {"K-571", NID_sect571k1}, +- {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index 67787f3740..97ec1ff3e5 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -217,15 +217,6 @@ static const unsigned char ecdsa_sigver_s1[] = { + 0xB1, 0xAC, + }; + static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { +- { +- "SHA-1", +- "P-192", +- ITM(ecdsa_sigver_msg0), +- ITM(ecdsa_sigver_pub0), +- ITM(ecdsa_sigver_r0), +- ITM(ecdsa_sigver_s0), +- PASS, +- }, + { + "SHA2-512", + "P-521", +diff --git a/test/ecdsatest.h b/test/ecdsatest.h +index 63fe319025..06b5c0aac5 100644 +--- a/test/ecdsatest.h ++++ b/test/ecdsatest.h +@@ -32,23 +32,6 @@ typedef struct { + } ecdsa_cavs_kat_t; + + static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { +- /* prime KATs from X9.62 */ +- {NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, +- {NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + /* prime KATs from NIST CAVP */ + {NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" diff --git a/test/ectest.c b/test/ectest.c -index afef85b0e6..4890b0555e 100644 +index 70df89ee2f..0ddbba3b98 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -175,184 +175,26 @@ static int prime_field_tests(void) @@ -1134,7 +1356,7 @@ index afef85b0e6..4890b0555e 100644 "FFFFFFFF000000000000000000000001")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" -@@ -3015,7 +2857,7 @@ int setup_tests(void) +@@ -3128,7 +2970,7 @@ int setup_tests(void) ADD_TEST(parameter_test); ADD_TEST(ossl_parameter_test); @@ -1143,6 +1365,65 @@ index afef85b0e6..4890b0555e 100644 ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); #ifndef OPENSSL_NO_EC2M +diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t +index 4d5090fa39..0a90a602d8 100644 +--- a/test/recipes/15-test_genec.t ++++ b/test/recipes/15-test_genec.t +@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build" + if disabled("ec"); + + my @prime_curves = qw( +- secp112r1 +- secp112r2 +- secp128r1 +- secp128r2 +- secp160k1 +- secp160r1 +- secp160r2 +- secp192k1 +- secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 +- prime192v1 +- prime192v2 +- prime192v3 +- prime239v1 +- prime239v2 +- prime239v3 + prime256v1 +- wap-wsg-idm-ecid-wtls6 +- wap-wsg-idm-ecid-wtls7 +- wap-wsg-idm-ecid-wtls8 +- wap-wsg-idm-ecid-wtls9 +- wap-wsg-idm-ecid-wtls12 +- brainpoolP160r1 +- brainpoolP160t1 +- brainpoolP192r1 +- brainpoolP192t1 +- brainpoolP224r1 +- brainpoolP224t1 + brainpoolP256r1 + brainpoolP256t1 + brainpoolP320r1 +@@ -136,7 +110,6 @@ push(@other_curves, 'SM2') + if !disabled("sm2"); + + my @curve_aliases = qw( +- P-192 + P-224 + P-256 + P-384 +diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt +index e6a2c9eb59..861c01e177 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecc.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt +@@ -4561,3 +4561,4 @@ KeyName = ec3 + Ctrl = group:P-192 + Unapproved = 1 + Ctrl = key-check:0 ++Result = KEYGEN_GENERATE_ERROR -- -2.41.0 +2.49.0 diff --git a/0012-Disable-explicit-ec.patch b/0010-RH-Disable-explicit-ec-curves.patch similarity index 86% rename from 0012-Disable-explicit-ec.patch rename to 0010-RH-Disable-explicit-ec-curves.patch index 9b86309..527503c 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0010-RH-Disable-explicit-ec-curves.patch @@ -1,14 +1,14 @@ -From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001 +From 325f426bdeb49dd36868e009e99abb641300af96 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 10/50] RH: Disable explicit ec curves Patch-name: 0012-Disable-explicit-ec.patch Patch-id: 12 Patch-status: | - # Disable explicit EC curves - # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Disable explicit EC curves + # # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/ec/ec_asn1.c | 11 ++++++++++ crypto/ec/ec_lib.c | 6 +++++ @@ -18,10 +18,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd 5 files changed, 39 insertions(+), 32 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c -index 7a0b35a594..d19d57344e 100644 +index 643d2d8d7b..5895606176 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c -@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) +@@ -901,6 +901,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -34,7 +34,7 @@ index 7a0b35a594..d19d57344e 100644 if (a) { EC_GROUP_free(*a); *a = group; -@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) +@@ -960,6 +966,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } @@ -47,10 +47,10 @@ index 7a0b35a594..d19d57344e 100644 if (priv_key->privateKey) { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index a84e088c19..6c37bf78ae 100644 +index b55677fb1f..dcfdef408e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c -@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } if (named_group == group) { @@ -62,7 +62,7 @@ index a84e088c19..6c37bf78ae 100644 /* * If we did not find a named group then the encoding should be explicit * if it was specified -@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); @@ -71,10 +71,10 @@ index a84e088c19..6c37bf78ae 100644 EC_GROUP_free(group); group = named_group; diff --git a/test/ectest.c b/test/ectest.c -index 4890b0555e..e11aec5b3b 100644 +index 0ddbba3b98..f736d13feb 100644 --- a/test/ectest.c +++ b/test/ectest.c -@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, +@@ -2413,10 +2413,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) @@ -88,7 +88,7 @@ index 4890b0555e..e11aec5b3b 100644 /*- Check that all the set values are retrievable -*/ /* There should be no match to a group name since the generator changed */ -@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, +@@ -2545,6 +2546,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, #endif ) goto err; @@ -96,7 +96,7 @@ index 4890b0555e..e11aec5b3b 100644 ret = 1; err: BN_free(order_out); -@@ -2714,21 +2716,21 @@ static int custom_params_test(int id) +@@ -2826,21 +2828,21 @@ static int custom_params_test(int id) /* Compute keyexchange in both directions */ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) @@ -125,7 +125,7 @@ index 4890b0555e..e11aec5b3b 100644 /* Both sides should expect the same shared secret */ if (!TEST_mem_eq(buf1, sslen, buf2, t)) goto err; -@@ -2780,7 +2782,7 @@ static int custom_params_test(int id) +@@ -2892,7 +2894,7 @@ static int custom_params_test(int id) /* compare with previous result */ || !TEST_mem_eq(buf1, t, buf2, sslen)) goto err; @@ -135,10 +135,10 @@ index 4890b0555e..e11aec5b3b 100644 err: diff --git a/test/endecode_test.c b/test/endecode_test.c -index 14648287eb..9a437d8c64 100644 +index 028deb4ed1..85c84f6592 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL; +@@ -63,7 +63,7 @@ static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; static OSSL_PARAM_BLD *bld_prime = NULL; static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; @@ -147,7 +147,7 @@ index 14648287eb..9a437d8c64 100644 # ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; -@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") +@@ -1027,9 +1027,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") @@ -160,7 +160,7 @@ index 14648287eb..9a437d8c64 100644 # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) -@@ -1352,7 +1352,7 @@ int setup_tests(void) +@@ -1445,7 +1445,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) @@ -169,7 +169,7 @@ index 14648287eb..9a437d8c64 100644 # ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) -@@ -1380,7 +1380,7 @@ int setup_tests(void) +@@ -1473,7 +1473,7 @@ int setup_tests(void) TEST_info("Generating EC keys..."); MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); @@ -178,7 +178,7 @@ index 14648287eb..9a437d8c64 100644 # ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -@@ -1423,8 +1423,8 @@ int setup_tests(void) +@@ -1553,8 +1553,8 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(EC); ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); @@ -189,7 +189,7 @@ index 14648287eb..9a437d8c64 100644 # ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); -@@ -1461,7 +1461,7 @@ void cleanup_tests(void) +@@ -1631,7 +1631,7 @@ void cleanup_tests(void) { #ifndef OPENSSL_NO_EC OSSL_PARAM_free(ec_explicit_prime_params_nc); @@ -198,7 +198,7 @@ index 14648287eb..9a437d8c64 100644 OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); # ifndef OPENSSL_NO_EC2M -@@ -1483,7 +1483,7 @@ void cleanup_tests(void) +@@ -1653,7 +1653,7 @@ void cleanup_tests(void) #ifndef OPENSSL_NO_EC FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); @@ -208,7 +208,7 @@ index 14648287eb..9a437d8c64 100644 FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -index ec3c032aba..584ecee0eb 100644 +index 54b143bead..06ec905be0 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj @@ -231,5 +231,5 @@ index ec3c032aba..584ecee0eb 100644 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K -- -2.41.0 +2.49.0 diff --git a/0011-RH-skipped-tests-EC-curves.patch b/0011-RH-skipped-tests-EC-curves.patch new file mode 100644 index 0000000..b912ddd --- /dev/null +++ b/0011-RH-skipped-tests-EC-curves.patch @@ -0,0 +1,82 @@ +From ec22400267e5accaacb24eec8fd6be5e73f1833d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 11/50] RH: skipped tests EC curves + +Patch-name: 0013-skipped-tests-EC-curves.patch +Patch-id: 13 +Patch-status: | + # # Skipped tests from former 0011-Remove-EC-curves.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + test/recipes/15-test_ec.t | 2 +- + .../30-test_evp_data/evppkey_ecdsa_sigalg.txt | 12 ------------ + test/recipes/65-test_cmp_protect.t | 2 +- + test/recipes/65-test_cmp_vfy.t | 2 +- + 4 files changed, 3 insertions(+), 15 deletions(-) + +diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t +index c953fad9f1..906769a12e 100644 +--- a/test/recipes/15-test_ec.t ++++ b/test/recipes/15-test_ec.t +@@ -94,7 +94,7 @@ SKIP: { + + subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" +- if $no_fips; ++ if 1; #Red Hat specific, original value is $no_fips; + + plan tests => 2; + +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt +index 7c339c272b..0ff482e4e8 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt +@@ -132,18 +132,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj + 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl + -----END PRIVATE KEY----- + +-PrivateKey = EC_EXPLICIT +------BEGIN PRIVATE KEY----- +-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG +-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A +-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk +-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL +-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg +------END PRIVATE KEY----- +- + PrivateKey = B-163 + -----BEGIN PRIVATE KEY----- + MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K +diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t +index 92c91d8b88..294491fff4 100644 +--- a/test/recipes/65-test_cmp_protect.t ++++ b/test/recipes/65-test_cmp_protect.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("prot_RSA.pem"), +diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t +index f722800e27..26a01786bb 100644 +--- a/test/recipes/65-test_cmp_vfy.t ++++ b/test/recipes/65-test_cmp_vfy.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), +-- +2.49.0 + diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch deleted file mode 100644 index 561714e..0000000 --- a/0011-Remove-EC-curves.patch +++ /dev/null @@ -1,279 +0,0 @@ -From 4a275f852b61238161c053774736dc07b3ade200 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 11:46:40 +0200 -Subject: [PATCH 11/48] 0011-Remove-EC-curves.patch - -Patch-name: 0011-Remove-EC-curves.patch -Patch-id: 11 -Patch-status: | - # remove unsupported EC curves ---- - apps/speed.c | 8 +--- - crypto/evp/ec_support.c | 87 ------------------------------------ - test/acvp_test.inc | 9 ---- - test/ecdsatest.h | 17 ------- - test/recipes/15-test_genec.t | 27 ----------- - 5 files changed, 1 insertion(+), 147 deletions(-) - -diff --git a/apps/speed.c b/apps/speed.c -index cace25eda1..d527f12f18 100644 ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ - #endif /* OPENSSL_NO_DH */ - - enum ec_curves_t { -- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, - #ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -@@ -395,8 +395,6 @@ enum ec_curves_t { - }; - /* list of ecdsa curves */ - static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { -- {"ecdsap160", R_EC_P160}, -- {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, -@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { - }; - /* list of ecdh curves, extension of |ecdsa_choices| list above */ - static const OPT_PAIR ecdh_choices[EC_NUM] = { -- {"ecdhp160", R_EC_P160}, -- {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, -@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv) - */ - static const EC_CURVE ec_curves[EC_NUM] = { - /* Prime Curves */ -- {"secp160r1", NID_secp160r1, 160}, -- {"nistp192", NID_X9_62_prime192v1, 192}, - {"nistp224", NID_secp224r1, 224}, - {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, -diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c -index 1ec10143d2..82b95294b4 100644 ---- a/crypto/evp/ec_support.c -+++ b/crypto/evp/ec_support.c -@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { - static const EC_NAME2NID curve_list[] = { - /* prime field curves */ - /* secg curves */ -- {"secp112r1", NID_secp112r1 }, -- {"secp112r2", NID_secp112r2 }, -- {"secp128r1", NID_secp128r1 }, -- {"secp128r2", NID_secp128r2 }, -- {"secp160k1", NID_secp160k1 }, -- {"secp160r1", NID_secp160r1 }, -- {"secp160r2", NID_secp160r2 }, -- {"secp192k1", NID_secp192k1 }, -- {"secp224k1", NID_secp224k1 }, - {"secp224r1", NID_secp224r1 }, - {"secp256k1", NID_secp256k1 }, - {"secp384r1", NID_secp384r1 }, - {"secp521r1", NID_secp521r1 }, - /* X9.62 curves */ -- {"prime192v1", NID_X9_62_prime192v1 }, -- {"prime192v2", NID_X9_62_prime192v2 }, -- {"prime192v3", NID_X9_62_prime192v3 }, -- {"prime239v1", NID_X9_62_prime239v1 }, -- {"prime239v2", NID_X9_62_prime239v2 }, -- {"prime239v3", NID_X9_62_prime239v3 }, - {"prime256v1", NID_X9_62_prime256v1 }, - /* characteristic two field curves */ - /* NIST/SECG curves */ -- {"sect113r1", NID_sect113r1 }, -- {"sect113r2", NID_sect113r2 }, -- {"sect131r1", NID_sect131r1 }, -- {"sect131r2", NID_sect131r2 }, -- {"sect163k1", NID_sect163k1 }, -- {"sect163r1", NID_sect163r1 }, -- {"sect163r2", NID_sect163r2 }, -- {"sect193r1", NID_sect193r1 }, -- {"sect193r2", NID_sect193r2 }, -- {"sect233k1", NID_sect233k1 }, -- {"sect233r1", NID_sect233r1 }, -- {"sect239k1", NID_sect239k1 }, -- {"sect283k1", NID_sect283k1 }, -- {"sect283r1", NID_sect283r1 }, -- {"sect409k1", NID_sect409k1 }, -- {"sect409r1", NID_sect409r1 }, -- {"sect571k1", NID_sect571k1 }, -- {"sect571r1", NID_sect571r1 }, -- /* X9.62 curves */ -- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, -- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, -- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, -- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, -- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, -- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, -- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, -- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, -- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, -- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, -- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, -- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, -- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, -- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, -- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, -- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, -- /* -- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves -- * from X9.62] -- */ -- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, -- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, -- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, -- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, -- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, -- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, -- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, -- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, -- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, -- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, -- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, -- /* IPSec curves */ -- {"Oakley-EC2N-3", NID_ipsec3 }, -- {"Oakley-EC2N-4", NID_ipsec4 }, - /* brainpool curves */ -- {"brainpoolP160r1", NID_brainpoolP160r1 }, -- {"brainpoolP160t1", NID_brainpoolP160t1 }, -- {"brainpoolP192r1", NID_brainpoolP192r1 }, -- {"brainpoolP192t1", NID_brainpoolP192t1 }, -- {"brainpoolP224r1", NID_brainpoolP224r1 }, -- {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, -@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = { - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, -- /* SM2 curve */ -- {"SM2", NID_sm2 }, - }; - - const char *OSSL_EC_curve_nid2name(int nid) -@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name) - /* Functions to translate between common NIST curve names and NIDs */ - - static const EC_NAME2NID nist_curves[] = { -- {"B-163", NID_sect163r2}, -- {"B-233", NID_sect233r1}, -- {"B-283", NID_sect283r1}, -- {"B-409", NID_sect409r1}, -- {"B-571", NID_sect571r1}, -- {"K-163", NID_sect163k1}, -- {"K-233", NID_sect233k1}, -- {"K-283", NID_sect283k1}, -- {"K-409", NID_sect409k1}, -- {"K-571", NID_sect571k1}, -- {"P-192", NID_X9_62_prime192v1}, - {"P-224", NID_secp224r1}, - {"P-256", NID_X9_62_prime256v1}, - {"P-384", NID_secp384r1}, -diff --git a/test/acvp_test.inc b/test/acvp_test.inc -index ad11d3ae1e..894a0bff9d 100644 ---- a/test/acvp_test.inc -+++ b/test/acvp_test.inc -@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = { - 0xB1, 0xAC, - }; - static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { -- { -- "SHA-1", -- "P-192", -- ITM(ecdsa_sigver_msg0), -- ITM(ecdsa_sigver_pub0), -- ITM(ecdsa_sigver_r0), -- ITM(ecdsa_sigver_s0), -- PASS, -- }, - { - "SHA2-512", - "P-521", -diff --git a/test/ecdsatest.h b/test/ecdsatest.h -index 63fe319025..06b5c0aac5 100644 ---- a/test/ecdsatest.h -+++ b/test/ecdsatest.h -@@ -32,23 +32,6 @@ typedef struct { - } ecdsa_cavs_kat_t; - - static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { -- /* prime KATs from X9.62 */ -- {NID_X9_62_prime192v1, NID_sha1, -- "616263", /* "abc" */ -- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", -- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" -- "5ca5c0d69716dfcb3474373902", -- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", -- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", -- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, -- {NID_X9_62_prime239v1, NID_sha1, -- "616263", /* "abc" */ -- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", -- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" -- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", -- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", -- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", -- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, - /* prime KATs from NIST CAVP */ - {NID_secp224r1, NID_sha224, - "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t -index 2dfed387ca..c733b68f83 100644 ---- a/test/recipes/15-test_genec.t -+++ b/test/recipes/15-test_genec.t -@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build" - if disabled("ec"); - - my @prime_curves = qw( -- secp112r1 -- secp112r2 -- secp128r1 -- secp128r2 -- secp160k1 -- secp160r1 -- secp160r2 -- secp192k1 -- secp224k1 - secp224r1 - secp256k1 - secp384r1 - secp521r1 -- prime192v1 -- prime192v2 -- prime192v3 -- prime239v1 -- prime239v2 -- prime239v3 - prime256v1 -- wap-wsg-idm-ecid-wtls6 -- wap-wsg-idm-ecid-wtls7 -- wap-wsg-idm-ecid-wtls8 -- wap-wsg-idm-ecid-wtls9 -- wap-wsg-idm-ecid-wtls12 -- brainpoolP160r1 -- brainpoolP160t1 -- brainpoolP192r1 -- brainpoolP192t1 -- brainpoolP224r1 -- brainpoolP224t1 - brainpoolP256r1 - brainpoolP256t1 - brainpoolP320r1 -@@ -136,7 +110,6 @@ push(@other_curves, 'SM2') - if !disabled("sm2"); - - my @curve_aliases = qw( -- P-192 - P-224 - P-256 - P-384 --- -2.41.0 - diff --git a/0115-skip-quic-pairwise.patch b/0012-RH-skip-quic-pairwise.patch similarity index 67% rename from 0115-skip-quic-pairwise.patch rename to 0012-RH-skip-quic-pairwise.patch index 98bfae5..5ca0801 100644 --- a/0115-skip-quic-pairwise.patch +++ b/0012-RH-skip-quic-pairwise.patch @@ -1,23 +1,23 @@ -From 42ed594a3a905830374fb65cced431748f8c639c Mon Sep 17 00:00:00 2001 +From 2f327785a69b62eac55a94d49441994cbaf941d5 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy -Date: Thu, 4 Apr 2024 11:50:58 +0200 -Subject: [PATCH 45/50] 0115-skip-quic-pairwise.patch +Date: Thu, 7 Mar 2024 17:37:09 +0100 +Subject: [PATCH 12/50] RH: skip quic pairwise Patch-name: 0115-skip-quic-pairwise.patch Patch-id: 115 Patch-status: | - # Amend tests according to Fedora/RHEL code + # skip quic and pairwise tests temporarily --- test/quicapitest.c | 4 +++- test/recipes/01-test_symbol_presence.t | 1 + - test/recipes/30-test_pairwise_fail.t | 13 +++++++++++-- - 3 files changed, 15 insertions(+), 3 deletions(-) + test/recipes/30-test_pairwise_fail.t | 10 ++++++++-- + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/test/quicapitest.c b/test/quicapitest.c -index 41cf0fc7a8..0fb7492700 100644 +index 38dd42c184..b2e18522ab 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c -@@ -2139,7 +2139,9 @@ int setup_tests(void) +@@ -2761,7 +2761,9 @@ int setup_tests(void) ADD_TEST(test_cipher_find); ADD_TEST(test_version); #if defined(DO_SSL_TRACE_TEST) @@ -28,8 +28,20 @@ index 41cf0fc7a8..0fb7492700 100644 #endif ADD_TEST(test_quic_forbidden_apis_ctx); ADD_TEST(test_quic_forbidden_apis); +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 222b1886ae..7e2f65cccb 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) { + } + } + my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; ++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates; + if (@duplicates) { + note "Duplicates:"; + note join('\n', @duplicates); diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t -index c837d48fb4..f06ef04b1a 100644 +index a101a26fb1..43e5396766 100644 --- a/test/recipes/30-test_pairwise_fail.t +++ b/test/recipes/30-test_pairwise_fail.t @@ -9,7 +9,7 @@ @@ -41,18 +53,7 @@ index c837d48fb4..f06ef04b1a 100644 use OpenSSL::Test::Utils; BEGIN { -@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), - SKIP: { - skip "Skip RSA test because of no rsa in this build", 1 - if disabled("rsa"); -+ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, -+ sub { - ok(run(test(["pairwise_fail_test", "-config", $provconf, - "-pairwise", "rsa"])), - "fips provider rsa keygen pairwise failure test"); -+ }); - } - +@@ -39,20 +39,26 @@ SKIP: { SKIP: { skip "Skip EC test because of no ec in this build", 2 if disabled("ec"); @@ -81,5 +82,5 @@ index c837d48fb4..f06ef04b1a 100644 "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])), "fips provider dsa keygen pairwise failure test"); -- -2.44.0 +2.49.0 diff --git a/0116-version-aliasing.patch b/0013-RH-version-aliasing.patch similarity index 75% rename from 0116-version-aliasing.patch rename to 0013-RH-version-aliasing.patch index 73f7981..8b67dc4 100644 --- a/0116-version-aliasing.patch +++ b/0013-RH-version-aliasing.patch @@ -1,7 +1,7 @@ -From a2673b5e2e95bcf54a1746bfd409cca688275e75 Mon Sep 17 00:00:00 2001 +From dcea5128f4a6ff30eedca8442b8e3cdc18bac216 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 46/49] 0116-version-aliasing.patch +Subject: [PATCH 13/50] RH: version aliasing Patch-name: 0116-version-aliasing.patch Patch-id: 116 @@ -17,11 +17,11 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 42331703da..3a280acc0e 100644 +index 6fc201bcfe..3c80b9dfe1 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c -@@ -553,7 +553,12 @@ legacy: - return ret; +@@ -572,7 +572,12 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) + return ctx->digest->dsqueeze(ctx->algctx, md, &size, size); } -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) @@ -35,10 +35,10 @@ index 42331703da..3a280acc0e 100644 EVP_MD_CTX *out = EVP_MD_CTX_new(); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index e9faf31057..5a29b8dbb7 100644 +index eee00a0780..7c51786515 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c -@@ -1444,7 +1444,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +@@ -1762,7 +1762,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) #endif /* FIPS_MODULE */ } @@ -53,20 +53,19 @@ index e9faf31057..5a29b8dbb7 100644 EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 222b1886ae..7e2f65cccb 100644 +index 7e2f65cccb..cc947d4821 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t -@@ -185,6 +185,8 @@ foreach (sort keys %stlibname) { - } - } - my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; -+@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates; -+@duplicates = grep {($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp") } @duplicates; - if (@duplicates) { - note "Duplicates:"; - note join('\n', @duplicates); +@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ + } diff --git a/util/libcrypto.num b/util/libcrypto.num -index 8046454025..068e9904e2 100644 +index ceb4948839..eab3987a6b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION: @@ -80,5 +79,5 @@ index 8046454025..068e9904e2 100644 BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION: BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION: -- -2.44.0 +2.49.0 diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch deleted file mode 100644 index fc544c9..0000000 --- a/0013-skipped-tests-EC-curves.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch - -Patch-name: 0013-skipped-tests-EC-curves.patch -Patch-id: 13 -Patch-status: | - # Skipped tests from former 0011-Remove-EC-curves.patch -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - test/recipes/15-test_ec.t | 2 +- - test/recipes/65-test_cmp_protect.t | 2 +- - test/recipes/65-test_cmp_vfy.t | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t -index 0638d626e7..c0efd77649 100644 ---- a/test/recipes/15-test_ec.t -+++ b/test/recipes/15-test_ec.t -@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub { - - subtest 'Check loading of fips and non-fips keys' => sub { - plan skip_all => "FIPS is disabled" -- if $no_fips; -+ if 1; #Red Hat specific, original value is $no_fips; - - plan tests => 2; - -diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t -index 631603df7c..4cb2ffebbc 100644 ---- a/test/recipes/65-test_cmp_protect.t -+++ b/test/recipes/65-test_cmp_protect.t -@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" - plan skip_all => "This test is not supported in a shared library build on Windows" - if $^O eq 'MSWin32' && !disabled("shared"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_protect_test", - data_file("prot_RSA.pem"), -diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t -index f722800e27..26a01786bb 100644 ---- a/test/recipes/65-test_cmp_vfy.t -+++ b/test/recipes/65-test_cmp_vfy.t -@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" - plan skip_all => "This test is not supported in a no-ec build" - if disabled("ec"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_vfy_test", - data_file("server.crt"), data_file("client.crt"), --- -2.41.0 - diff --git a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch new file mode 100644 index 0000000..bcdad9d --- /dev/null +++ b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch @@ -0,0 +1,80 @@ +From 1c440ca60081777e618eaecb31ef92b692cc2444 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 13 Feb 2025 16:09:09 -0500 +Subject: [PATCH 14/50] RH: Export two symbols for OPENSSL_str[n]casecmp + +We accidentally exported the symbols with the incorrect verison number +in an early version of RHEL-9 so we need to keep the wrong symbols for +ABI backwards compatibility and the correct symbols to be compatible +with upstream. +--- + crypto/o_str.c | 14 ++++++++++++-- + test/recipes/01-test_symbol_presence.t | 2 +- + util/libcrypto.num | 2 ++ + 3 files changed, 15 insertions(+), 3 deletions(-) + mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 93af73561f..86442a939e 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -403,7 +403,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + #endif + } + +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strcasecmp(const char *s1, const char *s2) + { + int t; + +@@ -413,7 +418,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2) + return t; + } + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { + int t; + size_t i; +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +old mode 100644 +new mode 100755 +index cc947d4821..de2dcd90c2 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -186,7 +186,7 @@ foreach (sort keys %stlibname) { + } + } + my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; +-@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates; ++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") && ($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp")} @duplicates; + if (@duplicates) { + note "Duplicates:"; + note join('\n', @duplicates); +diff --git a/util/libcrypto.num b/util/libcrypto.num +index eab3987a6b..d377d542db 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5426,7 +5426,9 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + EVP_RAND_CTX_up_ref 5558 3_1_0 EXIST::FUNCTION: + RAND_set0_public 5559 3_1_0 EXIST::FUNCTION: + RAND_set0_private 5560 3_1_0 EXIST::FUNCTION: +-- +2.49.0 + diff --git a/0015-RH-TMP-KTLS-test-skip.patch b/0015-RH-TMP-KTLS-test-skip.patch new file mode 100644 index 0000000..5c7bf73 --- /dev/null +++ b/0015-RH-TMP-KTLS-test-skip.patch @@ -0,0 +1,30 @@ +From 73574d1847777d0c93d9ebe353d235ebb165eeae Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 13 Feb 2025 18:11:19 -0500 +Subject: [PATCH 15/50] RH: TMP KTLS test skip + +From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9 +--- + test/sslapitest.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 38d58e9387..39118a9162 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -1023,9 +1023,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth, + /* sock must be connected */ + static int ktls_chk_platform(int sock) + { +- if (!ktls_enable(sock)) ++/* if (!ktls_enable(sock)) + return 0; +- return 1; ++ return 1; */ ++ return 0; + } + + static int ping_pong_query(SSL *clientssl, SSL *serverssl) +-- +2.49.0 + diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0016-RH-Allow-disabling-of-SHA1-signatures.patch similarity index 64% rename from 0049-Allow-disabling-of-SHA1-signatures.patch rename to 0016-RH-Allow-disabling-of-SHA1-signatures.patch index 487d1d9..27429dc 100644 --- a/0049-Allow-disabling-of-SHA1-signatures.patch +++ b/0016-RH-Allow-disabling-of-SHA1-signatures.patch @@ -1,7 +1,7 @@ -From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001 +From 81b507715dded07f61f6d2bd7d498cc16ae04e38 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 21 Aug 2023 13:07:07 +0200 -Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch +Subject: [PATCH 16/50] RH: Allow disabling of SHA1 signatures Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch Patch-id: 49 @@ -9,37 +9,64 @@ Patch-status: | # Selectively disallow SHA1 signatures rhbz#2070977 From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- - crypto/context.c | 14 ++++ - crypto/evp/evp_cnf.c | 13 +++ - crypto/evp/m_sigver.c | 79 +++++++++++++++++++ + crypto/context.c | 76 +++++++++++++++++++ + crypto/evp/evp_cnf.c | 13 ++++ + crypto/evp/m_sigver.c | 13 ++++ crypto/evp/pmeth_lib.c | 15 ++++ - doc/man5/config.pod | 13 +++ - include/crypto/context.h | 3 + + doc/man5/config.pod | 13 ++++ + include/crypto/context.h | 8 ++ include/internal/cryptlib.h | 3 +- include/internal/sslconf.h | 4 + - providers/common/securitycheck.c | 20 +++++ - providers/common/securitycheck_default.c | 9 ++- - providers/implementations/signature/dsa_sig.c | 11 ++- - .../implementations/signature/ecdsa_sig.c | 4 + - providers/implementations/signature/rsa_sig.c | 20 ++++- + providers/common/include/prov/securitycheck.h | 2 + + providers/common/securitycheck.c | 14 ++++ + providers/common/securitycheck_default.c | 1 + + providers/implementations/signature/dsa_sig.c | 1 + + .../implementations/signature/ecdsa_sig.c | 5 +- + providers/implementations/signature/rsa_sig.c | 17 ++++- ssl/t1_lib.c | 8 ++ util/libcrypto.num | 2 + - 15 files changed, 209 insertions(+), 9 deletions(-) + 16 files changed, 189 insertions(+), 6 deletions(-) diff --git a/crypto/context.c b/crypto/context.c -index 51002ba79a..e697974c9d 100644 +index 614c8a2c88..6859146510 100644 --- a/crypto/context.c +++ b/crypto/context.c -@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st { - void *fips_prov; +@@ -85,6 +85,8 @@ struct ossl_lib_ctx_st { #endif + STACK_OF(SSL_COMP) *comp_methods; + void *legacy_digest_signatures; + - unsigned int ischild:1; + int ischild; + int conf_diagnostics; }; +@@ -119,6 +121,25 @@ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) + return ctx->ischild; + } -@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx) ++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ ldsigs->allowed = 0; ++ return ldsigs; ++} ++ + static void context_deinit_objs(OSSL_LIB_CTX *ctx); + + static int context_init(OSSL_LIB_CTX *ctx) +@@ -235,6 +256,10 @@ static int context_init(OSSL_LIB_CTX *ctx) goto err; #endif @@ -50,7 +77,7 @@ index 51002ba79a..e697974c9d 100644 /* Low priority. */ #ifndef FIPS_MODULE ctx->child_provider = ossl_child_prov_ctx_new(ctx); -@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) +@@ -382,6 +407,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) } #endif @@ -62,9 +89,9 @@ index 51002ba79a..e697974c9d 100644 /* Low priority. */ #ifndef FIPS_MODULE if (ctx->child_provider != NULL) { -@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) - return ctx->fips_prov; - #endif +@@ -660,6 +690,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) + case OSSL_LIB_CTX_COMP_METHODS: + return (void *)&ctx->comp_methods; + case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: + return ctx->legacy_digest_signatures; @@ -72,69 +99,10 @@ index 51002ba79a..e697974c9d 100644 default: return NULL; } -diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c -index 0e7fe64cf9..b9d3b6d226 100644 ---- a/crypto/evp/evp_cnf.c -+++ b/crypto/evp/evp_cnf.c -@@ -10,6 +10,7 @@ - #include - #include - #include "internal/cryptlib.h" -+#include "internal/sslconf.h" - #include - #include - #include -@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } -+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { -+ int m; -+ -+ /* Detailed error already reported. */ -+ if (!X509V3_get_value_bool(oval, &m)) -+ return 0; -+ -+ if (!ossl_ctx_legacy_digest_signatures_allowed_set( -+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); -+ return 0; -+ } - } else { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 630d339c35..6e4e9f5ae7 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -15,6 +15,73 @@ - #include "internal/provider.h" - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" -+#include "crypto/context.h" -+ -+typedef struct ossl_legacy_digest_signatures_st { -+ int allowed; -+} OSSL_LEGACY_DIGEST_SIGNATURES; -+ -+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; -+ -+ if (ldsigs != NULL) { -+ OPENSSL_free(ldsigs); -+ } -+} -+ -+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -+ /* Warning: This patch differs from the same patch in CentOS and RHEL here, -+ * because the default on Fedora is to allow SHA-1 and support disabling -+ * it, while CentOS/RHEL disable it by default and allow enabling it. */ -+ ldsigs->allowed = 0; -+ return ldsigs; -+} +@@ -714,3 +747,46 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value) + return; + libctx->conf_diagnostics = value; + } + +static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( + OSSL_LIB_CTX *libctx, int loadconfig) @@ -178,10 +146,50 @@ index 630d339c35..6e4e9f5ae7 100644 + ldsigs->allowed = allow; + return 1; +} +diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c +index 0e7fe64cf9..b9d3b6d226 100644 +--- a/crypto/evp/evp_cnf.c ++++ b/crypto/evp/evp_cnf.c +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index 2d1839fedb..6e4685ecc0 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -15,6 +15,7 @@ + #include "internal/provider.h" + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" ++#include "internal/sslconf.h" - #ifndef FIPS_MODULE - -@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) + { +@@ -251,6 +252,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } } @@ -201,7 +209,7 @@ index 630d339c35..6e4e9f5ae7 100644 if (signature->digest_verify_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index ce6e1a1ccb..003926247b 100644 +index 665cafbc21..84fb95d4ca 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,7 @@ @@ -212,7 +220,7 @@ index ce6e1a1ccb..003926247b 100644 #include "evp_local.h" #ifndef FIPS_MODULE -@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, +@@ -954,6 +955,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } @@ -234,10 +242,10 @@ index ce6e1a1ccb..003926247b 100644 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index bd05736220..ed34ff4b9c 100644 +index 39fa468320..b994081924 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod -@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning: +@@ -315,6 +315,19 @@ Within the algorithm properties section, the following names have meaning: The value may be anything that is acceptable as a property query string for EVP_set_default_properties(). @@ -258,27 +266,32 @@ index bd05736220..ed34ff4b9c 100644 The value is a boolean that can be B or B. If the value is diff --git a/include/crypto/context.h b/include/crypto/context.h -index cc06c71be8..e9f74a414d 100644 +index 1c181933e0..35bdfdb52d 100644 --- a/include/crypto/context.h +++ b/include/crypto/context.h -@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); +@@ -48,3 +48,11 @@ void ossl_release_default_drbg_ctx(void); #if defined(OPENSSL_THREADS) void ossl_threads_ctx_free(void *); #endif + -+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); -+void ossl_ctx_legacy_digest_signatures_free(void *); ++#ifndef OSSL_LEGACY_DIGEST_SIGNATURES_STRUCT ++#define OSSL_LEGACY_DIGEST_SIGNATURES_STRUCT ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++#endif ++ diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index ac50eb3bbd..3b115cc7df 100644 +index da442f8a86..44a5e8a99a 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h -@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { - # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 - # define OSSL_LIB_CTX_THREAD_INDEX 19 +@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 --# define OSSL_LIB_CTX_MAX_INDEXES 20 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 21 -+# define OSSL_LIB_CTX_MAX_INDEXES 21 + # define OSSL_LIB_CTX_COMP_METHODS 21 + # define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22 +-# define OSSL_LIB_CTX_MAX_INDEXES 22 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23 ++# define OSSL_LIB_CTX_MAX_INDEXES 23 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); @@ -295,8 +308,18 @@ index fd7f7e3331..05464b0655 100644 +int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, + int loadconfig); #endif +diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h +index 29a2b7fbf8..a48cbb03d2 100644 +--- a/providers/common/include/prov/securitycheck.h ++++ b/providers/common/include/prov/securitycheck.h +@@ -37,3 +37,5 @@ int ossl_digest_get_approved_nid(const EVP_MD *md); + /* Functions that have different implementations for the FIPS_MODULE */ + int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md); + int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx); ++ ++int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid); diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 699ada7c52..e534ad0a5f 100644 +index 8ef8dc2a81..79a9c48ce2 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,7 @@ @@ -305,26 +328,27 @@ index 699ada7c52..e534ad0a5f 100644 #include "prov/securitycheck.h" +#include "internal/sslconf.h" - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - mdnid = -1; /* disallowed by security checks */ - } - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ + #define OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS 112 + +@@ -219,3 +220,16 @@ int ossl_dh_check_key(const DH *dh) + return (L == 2048 && (N == 224 || N == 256)); + } + #endif /* OPENSSL_NO_DH */ + ++int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid) ++{ +#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ if (!ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)) + /* SHA1 is globally disabled, check whether we want to locally allow + * it. */ -+ if (mdnid == NID_sha1 && !sha1_allowed) -+ mdnid = -1; +#endif ++ if (mdnid == NID_sha1) ++ mdnid = -1; + - return mdnid; - } - ++ return mdnid; ++} diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index 246323493e..2ca7a59f39 100644 +index dd71fd91eb..9019fd2a80 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -15,6 +15,7 @@ @@ -334,78 +358,46 @@ index 246323493e..2ca7a59f39 100644 +#include "internal/sslconf.h" /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) - } - - int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, -- ossl_unused int sha1_allowed) -+ int sha1_allowed) - { - int mdnid; -+ int ldsigs_allowed; - - static const OSSL_ITEM name_to_nid[] = { - { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, - }; - -- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); -+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -+ mdnid = -1; - return mdnid; - } + int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 70d0ea5d24..3c482e0181 100644 +index c5adbf8002..52ed52482d 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, - mdprops = ctx->propq; +@@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, - if (mdname != NULL) { -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - WPACKET pkt; - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -- sha1_allowed); -+ int md_nid; - size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE -+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -+ sha1_allowed); + md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + md_nid = ossl_digest_get_approved_nid(md); ++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); - if (md == NULL || md_nid < 0) { - if (md == NULL) + if (md == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index ebeb30e002..c874f87bd5 100644 +index 4018a772ff..80e4115b69 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; +@@ -197,13 +197,16 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, + goto err; } -+#ifdef FIPS_MODULE - sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ sha1_allowed = 0; -+#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { + md_nid = ossl_digest_get_approved_nid(md); ++ + #ifdef FIPS_MODULE +- if (md_nid == NID_undef) { ++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); ++ if (md_nid <= 0) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, + "digest=%s", mdname); + goto err; + } + #endif ++ + /* XOF digests don't work */ + if (EVP_MD_xof(md)) { + ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 2a5504d104..5f3a029566 100644 +index e75b90840b..c4740128ce 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -25,6 +25,7 @@ +@@ -26,6 +26,7 @@ #include "internal/cryptlib.h" #include "internal/nelem.h" #include "internal/sizes.h" @@ -413,66 +405,56 @@ index 2a5504d104..5f3a029566 100644 #include "crypto/rsa.h" #include "prov/providercommon.h" #include "prov/implementations.h" -@@ -33,6 +34,7 @@ +@@ -34,6 +35,7 @@ #include "prov/securitycheck.h" #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 +#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 - OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_newctx_fn rsa_newctx; static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, - - if (mdname != NULL) { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -+ int md_nid; -+ size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); -- size_t mdname_len = strlen(mdname); - - if (md == NULL - || md_nid <= 0 -@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -387,7 +389,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + goto err; + } + md_nid = ossl_digest_rsa_sign_get_md_nid(md); +- if (md_nid == NID_undef) { ++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); ++ if (md_nid <= 0) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, + "digest=%s", mdname); + goto err; +@@ -475,8 +478,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } +- /* The default for mgf1 is SHA1 - so allow SHA1 */ ++ /* The default for mgf1 is SHA1 - so check if we allow SHA1 */ + if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0 ++ || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0 + || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { + if (mdnid <= 0) + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, +@@ -1765,8 +1769,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL - && pad_mode == RSA_PKCS1_PSS_PADDING) +- pmdname = RSA_DEFAULT_DIGEST_NAME; + && pad_mode == RSA_PKCS1_PSS_PADDING) { - pmdname = RSA_DEFAULT_DIGEST_NAME; -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ if (ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME; ++ } else { + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; + } -+#endif + } -+ if (pmgf1mdname != NULL && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 9cb8a4dda2..feb660d030 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: - X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: - OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: - BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK -+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: --- -2.41.0 - -diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c ---- openssl-3.2.0/ssl/t1_lib.c.patch-sha1 2023-12-08 13:01:44.752501257 +0100 -+++ openssl-3.2.0/ssl/t1_lib.c 2023-12-08 13:04:18.969899853 +0100 -@@ -20,6 +20,7 @@ +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 8d0c2647b7..f6117a1fc5 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -21,6 +21,7 @@ #include #include #include @@ -480,15 +462,15 @@ diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c #include "internal/nelem.h" #include "internal/sizes.h" #include "internal/tlsgroups.h" -@@ -1506,6 +1507,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) - uint16_t *tls12_sigalgs_list = NULL; +@@ -2176,6 +2177,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) EVP_PKEY *tmpkey = EVP_PKEY_new(); + int istls; int ret = 0; + int ldsigs_allowed; if (ctx == NULL) goto err; -@@ -1521,6 +1523,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) +@@ -2193,6 +2195,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) goto err; ERR_set_mark(); @@ -496,15 +478,28 @@ diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c /* First fill cache and tls12_sigalgs list from legacy algorithm list */ for (i = 0, lu = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { -@@ -1542,6 +1545,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) - cache[i].enabled = 0; +@@ -2213,6 +2216,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) + cache[i].available = 0; continue; } + if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) + && !ldsigs_allowed) { -+ cache[i].enabled = 0; ++ cache[i].available = 0; + continue; + } if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { - cache[i].enabled = 0; + cache[i].available = 0; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index d377d542db..c2c55129ae 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5928,3 +5928,5 @@ OSSL_AA_DIST_POINT_free 6051 3_5_0 EXIST::FUNCTION: + OSSL_AA_DIST_POINT_new 6052 3_5_0 EXIST::FUNCTION: + OSSL_AA_DIST_POINT_it 6053 3_5_0 EXIST::FUNCTION: + PEM_ASN1_write_bio_ctx 6054 3_5_0 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.49.0 + diff --git a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch new file mode 100644 index 0000000..3478880 --- /dev/null +++ b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch @@ -0,0 +1,34 @@ +From 3e20d4430b34488a06102c30634e7d25d2699290 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:12:33 -0500 +Subject: [PATCH 17/50] FIPS: Red Hat's FIPS module name and version + +Signed-off-by: Simo Sorce +--- + providers/fips/fipsprov.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 373cd1c2e4..aa1ab85470 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) + OSSL_LIB_CTX_FIPS_PROV_INDEX); + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VENDOR)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); + if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) +-- +2.49.0 + diff --git a/0034.fipsinstall_disable.patch b/0018-FIPS-disable-fipsinstall.patch similarity index 53% rename from 0034.fipsinstall_disable.patch rename to 0018-FIPS-disable-fipsinstall.patch index f1d7b27..875aa37 100644 --- a/0034.fipsinstall_disable.patch +++ b/0018-FIPS-disable-fipsinstall.patch @@ -1,27 +1,33 @@ -From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001 +From 50de3f0a5f2023549aaa9caa2184795e692741b0 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 18/50] FIPS: disable fipsinstall Patch-name: 0034.fipsinstall_disable.patch Patch-id: 34 Patch-status: | - # Comment out fipsinstall command-line utility -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Comment out fipsinstall command-line utility +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - apps/fipsinstall.c | 3 + - doc/man1/openssl-fipsinstall.pod.in | 272 +--------------------------- - doc/man1/openssl.pod | 4 - - doc/man5/config.pod | 1 - - doc/man5/fips_config.pod | 104 +---------- - doc/man7/OSSL_PROVIDER-FIPS.pod | 1 - - 6 files changed, 10 insertions(+), 375 deletions(-) + apps/fipsinstall.c | 3 + + doc/man1/openssl-fipsinstall.pod.in | 485 +------------------------- + doc/man1/openssl.pod | 4 - + doc/man5/config.pod | 1 - + doc/man5/fips_config.pod | 228 +----------- + doc/man7/OSSL_PROVIDER-FIPS.pod | 1 - + test/recipes/00-prep_fipsmodule_cnf.t | 10 +- + test/recipes/01-test_fipsmodule_cnf.t | 7 +- + test/recipes/03-test_fipsinstall.t | 2 + + 9 files changed, 22 insertions(+), 719 deletions(-) + mode change 100644 => 100755 test/recipes/00-prep_fipsmodule_cnf.t + mode change 100644 => 100755 test/recipes/01-test_fipsmodule_cnf.t + mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c -index e1ef645b60..db92cb5fb2 100644 +index 0daa55a1b8..b4e29ac301 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c -@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv) +@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **argv) EVP_MAC *mac = NULL; CONF *conf = NULL; @@ -32,10 +38,10 @@ index e1ef645b60..db92cb5fb2 100644 goto end; diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in -index b1768b7f91..b6b00e27d8 100644 +index 9dd4f5a49f..9a063022a9 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in -@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation +@@ -8,488 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation =head1 SYNOPSIS B @@ -53,8 +59,33 @@ index b1768b7f91..b6b00e27d8 100644 -[B<-pedantic>] -[B<-no_conditional_errors>] -[B<-no_security_checks>] +-[B<-hmac_key_check>] +-[B<-kmac_key_check>] -[B<-ems_check>] -[B<-no_drbg_truncated_digests>] +-[B<-signature_digest_check>] +-[B<-hkdf_digest_check>] +-[B<-tls13_kdf_digest_check>] +-[B<-tls1_prf_digest_check>] +-[B<-sshkdf_digest_check>] +-[B<-sskdf_digest_check>] +-[B<-x963kdf_digest_check>] +-[B<-dsa_sign_disabled>] +-[B<-no_pbkdf2_lower_bound_check>] +-[B<-no_short_mac>] +-[B<-tdes_encrypt_disabled>] +-[B<-rsa_pkcs15_padding_disabled>] +-[B<-rsa_pss_saltlen_check>] +-[B<-rsa_sign_x931_disabled>] +-[B<-hkdf_key_check>] +-[B<-kbkdf_key_check>] +-[B<-tls13_kdf_key_check>] +-[B<-tls1_prf_key_check>] +-[B<-sshkdf_key_check>] +-[B<-sskdf_key_check>] +-[B<-x963kdf_key_check>] +-[B<-x942kdf_key_check>] +-[B<-ecdh_cofactor_check>] -[B<-self_test_onload>] -[B<-self_test_oninstall>] -[B<-corrupt_desc> I] @@ -216,11 +247,154 @@ index b1768b7f91..b6b00e27d8 100644 -when using the TLS1_PRF KDF algorithm. This check is disabled by default. -See RFC 7627 for information related to EMS. - +-=item B<-no_short_mac> +- +-Configure the module to not allow short MAC outputs. +-See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details. +- +-=item B<-hmac_key_check> +- +-Configure the module to not allow small keys sizes when using HMAC. +-See SP 800-131Ar2 for details. +- +-=item B<-kmac_key_check> +- +-Configure the module to not allow small keys sizes when using KMAC. +-See SP 800-131Ar2 for details. +- -=item B<-no_drbg_truncated_digests> - -Configure the module to not allow truncated digests to be used with Hash and -HMAC DRBGs. See FIPS 140-3 IG D.R for details. - +-=item B<-signature_digest_check> +- +-Configure the module to enforce signature algorithms to use digests that are +-explicitly permitted by the various standards. +- +-=item B<-hkdf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-HKDF. +-See NIST SP 800-56Cr2 for details. +- +-=item B<-tls13_kdf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-TLS13 KDF. +-See RFC 8446 for details. +- +-=item B<-tls1_prf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-TLS_PRF. +-See NIST SP 800-135r1 for details. +- +-=item B<-sshkdf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-SSHKDF. +-See NIST SP 800-135r1 for details. +- +-=item B<-sskdf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-SSKDF. +-See NIST SP 800-56Cr2 for details. +- +-=item B<-x963kdf_digest_check> +- +-Configure the module to enable a run-time digest check when deriving a key by +-X963KDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-dsa_sign_disabled> +- +-Configure the module to not allow DSA signing (DSA signature verification is +-still allowed). See FIPS 140-3 IG C.K for details. +- +-=item B<-tdes_encrypt_disabled> +- +-Configure the module to not allow Triple-DES encryption. +-Triple-DES decryption is still allowed for legacy purposes. +-See SP800-131Ar2 for details. +- +-=item B<-rsa_pkcs15_padding_disabled> +- +-Configure the module to not allow PKCS#1 version 1.5 padding to be used with +-RSA for key transport and key agreement. See NIST's SP 800-131A Revision 2 +-for details. +- +-=item B<-rsa_pss_saltlen_check> +- +-Configure the module to enable a run-time salt length check when generating or +-verifying a RSA-PSS signature. +-See FIPS 186-5 5.4 (g) for details. +- +-=item B<-rsa_sign_x931_disabled> +- +-Configure the module to not allow X9.31 padding to be used when signing with +-RSA. See FIPS 140-3 IG C.K for details. +- +-=item B<-hkdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by HKDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-kbkdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by KBKDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-tls13_kdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by TLS13 KDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-tls1_prf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by TLS_PRF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-sshkdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by SSHKDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-sskdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by SSKDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-x963kdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by X963KDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-x942kdf_key_check> +- +-Configure the module to enable a run-time short key-derivation key check when +-deriving a key by X942KDF. +-See NIST SP 800-131Ar2 for details. +- +-=item B<-no_pbkdf2_lower_bound_check> +- +-Configure the module to not perform run-time lower bound check for PBKDF2. +-See NIST SP 800-132 for details. +- +-=item B<-ecdh_cofactor_check> +- +-Configure the module to enable a run-time check that ECDH uses the EC curves +-cofactor value when deriving a key. This only affects the 'B' and 'K' curves. +-See SP 800-56A r3 Section 5.7.1.2 for details. +- -=item B<-self_test_onload> - -Do not write the two fields related to the "test status indicator" and @@ -230,14 +404,17 @@ index b1768b7f91..b6b00e27d8 100644 -target machine. Once the self tests have run on the target machine the user -could possibly then add the 2 fields into the configuration using some other -mechanism. -- --This is the default. +-This option defaults to 0 for any OpenSSL FIPS 140-2 provider (OpenSSL 3.0.X). +-and is not relevant for an OpenSSL FIPS 140-3 provider, since this is no +-longer allowed. - -=item B<-self_test_oninstall> - -The converse of B<-self_test_oninstall>. The two fields related to the -"test status indicator" and "MAC status indicator" are written to the -output configuration file. +-This field is not relevant for an OpenSSL FIPS 140-3 provider, since this is no +-longer allowed. - -=item B<-quiet> - @@ -308,6 +485,48 @@ index b1768b7f91..b6b00e27d8 100644 -L, -L, -L +- +-=head1 HISTORY +- +-The B application was added in OpenSSL 3.0. +- +-The following options were added in OpenSSL 3.1: +- +-B<-ems_check>, +-B<-self_test_oninstall> +- +-The following options were added in OpenSSL 3.2: +- +-B<-pedantic>, +-B<-no_drbg_truncated_digests> +- +-The following options were added in OpenSSL 3.4: +- +-B<-hmac_key_check>, +-B<-kmac_key_check>, +-B<-signature_digest_check>, +-B<-hkdf_digest_check>, +-B<-tls13_kdf_digest_check>, +-B<-tls1_prf_digest_check>, +-B<-sshkdf_digest_check>, +-B<-sskdf_digest_check>, +-B<-x963kdf_digest_check>, +-B<-dsa_sign_disabled>, +-B<-no_pbkdf2_lower_bound_check>, +-B<-no_short_mac>, +-B<-tdes_encrypt_disabled>, +-B<-rsa_pkcs15_padding_disabled>, +-B<-rsa_pss_saltlen_check>, +-B<-rsa_sign_x931_disabled>, +-B<-hkdf_key_check>, +-B<-kbkdf_key_check>, +-B<-tls13_kdf_key_check>, +-B<-tls1_prf_key_check>, +-B<-sshkdf_key_check>, +-B<-sskdf_key_check>, +-B<-x963kdf_key_check>, +-B<-x942kdf_key_check>, +-B<-ecdh_cofactor_check> +This command is disabled. +Please consult Red Hat Enterprise Linux documentation to learn how to correctly +enable FIPS mode on Red Hat Enterprise @@ -315,10 +534,10 @@ index b1768b7f91..b6b00e27d8 100644 =head1 COPYRIGHT diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod -index d9c22a580f..d5ec3b9a6a 100644 +index edef2ff598..0762a00d74 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod -@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation. +@@ -139,10 +139,6 @@ Engine (loadable module) information and manipulation. Error Number to Error String Conversion. @@ -330,10 +549,10 @@ index d9c22a580f..d5ec3b9a6a 100644 Generation of DSA Private Key from Parameters. Superseded by diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index 714a10437b..bd05736220 100644 +index b994081924..7a6d7fab4a 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod -@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified. +@@ -603,7 +603,6 @@ configuration files using that syntax will have to be modified. =head1 SEE ALSO L, L, L, @@ -342,10 +561,10 @@ index 714a10437b..bd05736220 100644 L, L, diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod -index 2255464304..1c15e32a5c 100644 +index a25ced3383..15748c5756 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod -@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration +@@ -6,230 +6,10 @@ fips_config - OpenSSL FIPS configuration =head1 DESCRIPTION @@ -382,10 +601,6 @@ index 2255464304..1c15e32a5c 100644 -If present, the module is activated. The value assigned to this name is not -significant. - --=item B -- --A version number for the fips install process. Should be 1. -- -=item B - -The FIPS module normally enters an internal error mode if any self test fails. @@ -399,18 +614,14 @@ index 2255464304..1c15e32a5c 100644 -continuous test will return an error code if its continuous test fails. The -operation may then be retried if the error mode has not been triggered. - --=item B -- --This indicates if run-time checks related to enforcement of security parameters --such as minimum security strength of keys and approved curve names are used. --A value of '1' will perform the checks, otherwise if the value is '0' the checks --are not performed and FIPS compliance must be done by procedures documented in --the relevant Security Policy. -- -=item B - -The calculated MAC of the FIPS provider file. - +-=item B +- +-A version number for the fips install process. Should be 1. +- -=item B - -An indicator that the self-tests were successfully run. @@ -427,6 +638,134 @@ index 2255464304..1c15e32a5c 100644 - -=back - +-=head2 FIPS indicator options +- +-The following FIPS configuration options indicate if run-time checks related to +-enforcement of FIPS security parameters such as minimum security strength of +-keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-See L for further information related to these +-options. +- +-=over 4 +- +-=item B +- +-See L B<-no_security_checks> +- +-=item B +- +-See L B<-ems_check> +- +-=item B +- +-See L B<-no_short_mac> +- +-=item B +- +-See L B<-no_drbg_truncated_digests> +- +-=item B +- +-See L B<-signature_digest_check> +- +-=item B +- +-See L B<-hkdf_digest_check> +- +-=item B +- +-See L B<-tls13_kdf_digest_check> +- +-=item B +- +-See L B<-tls1_prf_digest_check> +- +-=item B +- +-See L B<-sshkdf_digest_check> +- +-=item B +- +-See L B<-sskdf_digest_check> +- +-=item B +- +-See L B<-x963kdf_digest_check> +- +-=item B +- +-See L B<-dsa_sign_disabled> +- +-=item B +- +-See L B<-tdes_encrypt_disabled> +- +-=item B +- +-See L B<-rsa_pkcs15_pad_disabled> +- +-=item B +- +-See L B<-rsa_pss_saltlen_check> +- +-=item B +- +-See L B<-rsa_sign_x931_disabled> +- +-=item B +- +-See L B<-hkdf_key_check> +- +-=item B +- +-See L B<-kbkdf_key_check> +- +-=item B +- +-See L B<-tls13_kdf_key_check> +- +-=item B +- +-See L B<-tls1_prf_key_check> +- +-=item B +- +-See L B<-sshkdf_key_check> +- +-=item B +- +-See L B<-sskdf_key_check> +- +-=item B +- +-See L B<-x963kdf_key_check> +- +-=item B +- +-See L B<-x942kdf_key_check> +- +-=item B +- +-See L B<-no_pbkdf2_lower_bound_check> +- +-=item B +- +-See L B<-ecdh_cofactor_check> +- +-=item B +- +-See L B<-hmac_key_check> +- +-=item B +- +-See L B<-kmac_key_check> +- +-=back +- -For example: - - [fips_sect] @@ -449,18 +788,22 @@ index 2255464304..1c15e32a5c 100644 - -L -L +- +-=head1 HISTORY +- +-This functionality was added in OpenSSL 3.0. +This command is disabled in Red Hat Enterprise Linux. The FIPS provider is +automatically loaded when the system is booted in FIPS mode, or when the +environment variable B is set. See the documentation +for more information. - =head1 HISTORY + =head1 COPYRIGHT diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod -index 4f908888ba..ef00247770 100644 +index 20d35fada8..f8f219d647 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod -@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are: +@@ -575,7 +575,6 @@ want to operate in a FIPS approved manner. The algorithms are: =head1 SEE ALSO @@ -468,6 +811,60 @@ index 4f908888ba..ef00247770 100644 L, L, L, +diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t +old mode 100644 +new mode 100755 +index 4e3a6d85e8..48869b2568 +--- a/test/recipes/00-prep_fipsmodule_cnf.t ++++ b/test/recipes/00-prep_fipsmodule_cnf.t +@@ -29,8 +29,10 @@ my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); + + plan tests => 1; + ++ok(1 == 1); ++ + # Create the $fipsmoduleconf file +-ok(run(app(['openssl', 'fipsinstall', '-pedantic', +- '-module', $fipsmodule, '-provider_name', 'fips', +- '-section_name', 'fips_sect', '-out', $fipsmoduleconf])), +- "fips install"); ++#ok(run(app(['openssl', 'fipsinstall', '-pedantic', ++# '-module', $fipsmodule, '-provider_name', 'fips', ++# '-section_name', 'fips_sect', '-out', $fipsmoduleconf])), ++# "fips install"); +diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t +old mode 100644 +new mode 100755 +index ce594817d5..4530a46dd0 +--- a/test/recipes/01-test_fipsmodule_cnf.t ++++ b/test/recipes/01-test_fipsmodule_cnf.t +@@ -31,7 +31,8 @@ plan tests => 1; + my $fipsmodule = bldtop_file('providers', platform->dso('fips')); + my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); + ++ok(1 == 1) + # verify the $fipsconf file +-ok(run(app(['openssl', 'fipsinstall', +- '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])), +- "fipsinstall verify"); ++#ok(run(app(['openssl', 'fipsinstall', ++# '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])), ++# "fipsinstall verify"); +diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t +old mode 100644 +new mode 100755 +index 1f9110ef60..7e80637bd5 +--- a/test/recipes/03-test_fipsinstall.t ++++ b/test/recipes/03-test_fipsinstall.t +@@ -22,6 +22,8 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + ++plan skip_all => "Fipsinstall not available in Red Hat FIPS build"; ++ + plan skip_all => "Test only supported in a fips build" if disabled("fips"); + + # Compatible options for pedantic FIPS compliance -- -2.41.0 +2.49.0 diff --git a/0032-Force-fips.patch b/0019-FIPS-Force-fips-provider-on.patch similarity index 71% rename from 0032-Force-fips.patch rename to 0019-FIPS-Force-fips-provider-on.patch index 985fadf..08e2432 100644 --- a/0032-Force-fips.patch +++ b/0019-FIPS-Force-fips-provider-on.patch @@ -1,18 +1,19 @@ -From 2c110cf5551a3869514e697d8dc06682b62ca57d Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 11:59:02 +0200 -Subject: [PATCH 16/48] 0032-Force-fips.patch +From a5f2ab969455d591327ea41cac9ffb64234ca38c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 19/50] FIPS: Force fips provider on Patch-name: 0032-Force-fips.patch Patch-id: 32 Patch-status: | - # We load FIPS provider and set FIPS properties implicitly + # # We load FIPS provider and set FIPS properties implicitly +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - crypto/provider_conf.c | 28 +++++++++++++++++++++++++++- - 1 file changed, 27 insertions(+), 1 deletion(-) + crypto/provider_conf.c | 30 +++++++++++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c -index 058fb58837..5274265a70 100644 +index 5ec50f97e4..a2a9786e1c 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -10,6 +10,8 @@ @@ -24,7 +25,7 @@ index 058fb58837..5274265a70 100644 #include #include #include -@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, +@@ -237,7 +239,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, if (path != NULL) ossl_provider_set_module_path(prov, path); @@ -33,7 +34,7 @@ index 058fb58837..5274265a70 100644 if (ok == 1) { if (!ossl_provider_activate(prov, 1, 0)) { -@@ -268,6 +268,8 @@ static int provider_conf_activate(OSSL_L +@@ -266,6 +268,8 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, if (ok <= 0) ossl_provider_free(prov); @@ -42,7 +43,7 @@ index 058fb58837..5274265a70 100644 } CRYPTO_THREAD_unlock(pcgbl->lock); -@@ -309,6 +311,33 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) +@@ -420,6 +424,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) return 0; } @@ -64,9 +65,6 @@ index 058fb58837..5274265a70 100644 + if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) + return 0; + } -+ /* provider_conf_load can return 1 even when the test is failed so check explicitly */ -+ if (OSSL_PROVIDER_available(libctx, "fips") != 1) -+ return 0; + if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) + return 0; + if (EVP_default_properties_enable_fips(libctx, 1) != 1) @@ -77,5 +75,5 @@ index 058fb58837..5274265a70 100644 } -- -2.41.0 +2.49.0 diff --git a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch new file mode 100644 index 0000000..62f5058 --- /dev/null +++ b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch @@ -0,0 +1,265 @@ +From 01427603bda0c44624b57c284e731c539828444e Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 20/50] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE + +Corrected by squashing in: +0052-Restore-the-correct-verify_integrity-function.patch + +Patch-name: 0033-FIPS-embed-hmac.patch +Patch-id: 33 +Patch-status: | + # # Embed HMAC into the fips.so + # Modify fips self test as per + # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + providers/fips/self_test.c | 170 ++++++++++++++++++++++++++++++++++--- + test/fipsmodule.cnf | 2 + + 2 files changed, 161 insertions(+), 11 deletions(-) + create mode 100644 test/fipsmodule.cnf + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index ef7be26ca7..8b17b8ca94 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -235,13 +235,137 @@ err: + return ok; + } + ++#define HMAC_LEN 32 ++/* ++ * The __attribute__ ensures we've created the .rodata1 section ++ * static ensures it's zero filled ++*/ ++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; ++ + /* + * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify + * the result matches the expected value. + * Return 1 if verified, or 0 if it fails. + */ ++ ++#ifndef __USE_GNU ++#define __USE_GNU ++#include ++#undef __USE_GNU ++#else ++#include ++#endif ++#include ++ ++static int verify_integrity_rodata(OSSL_CORE_BIO *bio, ++ OSSL_FUNC_BIO_read_ex_fn read_ex_cb, ++ const unsigned char *expected, ++ size_t expected_len, OSSL_LIB_CTX *libctx, ++ OSSL_SELF_TEST *ev, const char *event_type) ++{ ++ int ret = 0, status; ++ unsigned char out[MAX_MD_SIZE]; ++ unsigned char buf[INTEGRITY_BUF_SIZE]; ++ size_t bytes_read = 0, out_len = 0; ++ EVP_MAC *mac = NULL; ++ EVP_MAC_CTX *ctx = NULL; ++ OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; ++ ++ if (expected_len != HMAC_LEN) ++ goto err; ++ ++ if (!integrity_self_test(ev, libctx)) ++ goto err; ++ ++ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); ++ ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ ++ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); ++ if (mac == NULL) ++ goto err; ++ ctx = EVP_MAC_CTX_new(mac); ++ if (ctx == NULL) ++ goto err; ++ ++ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0); ++ *p = OSSL_PARAM_construct_end(); ++ ++ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) ++ goto err; ++ ++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { ++ status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ if (off < paddr) { ++ int delta = paddr - off; ++ status = read_ex_cb(bio, buf, delta, &bytes_read); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ /* read away the buffer */ ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ if (status != 1) ++ goto err; ++ ++ /* check that it is the expect bytes, no point in continuing otherwise */ ++ if (memcmp(expected, buf, HMAC_LEN) != 0) ++ goto err; ++ ++ /* replace in-file HMAC buffer with the original zeros */ ++ memset(buf, 0, HMAC_LEN); ++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) ++ goto err; ++ off += HMAC_LEN; ++ ++ while (bytes_read > 0) { ++ status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) ++ goto err; ++ ++ OSSL_SELF_TEST_oncorrupt_byte(ev, out); ++ if (expected_len != out_len ++ || memcmp(expected, out, out_len) != 0) ++ goto err; ++ ret = 1; ++err: ++ OSSL_SELF_TEST_onend(ev, ret); ++ EVP_MAC_CTX_free(ctx); ++ EVP_MAC_free(mac); ++# ifdef OPENSSL_PEDANTIC_ZEROIZATION ++ OPENSSL_cleanse(out, sizeof(out)); ++# endif ++ return ret; ++} ++ + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, +- unsigned char *expected, size_t expected_len, ++ const unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, + const char *event_type) + { +@@ -253,6 +377,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; + ++ if (expected_len != HMAC_LEN) ++ goto err; ++ + if (!integrity_self_test(ev, libctx)) + goto err; + +@@ -316,7 +443,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + int ok = 0; + long checksum_len; + OSSL_CORE_BIO *bio_module = NULL; +- unsigned char *module_checksum = NULL; ++ const unsigned char *module_checksum = NULL; ++ unsigned char *alloc_checksum = NULL; + OSSL_SELF_TEST *ev = NULL; + EVP_RAND *testrand = NULL; + EVP_RAND_CTX *rng; +@@ -352,8 +480,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + return 0; + } + +- if (st == NULL +- || st->module_checksum_data == NULL) { ++ if (st == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); + goto end; + } +@@ -362,8 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + if (ev == NULL) + goto end; + +- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, +- &checksum_len); ++ if (st->module_checksum_data == NULL) { ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ } else { ++ alloc_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, ++ &checksum_len); ++ module_checksum = alloc_checksum; ++ } ++ + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); + goto end; +@@ -371,14 +505,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); + + /* Always check the integrity of the fips module */ +- if (bio_module == NULL +- || !verify_integrity(bio_module, st->bio_read_ex_cb, +- module_checksum, checksum_len, st->libctx, +- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ if (bio_module == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); + goto end; + } + ++ if (st->module_checksum_data == NULL) { ++ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb, ++ module_checksum, checksum_len, ++ st->libctx, ev, ++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); ++ goto end; ++ } ++ } else { ++ if (!verify_integrity(bio_module, st->bio_read_ex_cb, ++ module_checksum, checksum_len, st->libctx, ++ ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); ++ goto end; ++ } ++ } ++ + if (!SELF_TEST_kats(ev, st->libctx)) { + ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); + goto end; +@@ -398,7 +546,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + end: + EVP_RAND_free(testrand); + OSSL_SELF_TEST_free(ev); +- OPENSSL_free(module_checksum); ++ OPENSSL_free(alloc_checksum); + + if (st != NULL) + (*st->bio_free_cb)(bio_module); +diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf +new file mode 100644 +index 0000000000..f05d0dedbe +--- /dev/null ++++ b/test/fipsmodule.cnf +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 +-- +2.49.0 + diff --git a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch new file mode 100644 index 0000000..3f894dc --- /dev/null +++ b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch @@ -0,0 +1,32 @@ +From e5fa1a36fb4786a29e5e0ffcafc1198a18ef2a1c Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 20 Feb 2025 15:30:32 -0500 +Subject: [PATCH 21/50] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so + +This script rewrites the fips.so binary to embed the hmac result into it +so that after a build it can be called to make the fips.so as modified +by Red Hat to properly pass the integrty test + +Signed-off-by: Simo Sorce +--- + fips-hmacify.sh | 8 ++++++++ + 1 file changed, 8 insertions(+) + create mode 100755 fips-hmacify.sh + +diff --git a/fips-hmacify.sh b/fips-hmacify.sh +new file mode 100755 +index 0000000000..54ae60b07f +--- /dev/null ++++ b/fips-hmacify.sh +@@ -0,0 +1,8 @@ ++#!/bin/bash ++ ++dd if=/dev/zero bs=1 count=32 of=tmp.mac >/dev/null 2>&1 ++objcopy --update-section .rodata1=tmp.mac providers/fips.so providers/fips.so.zeromac ++mv providers/fips.so.zeromac providers/fips.so ++LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac ++objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac ++mv providers/fips.so.mac providers/fips.so +-- +2.49.0 + diff --git a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch new file mode 100644 index 0000000..1058cf5 --- /dev/null +++ b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch @@ -0,0 +1,49 @@ +From 2c0a4a02d274997dcc969ec8a7f13922aa3a4d7b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 22/50] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW + +Patch-name: 0047-FIPS-early-KATS.patch +Patch-id: 47 +Patch-status: | + # # Execute KATS before HMAC verification +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + providers/fips/self_test.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index 8b17b8ca94..0f5074936f 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -489,6 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + if (ev == NULL) + goto end; + ++ /* ++ * Run the KAT's before HMAC verification according to FIPS-140-3 ++ * requirements ++ */ ++ if (!SELF_TEST_kats(ev, st->libctx)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); ++ goto end; ++ } ++ + if (st->module_checksum_data == NULL) { + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); +@@ -527,11 +536,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + } + } + +- if (!SELF_TEST_kats(ev, st->libctx)) { +- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); +- goto end; +- } +- + /* Verify that the RNG has been restored properly */ + rng = ossl_rand_get0_private_noncreating(st->libctx); + if (rng != NULL) +-- +2.49.0 + diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch similarity index 87% rename from 0058-FIPS-limit-rsa-encrypt.patch rename to 0023-FIPS-RSA-encrypt-limits-REVIEW.patch index 5d3ef9c..5fa29ca 100644 --- a/0058-FIPS-limit-rsa-encrypt.patch +++ b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch @@ -1,62 +1,59 @@ -From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001 +From e3def0e0439297fdfb9d17ede9f5e38e829d5d86 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 23/50] FIPS: RSA: encrypt limits - REVIEW Patch-name: 0058-FIPS-limit-rsa-encrypt.patch Patch-id: 58 Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/common/securitycheck.c | 1 + - .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++ - .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++- - test/recipes/80-test_cms.t | 5 +- - test/recipes/80-test_ssl_old.t | 27 +++++++-- - 5 files changed, 118 insertions(+), 8 deletions(-) + providers/common/securitycheck.c | 1 + + .../fips/include/fips_indicator_params.inc | 2 +- + .../implementations/asymciphers/rsa_enc.c | 26 ++++ + .../30-test_evp_data/evppkey_rsa_common.txt | 146 +++++++++++++----- + test/recipes/80-test_cms.t | 5 +- + test/recipes/80-test_ssl_old.t | 27 +++- + 6 files changed, 164 insertions(+), 43 deletions(-) + mode change 100644 => 100755 test/recipes/80-test_ssl_old.t diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index e534ad0a5f..c017c658e5 100644 +index 79a9c48ce2..0e517542bc 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c -@@ -27,6 +27,7 @@ +@@ -65,6 +65,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect) * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. */ +/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ - int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) + int ossl_rsa_check_key_size(const RSA *rsa, int protect) { - int protect = 0; + int sz = RSA_bits(rsa); +diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc +index 78f9fc0655..6bd783eb0a 100644 +--- a/providers/fips/include/fips_indicator_params.inc ++++ b/providers/fips/include/fips_indicator_params.inc +@@ -13,7 +13,7 @@ OSSL_FIPS_PARAM(sskdf_digest_check, SSKDF_DIGEST_CHECK, 0) + OSSL_FIPS_PARAM(x963kdf_digest_check, X963KDF_DIGEST_CHECK, 0) + OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0) + OSSL_FIPS_PARAM(tdes_encrypt_disallowed, TDES_ENCRYPT_DISABLED, 0) +-OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 0) ++OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 1) + OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0) + OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0) + OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0) diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index d865968058..872967bcb3 100644 +index 6ee127caff..2a7c2f159e 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, - return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); - } +@@ -168,6 +168,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + } + #endif +# ifdef FIPS_MODULE -+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) -+{ -+ if (prsactx->pad_mode == RSA_PKCS1_PADDING || prsactx->pad_mode == RSA_NO_PADDING -+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) -+ return 0; -+ -+ return 1; -+} -+# endif -+ - static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, size_t inlen) - { -@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - if (!ossl_prov_is_running()) - return 0; - -+# ifdef FIPS_MODULE -+ if (fips_padding_allowed(prsactx) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ if (prsactx->pad_mode == RSA_NO_PADDING) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); + return 0; + } + @@ -69,13 +66,15 @@ index d865968058..872967bcb3 100644 if (out == NULL) { size_t len = RSA_size(prsactx->rsa); -@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -230,6 +242,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; +# ifdef FIPS_MODULE -+ if (fips_padding_allowed(prsactx) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ if ((prsactx->pad_mode == RSA_PKCS1_PADDING ++ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING ++ || prsactx->pad_mode == RSA_NO_PADDING)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); + return 0; + } + @@ -89,471 +88,10 @@ index d865968058..872967bcb3 100644 if (out == NULL) { *outlen = SSL_MAX_MASTER_KEY_LENGTH; diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -index 8680797b90..95d5d51102 100644 +index 18e11bdaa9..17ceb59148 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 - h90qjKHS9PvY4Q== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a - Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 - Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb - Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 - Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 - Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 - eG2e4XlBcKjI6A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e - Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 - Output=2d - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 - Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 - Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec - Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z - Ya4qnqZe1onjY5o= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 - Output=087820b569e8fa8d - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 - Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a - Output=d94cd0e08fa404ed89 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 - Output=6cc641b6b61e6f963974dad23a9013284ef1 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 - Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq - aD0x7TDrmEvkEro= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 - Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e - Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 - Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 - Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 - Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B - MSwGUGLx60i3nRyDyw== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 - Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad - Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 - Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf - Output=15c5b9ee1185 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 - Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC - Yejn5Ly8mU2q+jBcRQ== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 - Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f - Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 - Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 - Output=684e3038c5c041f7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab - Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS - FMlxv0gq65dqc3DC - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 - Output=47aae909 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 - Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b - Output=d976fc - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac - Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 - Output=bb47231ca5ea1d3ad46c99345d9a8a61 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM - 2MiPa249Z+lh3Luj0A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 - Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d - Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f - Output=8604ac56328c1ab5ad917861 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 - Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 - Output=4a5f4914bee25de3c69341de07 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo - tKo5Eb69iFQvBb4= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 - Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 - Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 - Output=fd326429df9b890e09b54b18b8f34f1e24 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 - Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e - Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index cbec426137..9ba7fbeed2 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", -+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, -@@ -1022,6 +1022,9 @@ sub check_availability { - return "$tnam: skipped, DSA disabled\n" - if ($no_dsa && $tnam =~ / DSA/); - -+ return "$tnam: skipped, Red Hat FIPS\n" -+ if ($tnam =~ /no Red Hat FIPS/); -+ - return ""; - } - -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index e2dcb68fb5..0775112b40 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t -@@ -493,6 +493,18 @@ sub testssl { - # the default choice if TLSv1.3 enabled - my $flag = $protocol eq "-tls1_3" ? "" : $protocol; - my $ciphersuites = ""; -+ my %redhat_skip_cipher = map {$_ => 1} qw( -+AES256-GCM-SHA384:@SECLEVEL=0 -+AES256-CCM8:@SECLEVEL=0 -+AES256-CCM:@SECLEVEL=0 -+AES128-GCM-SHA256:@SECLEVEL=0 -+AES128-CCM8:@SECLEVEL=0 -+AES128-CCM:@SECLEVEL=0 -+AES256-SHA256:@SECLEVEL=0 -+AES128-SHA256:@SECLEVEL=0 -+AES256-SHA:@SECLEVEL=0 -+AES128-SHA:@SECLEVEL=0 -+ ); - foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; -@@ -504,11 +516,16 @@ sub testssl { - } else { - $cipher = $cipher.':@SECLEVEL=0'; - } -- ok(run(test([@ssltest, @exkeys, "-cipher", -- $cipher, -- "-ciphersuites", $ciphersuites, -- $flag || ()])), -- "Testing $cipher"); -+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { -+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; -+ ok(1); -+ } else { -+ ok(run(test([@ssltest, @exkeys, "-cipher", -+ $cipher, -+ "-ciphersuites", $ciphersuites, -+ $flag || ()])), -+ "Testing $cipher"); -+ } - } - } - next if $protocol eq "-tls1_3"; --- -2.41.0 - -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 2023-12-11 19:15:32.167790754 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-12-11 21:16:08.390089120 +0100 -@@ -248,7 +248,7 @@ Input = 64b0e9f9892371110c40ba5739dc0974 +@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377 Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # RSA decrypt @@ -562,7 +100,23 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patc Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 Output = "Hello World" -@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 + + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 ++Availablein = default + # Note: disable the Bleichenbacher workaround to see if it passes + Decrypt = RSA-2048 + Ctrl = rsa_pkcs1_implicit_rejection:0 +@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 + Output = "Hello World" + + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 ++Availablein = default + # Corrupted ciphertext + # Note: output is generated synthethically by the Bleichenbacher workaround + Decrypt = RSA-2048 +@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff # The old FIPS provider doesn't include the workaround (#13817) @@ -571,10 +125,37 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patc # Corrupted ciphertext # Note: disable the Bleichenbacher workaround to see if it fails Decrypt = RSA-2048 -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:09:31.498568631 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:14:45.858384004 +0100 -@@ -365,28 +365,28 @@ Input = 8bfe264e85d3bdeaa6b8851b8e3b956e +@@ -296,13 +296,14 @@ Input = 0000000000000000000000000000000000000001 + Result = KEYOP_ERROR + + # RSADP Ciphertext = 2 should pass ++Availablein = default + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = 0000000000000000000000000000000000000002 + Output = 93d0bae8ad0d94de400eb078dd10edd7418ef1bf11b8e8b5d2b86b142e77d603e108fbcca2b976aa7b5326e5369db3bb73bf74f8d47c36a6318e913888c873502a561fc69329e7c24a0a016d81310449a52b29e49a6a41bdfe6c10a8d90072d64b4486756fd007c0071da2a8c7107a904621c11f0d81aa80b655a713c28170594ece28133dfbfddd61d4e4dad0d6781f6145a351a994054993fd57cd1330966ce97d7ac259b15616fd7235e2cac29fdc1c05f1612c61785614b80e7b650c03ef77d64163d75fa637cc2a9a7e570b3176fdcfb6ad6d25e8515f6ced02cfb3a441c87220044110fd27dcb53888f0377e1797bf297b7da27d3f033cd8b5d60ececc + + # RSADP Ciphertext = n-2 should pass +-Availablein = fips ++Availablein = none + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44d +@@ -317,6 +318,7 @@ Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b0 + Result = KEYOP_ERROR + + # RSADP Ciphertext = n should fail ++Availablein = default + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f +@@ -406,82 +408,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC + # RSA decrypt + + # a random positive test case ++Availablein = default + Decrypt = RSA-2048-2 + Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 Output = "lorem ipsum dolor sit amet" # The old FIPS provider doesn't include the workaround (#13817) @@ -607,7 +188,48 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # invalid decrypting to message with length specified by third to last value from PRF Decrypt = RSA-2048-2 Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 -@@ -428,14 +428,14 @@ Input = 1ea0b50ca65203d0a09280d39704b24f + Output = 4f02 + + # positive test with 11 byte long value ++Availablein = default + Decrypt = RSA-2048-2 + Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 + Output = "lorem ipsum" + + # positive test with 11 byte long value and zero padded ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + + # positive test with 11 byte long value and zero truncated ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + + # positive test with 11 byte long value and double zero padded ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + + # positive test with 11 byte long value and double zero truncated ciphertext ++Availablein = default + Decrypt = RSA-2048-2 + Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + + # positive that generates a 0 byte long synthetic message internally ++Availablein = default + Decrypt = RSA-2048-2 + Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 + Output = "lorem ipsum" + + # positive that generates a 245 byte long synthetic message internally ++Availablein = default + Decrypt = RSA-2048-2 + Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 Output = "lorem ipsum" # The old FIPS provider doesn't include the workaround (#13817) @@ -624,7 +246,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an otherwise correct plaintext, but with wrong first byte # (0x01 instead of 0x00), generates a random 11 byte long plaintext Decrypt = RSA-2048-2 -@@ -443,7 +443,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be5 +@@ -489,7 +499,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc Output = a1f8c9255c35cfba403ccc # The old FIPS provider doesn't include the workaround (#13817) @@ -633,7 +255,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an otherwise correct plaintext, but with wrong second byte # (0x01 instead of 0x02), generates a random 11 byte long plaintext Decrypt = RSA-2048-2 -@@ -451,7 +451,7 @@ Input = 782c2b59a21a511243820acedd567c13 +@@ -497,7 +507,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d Output = e6d700309ca0ed62452254 # The old FIPS provider doesn't include the workaround (#13817) @@ -642,7 +264,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an invalid ciphertext, with a zero byte in first byte of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -460,7 +460,7 @@ Input = 0096136621faf36d5290b16bd26295de +@@ -506,7 +516,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a Output = ba27b1842e7c21c0e7ef6a # The old FIPS provider doesn't include the workaround (#13817) @@ -651,7 +273,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an invalid ciphertext, with a zero byte removed from first byte of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -469,7 +469,7 @@ Input = 96136621faf36d5290b16bd26295de27 +@@ -515,7 +525,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3 Output = ba27b1842e7c21c0e7ef6a # The old FIPS provider doesn't include the workaround (#13817) @@ -660,7 +282,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an invalid ciphertext, with two zero bytes in first bytes of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -478,7 +478,7 @@ Input = 0000587cccc6b264bdfe0dc2149a9880 +@@ -524,7 +534,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f Output = d5cf555b1d6151029a429a # The old FIPS provider doesn't include the workaround (#13817) @@ -669,7 +291,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an invalid ciphertext, with two zero bytes removed from first bytes of # ciphertext, decrypts to a random 11 byte long synthetic # plaintext -@@ -487,7 +487,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa +@@ -533,7 +543,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c Output = d5cf555b1d6151029a429a # The old FIPS provider doesn't include the workaround (#13817) @@ -678,7 +300,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # and invalid ciphertext, otherwise valid but starting with 000002, decrypts # to random 11 byte long synthetic plaintext Decrypt = RSA-2048-2 -@@ -495,7 +495,7 @@ Input = 1786550ce8d8433052e01ecba8b76d30 +@@ -541,7 +551,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802 Output = 3d4a054d9358209e9cbbb9 # The old FIPS provider doesn't include the workaround (#13817) @@ -687,7 +309,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # negative test with otherwise valid padding but a zero byte in first byte # of padding Decrypt = RSA-2048-2 -@@ -503,7 +503,7 @@ Input = 179598823812d2c58a7eb50521150a48 +@@ -549,7 +559,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94 Output = 1f037dd717b07d3e7f7359 # The old FIPS provider doesn't include the workaround (#13817) @@ -696,7 +318,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # negative test with otherwise valid padding but a zero byte at the eighth # byte of padding Decrypt = RSA-2048-2 -@@ -511,7 +511,7 @@ Input = a7a340675a82c30e22219a55bc07cdf3 +@@ -557,7 +567,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646 Output = 63cb0bf65fc8255dd29e17 # The old FIPS provider doesn't include the workaround (#13817) @@ -705,7 +327,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # negative test with an otherwise valid plaintext but with missing separator # byte Decrypt = RSA-2048-2 -@@ -566,53 +566,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLI +@@ -612,53 +622,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC # RSA decrypt # The old FIPS provider doesn't include the workaround (#13817) @@ -768,80 +390,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) Decrypt = RSA-2049 Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:22:09.981463726 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:28:41.789966051 +0100 -@@ -269,7 +269,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 - Output = "Hello World" - - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # Note: disable the Bleichenbacher workaround to see if it passes - Decrypt = RSA-2048 - Ctrl = rsa_pkcs1_implicit_rejection:0 -@@ -277,7 +277,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 - Output = "Hello World" - - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # Corrupted ciphertext - # Note: output is generated synthethically by the Bleichenbacher workaround - Decrypt = RSA-2048 -@@ -360,6 +360,7 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-P - # RSA decrypt - - # a random positive test case -+Availablein = default - Decrypt = RSA-2048-2 - Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 - Output = "lorem ipsum dolor sit amet" -@@ -393,36 +394,43 @@ Input = 1690ebcceece2ce024f382e467cf8510 - Output = 4f02 - - # positive test with 11 byte long value -+Availablein = default - Decrypt = RSA-2048-2 - Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 - Output = "lorem ipsum" - - # positive test with 11 byte long value and zero padded ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" - - # positive test with 11 byte long value and zero truncated ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" - - # positive test with 11 byte long value and double zero padded ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" - - # positive test with 11 byte long value and double zero truncated ciphertext -+Availablein = default - Decrypt = RSA-2048-2 - Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" - - # positive that generates a 0 byte long synthetic message internally -+Availablein = default - Decrypt = RSA-2048-2 - Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 - Output = "lorem ipsum" - - # positive that generates a 245 byte long synthetic message internally -+Availablein = default - Decrypt = RSA-2048-2 - Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 - Output = "lorem ipsum" -@@ -681,14 +690,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKu +@@ -722,14 +737,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC # The old FIPS provider doesn't include the workaround (#13817) @@ -858,7 +407,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # a random invalid that has PRF output with a length one byte too long # in the last value Decrypt = RSA-3072 -@@ -696,46 +705,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d8 +@@ -737,46 +752,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa Output = 56a3bea054e01338be9b7d7957539c # The old FIPS provider doesn't include the workaround (#13817) @@ -913,7 +462,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # a random negative test case that generates a 9 byte long message based on # second to last value from PRF Decrypt = RSA-3072 -@@ -743,7 +757,7 @@ Input = 758c215aa6acd61248062b88284bf43c +@@ -784,7 +804,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0 Output = 043383c929060374ed # The old FIPS provider doesn't include the workaround (#13817) @@ -922,7 +471,7 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # a random negative test that generates message based on 3rd last value from # PRF Decrypt = RSA-3072 -@@ -751,35 +765,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4 +@@ -792,35 +812,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48 Output = 70263fa6050534b9e0 # The old FIPS provider doesn't include the workaround (#13817) @@ -963,3 +512,474 @@ diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only # an otherwise valid plaintext, but with null separator missing Decrypt = RSA-3072 Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 +@@ -912,9 +932,9 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD + + # Verify of above signature + Verify = RSA-2048-PUBLIC ++Ctrl = digest:sha256 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:0 +-Ctrl = digest:sha256 + Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + +@@ -1207,36 +1227,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1261,36 +1287,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1315,36 +1347,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1369,36 +1407,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1423,36 +1467,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1477,36 +1527,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1531,36 +1587,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1585,36 +1647,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1645,36 +1713,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 5c967c5818..d13dceaac5 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( + + if ($no_fips || $old_fips) { + push(@smime_pkcs7_tests, +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -1267,6 +1267,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +old mode 100644 +new mode 100755 +index f7be2e1872..568a1ddba4 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -561,6 +561,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($dsaallow == '0' && index($cipher, "DSS") != -1) { + # DSA is not allowed in FIPS 140-3 +@@ -576,11 +588,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +-- +2.49.0 + diff --git a/0024-FIPS-RSA-PCTs.patch b/0024-FIPS-RSA-PCTs.patch new file mode 100644 index 0000000..08fdb73 --- /dev/null +++ b/0024-FIPS-RSA-PCTs.patch @@ -0,0 +1,157 @@ +From 77fdffb56f9194fe81d7e91bf9a7ac06be02e250 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 24 Mar 2025 10:50:37 -0400 +Subject: [PATCH 24/50] FIPS: RSA: PCTs + +Signed-off-by: Simo Sorce +--- + providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++ + providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++-- + 2 files changed, 61 insertions(+), 4 deletions(-) + +diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c +index 77d0950094..f0e71beb43 100644 +--- a/providers/implementations/keymgmt/rsa_kmgmt.c ++++ b/providers/implementations/keymgmt/rsa_kmgmt.c +@@ -433,6 +433,7 @@ struct rsa_gen_ctx { + #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* ACVP test parameters */ + OSSL_PARAM *acvp_test_params; ++ void *prov_rsa_ctx; + #endif + }; + +@@ -446,6 +447,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) + return gctx->cb(params, gctx->cbarg); + } + ++#ifdef FIPS_MODULE ++void *rsa_newctx(void *provctx, const char *propq); ++void rsa_freectx(void *vctx); ++int do_rsa_pct(void *, const char *, void *); ++#endif ++ + static void *gen_init(void *provctx, int selection, int rsa_type, + const OSSL_PARAM params[]) + { +@@ -473,6 +480,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type, + + if (!rsa_gen_set_params(gctx, params)) + goto err; ++#ifdef FIPS_MODULE ++ if (gctx != NULL) ++ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL); ++#endif + return gctx; + + err: +@@ -629,6 +640,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + + rsa = rsa_tmp; + rsa_tmp = NULL; ++#ifdef FIPS_MODULE ++ /* Pairwise consistency test */ ++ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1) ++ abort(); ++#endif + err: + BN_GENCB_free(gencb); + RSA_free(rsa_tmp); +@@ -644,6 +660,8 @@ static void rsa_gen_cleanup(void *genctx) + #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); + gctx->acvp_test_params = NULL; ++ rsa_freectx(gctx->prov_rsa_ctx); ++ gctx->prov_rsa_ctx = NULL; + #endif + BN_clear_free(gctx->pub_exp); + OPENSSL_free(gctx); +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index c4740128ce..b08c9685dd 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -37,7 +37,7 @@ + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 + #define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + +-static OSSL_FUNC_signature_newctx_fn rsa_newctx; ++OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; + static OSSL_FUNC_signature_verify_init_fn rsa_verify_init; + static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init; +@@ -54,7 +54,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final; + static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init; + static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_verify_update; + static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final; +-static OSSL_FUNC_signature_freectx_fn rsa_freectx; ++OSSL_FUNC_signature_freectx_fn rsa_freectx; + static OSSL_FUNC_signature_dupctx_fn rsa_dupctx; + static OSSL_FUNC_signature_query_key_types_fn rsa_sigalg_query_key_types; + static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params; +@@ -226,7 +226,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen) + return 1; + } + +-static void *rsa_newctx(void *provctx, const char *propq) ++void *rsa_newctx(void *provctx, const char *propq) + { + PROV_RSA_CTX *prsactx = NULL; + char *propq_copy = NULL; +@@ -1317,7 +1317,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, + return ok; + } + +-static void rsa_freectx(void *vprsactx) ++void rsa_freectx(void *vprsactx) + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + +@@ -1867,6 +1867,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) + return EVP_MD_settable_ctx_params(prsactx->md); + } + ++#ifdef FIPS_MODULE ++int do_rsa_pct(void *vctx, const char *mdname, void *rsa) ++{ ++ static const unsigned char data[32]; ++ unsigned char *sigbuf = NULL; ++ size_t siglen = 0; ++ int ret = 0; ++ ++ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0) ++ return 0; ++ ++ if (rsa_digest_sign_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0) ++ return 0; ++ ++ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL) ++ return 0; ++ ++ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0) ++ goto err; ++ ++ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0) ++ goto err; ++ ++ if (rsa_digest_verify_update(vctx, data, sizeof(data)) <= 0) ++ goto err; ++ ++ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) ++ goto err; ++ ret = 1; ++ ++ err: ++ OPENSSL_free(sigbuf); ++ return ret; ++} ++#endif ++ + const OSSL_DISPATCH ossl_rsa_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, +-- +2.49.0 + diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch deleted file mode 100644 index 1a65417..0000000 --- a/0024-load-legacy-prov.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 14/35] 0024-load-legacy-prov.patch - -Patch-name: 0024-load-legacy-prov.patch -Patch-id: 24 -Patch-status: | - # Instructions to load legacy provider in openssl.cnf -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - apps/openssl.cnf | 37 +++++++++++++++---------------------- - doc/man5/config.pod | 8 ++++++++ - 2 files changed, 23 insertions(+), 22 deletions(-) - -diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf ---- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 -+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 -@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1 - tsa_policy2 = 1.2.3.4.5.6 - tsa_policy3 = 1.2.3.4.5.7 - --# For FIPS --# Optionally include a file that is generated by the OpenSSL fipsinstall --# application. This file contains configuration data required by the OpenSSL --# fips provider. It contains a named section e.g. [fips_sect] which is --# referenced from the [provider_sect] below. --# Refer to the OpenSSL security policy for more information. --# .include fipsmodule.cnf -- - [openssl_init] - providers = provider_sect - # Load default TLS policy configuration -@@ -42,23 +42,27 @@ [ evp_properties ] - #This section is intentionally added empty here - #to be tuned on particular systems - --# List of providers to load --[provider_sect] --default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect -+# Uncomment the sections that start with ## below to enable the legacy provider. -+# Loading the legacy provider enables support for the following algorithms: -+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 -+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED -+# Key Derivation Function (KDF): PBKDF1 -+# In general it is not recommended to use the above mentioned algorithms for -+# security critical operations, as they are cryptographically weak or vulnerable -+# to side-channel attacks and as such have been deprecated. - --# If no providers are activated explicitly, the default one is activated implicitly. --# See man 7 OSSL_PROVIDER-default for more details. --# --# If you add a section explicitly activating any other provider(s), you most --# probably need to explicitly activate the default provider, otherwise it --# becomes unavailable in openssl. As a consequence applications depending on --# OpenSSL may not work correctly which could lead to significant system --# problems including inability to remotely access the system. --[default_sect] --# activate = 1 -+[provider_sect] -+default = default_sect -+##legacy = legacy_sect -+## -+[default_sect] -+activate = 1 -+ -+##[legacy_sect] -+##activate = 1 -+ -+#Place the third party provider configuration files into this folder -+.include /etc/pki/tls/openssl.d - - [ ssl_module ] - -diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod ---- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 -+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 -@@ -273,6 +273,14 @@ significant. - All parameters in the section as well as sub-sections are made - available to the provider. - -+=head3 Loading the legacy provider -+ -+Uncomment the sections that start with ## in openssl.cnf -+to enable the legacy provider. -+Note: In general it is not recommended to use the above mentioned algorithms for -+security critical operations, as they are cryptographically weak or vulnerable -+to side-channel attacks and as such have been deprecated. -+ - =head3 Default provider and its activation - - If no providers are activated explicitly, the default one is activated implicitly. diff --git a/0025-FIPS-RSA-encapsulate-limits.patch b/0025-FIPS-RSA-encapsulate-limits.patch new file mode 100644 index 0000000..65f4d51 --- /dev/null +++ b/0025-FIPS-RSA-encapsulate-limits.patch @@ -0,0 +1,59 @@ +From 1ba2caa0c71e45e5ccc9cec2e389d3ee7c68a252 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 25/50] FIPS: RSA: encapsulate limits + +Patch-name: 0091-FIPS-RSA-encapsulate.patch +Patch-id: 91 +Patch-status: | + # 0091-FIPS-RSA-encapsulate.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + providers/implementations/kem/rsa_kem.c | 14 ++++++++++++++ + test/recipes/30-test_evp_data/evppkey_rsa_kem.txt | 1 + + 2 files changed, 15 insertions(+) + +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index 7494dcc010..5d6123e8cb 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -284,6 +284,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, + /* Step (1): nlen = Ceil(len(n)/8) */ + nlen = RSA_size(prsactx->rsa); + ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + if (out == NULL) { + if (nlen == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); +@@ -360,6 +367,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, + /* Step (1): get the byte length of n */ + nlen = RSA_size(prsactx->rsa); + ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + if (out == NULL) { + if (nlen == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt b/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt +index ecab1454e7..8e5edd35fe 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt +@@ -108,3 +108,4 @@ Securitycheck = 1 + Unapproved = 1 + CtrlInit = key-check:0 + Op = RSASVE ++Result = TEST_ENCAPSULATE_LEN_ERROR +-- +2.49.0 + diff --git a/0025-for-tests.patch b/0025-for-tests.patch deleted file mode 100644 index 0e0146c..0000000 --- a/0025-for-tests.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf ---- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 -+++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 -@@ -55,17 +55,17 @@ providers = provider_sect - # to side-channel attacks and as such have been deprecated. - - [provider_sect] --default = default_sect -+##default = default_sect - ##legacy = legacy_sect - ## --[default_sect] --activate = 1 -+##[default_sect] -+##activate = 1 - - ##[legacy_sect] - ##activate = 1 - --#Place the third party provider configuration files into this folder --.include /etc/pki/tls/openssl.d -+##Place the third party provider configuration files into this folder -+#.include /etc/pki/tls/openssl.d - - -#################################################################### diff --git a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch new file mode 100644 index 0000000..6211eab --- /dev/null +++ b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch @@ -0,0 +1,97 @@ +From 3b61e3b98c1c0110e9c55fb14a967c69d8efdda8 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 26/50] FIPS: RSA: Disallow SHAKE in OAEP and PSS + +According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms +must not be used in higher-level algorithms (such as RSA-OAEP and +RSASSA-PSS): + +"To be used in an approved mode of operation, the SHA-3 hash functions +may be implemented either as part of an approved higher-level algorithm, +for example, a digital signature algorithm, or as the standalone +functions. The SHAKE128 and SHAKE256 extendable-output functions may +only be used as the standalone algorithms." + +Add a check to prevent their use as message digest in PSS signatures and +as MGF1 hash function in both OAEP and PSS. + +Signed-off-by: Clemens Lang + +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/rsa/rsa_oaep.c | 16 ++++++++++++++++ + crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ + 2 files changed, 32 insertions(+) + +diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c +index 5a1c080fcd..11cd78618b 100644 +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -76,6 +76,14 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256") || ++ EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return 0; ++ } ++#endif ++ + #ifdef FIPS_MODULE + /* XOF are approved as standalone; Shake256 in Ed448; MGF */ + if (EVP_MD_xof(md)) { +@@ -194,6 +202,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256") || ++ EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return -1; ++ } ++#endif ++ + #ifdef FIPS_MODULE + /* XOF are approved as standalone; Shake256 in Ed448; MGF */ + if (EVP_MD_xof(md)) { +diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c +index a2bc198a89..2833ca50f3 100644 +--- a/crypto/rsa/rsa_pss.c ++++ b/crypto/rsa/rsa_pss.c +@@ -61,6 +61,14 @@ int ossl_rsa_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen <= 0) + goto err; +@@ -186,6 +194,14 @@ int ossl_rsa_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen <= 0) + goto err; +-- +2.49.0 + diff --git a/0027-FIPS-RSA-size-mode-restrictions.patch b/0027-FIPS-RSA-size-mode-restrictions.patch new file mode 100644 index 0000000..dd1e11e --- /dev/null +++ b/0027-FIPS-RSA-size-mode-restrictions.patch @@ -0,0 +1,443 @@ +From 8cb662f002e33c6fb99b96ef24733e16e3dc48ad Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:20:30 -0500 +Subject: [PATCH 27/50] FIPS: RSA: size/mode restrictions + +Signed-off-by: Simo Sorce +--- + providers/implementations/signature/rsa_sig.c | 26 +++++++++ + ssl/ssl_ciph.c | 3 + + test/recipes/30-test_evp_data/evppkey_rsa.txt | 55 ++++++++++++++++++- + .../30-test_evp_data/evppkey_rsa_common.txt | 8 +-- + 4 files changed, 87 insertions(+), 5 deletions(-) + +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index b08c9685dd..0e0810f60a 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -940,6 +940,19 @@ static int rsa_verify_recover(void *vprsactx, + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + int ret; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +@@ -1034,6 +1047,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, + const unsigned char *tbs, size_t tbslen) + { + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 19420d6c6a..5ab1ccee93 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) + ctx->disabled_mkey_mask = 0; + ctx->disabled_auth_mask = 0; + ++ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) ++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; ++ + /* + * We ignore any errors from the fetches below. They are expected to fail + * if these algorithms are not available. +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt +index f1dc5dd2a2..103556c750 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt +@@ -268,8 +268,8 @@ TwIDAQAB + + PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT + +- + # Wrong MGF1 digest ++Availablein = default + Verify = RSA-2048 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:0 +@@ -279,7 +279,19 @@ Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + Result = VERIFY_ERROR + ++# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify ++Availablein = fips ++Verify = RSA-2048 ++Ctrl = rsa_padding_mode:pss ++Ctrl = rsa_pss_saltlen:0 ++Ctrl = digest:sha256 ++Ctrl = rsa_mgf1_md:sha1 ++Input="0123456789ABCDEF0123456789ABCDEF" ++Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A ++Result = PKEY_CTRL_ERROR ++ + # Verify using default parameters ++Availablein = default + Verify = RSA-PSS-DEFAULT + Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF +@@ -303,36 +315,42 @@ fc6CnohE9iWxFeXpxKWc+PgRO2g0M2ov0mibRyy7Xlyr5nQ1DFm2wX4XaHT7Qvj8 + PRdqAX7cYf0ybEszyQIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=5c81a3e2a658246628cd0ee8b00bb4c012bc9739 + Output=014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3 + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=27f71611446aa6eabf037f7dedeede3203244991 + Output=010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=03ecc2c33e93f05fc7224fcc0d461356cb897217 + Output=007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4 + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=246c727b4b9494849dddb068d582e179ac20999c + Output=009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912 + Output=00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf + ++Availablein = default + Verify=RSA-PSS-2 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -348,36 +366,42 @@ nQ6tsIdYbKSJM9o8yVPZW9DtUN4Q3ctnNhB9bIMcf2Y+gzykwJfnAM4PuUX4j7hf + 6OWncxclZbkUpHGkQwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=3552be69dd74bdc56d2cf8c38ef7bafe269040fe + Output=0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=609143ff7240e55c062aba8b9e4426a781919bc9 + Output=02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0afd22f879a9cda7c584f4135f8f1c961db114c0 + Output=0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=405dd56d395ef0f01b555c48f748cc32b210650b + Output=0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8 + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=a2c313b0440c8a0c47233b87f0a160c61af3eae7 + Output=021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83 + ++Availablein = default + Verify=RSA-PSS-3 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -393,36 +417,42 @@ MAz5u2xTrR3IoXi4FdtCNamp2gwG3k5hXqEnfOVZ6cEI3ljBSoGqd/Wm+NEzVJRJ + iEjIuVlAdAvnv3w3BQIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd + Output=0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948 + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=04a10944bfe11ab801e77889f3fd3d7f4ff0b629 + Output=049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598 + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=ba01243db223eb97fb86d746c3148adaaa0ca344 + Output=03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=934bb0d38d6836daec9de82a9648d4593da67cd2 + Output=0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=ec35d81abd1cceac425a935758b683465c8bd879 + Output=022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a + ++Availablein = default + Verify=RSA-PSS-4 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -438,18 +468,21 @@ pLDMjaMl7YqmdrDQ9ibgp38HaSFwrKyAgvQvqn3HzRI+cw4xqHmFIEyry+ZnDUOi + 3Sst3vXgU5L8ITvFBwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-5 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=d98b7061943510bc3dd9162f7169aabdbdcd0222 + Output=0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d + ++Availablein = default + Verify=RSA-PSS-5 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=7ae8e699f754988f4fd645e463302e49a2552072 + Output=08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e + ++Availablein = default + Verify=RSA-PSS-5 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -463,12 +496,14 @@ Ctrl = rsa_mgf1_md:sha1 + Input=ee3de96783fd0a157c8b20bf5566124124dcfe65 + Output=0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1 + ++Availablein = default + Verify=RSA-PSS-5 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=1204df0b03c2724e2709c23fc71789a21b00ae4c + Output=0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd + ++Availablein = default + Verify=RSA-PSS-5 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -484,36 +519,42 @@ Kl8QsJwxGvjA/7W3opfy78Y7jWsFEJMfC5jki/X8bsTnuNsf+usIw44CrbjwOkgi + nJnpaUMfYcuMTcaY0QIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6 + Output=04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1 + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=92d0bcae82b641f578f040f5151be8eda6d42299 + Output=0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773 + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=3569bd8fd2e28f2443375efa94f186f6911ffc2b + Output=086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456 + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=7abbb7b42de335730a0b641f1e314b6950b84f98 + Output=0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=55b7eb27be7a787a59eb7e5fac468db8917a7725 + Output=02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b + ++Availablein = default + Verify=RSA-PSS-6 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -529,36 +570,42 @@ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgTfJ2kpmyMQIuNon0MnXn4zLHq/B + 2LXF01SAItcGTqKaswIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d + Output=187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823 + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=402140dc605b2f5c5ec0d15bce9f9ba8857fe117 + Output=10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8 + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20 + Output=2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1 + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=1fc2201d0c442a4736cd8b2cd00c959c47a3bf42 + Output=32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19 + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=e4351b66819e5a31501f89acc7faf57030e9aac5 + Output=07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1 + ++Availablein = default + Verify=RSA-PSS-7 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -574,36 +621,42 @@ R1PbPO4O4Gx9+uix1TtZUyGPnM7qaVsIZo7eqtztlGOx15DV6/J+kRW0bK1NmiuO + +rBWGwgQNEc5raBzPwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=a1dd230d8ead860199b6277c2ecfe3d95f6d9160 + Output=0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5 + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=f6e68e53c602c5c65fa67b5aa6d786e5524b12ab + Output=2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=d6f9fcd3ae27f32bb2c7c93536782eba52af1f76 + Output=2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96 + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=7ff2a53ce2e2d900d468e498f230a5f5dd0020de + Output=1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7 + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=4eb309f7022ba0b03bb78601b12931ec7c1be8d3 + Output=33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee + ++Availablein = default + Verify=RSA-PSS-8 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index 17ceb59148..972e90f32f 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -285,7 +285,7 @@ FIPSversion = >=3.4.0 + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = 0000000000000000000000000000000000000000 +-Result = KEYOP_ERROR ++Result = KEYOP_LENGTH_ERROR + + # RSADP Ciphertext = 1 should fail + Availablein = fips +@@ -293,7 +293,7 @@ FIPSversion = >=3.4.0 + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = 0000000000000000000000000000000000000001 +-Result = KEYOP_ERROR ++Result = KEYOP_LENGTH_ERROR + + # RSADP Ciphertext = 2 should pass + Availablein = default +@@ -315,7 +315,7 @@ FIPSversion = >=3.4.0 + Decrypt = RSA-2048 + Ctrl = rsa_padding_mode:none + Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44e +-Result = KEYOP_ERROR ++Result = KEYOP_LENGTH_ERROR + + # RSADP Ciphertext = n should fail + Availablein = default +@@ -2074,7 +2074,7 @@ Securitycheck = 1 + Unapproved = 1 + CtrlInit = key-check:0 + Input = 550AF55A2904E7B9762352F8FB7FA235 +-Result = KEYOP_MISMATCH ++Result = KEYOP_LENGTH_ERROR + + # Signing with SHA1 is not allowed in fips mode + Availablein = fips +-- +2.49.0 + diff --git a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch new file mode 100644 index 0000000..fd145cf --- /dev/null +++ b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch @@ -0,0 +1,26 @@ +From 325fb1b9829a5731d9807161f077dae684fa58cb Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 24 Mar 2025 11:03:45 -0400 +Subject: [PATCH 28/50] FIPS: RSA: Mark x931 as not approved by default + +Signed-off-by: Simo Sorce +--- + providers/fips/include/fips_indicator_params.inc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc +index 6bd783eb0a..c1b029de86 100644 +--- a/providers/fips/include/fips_indicator_params.inc ++++ b/providers/fips/include/fips_indicator_params.inc +@@ -15,7 +15,7 @@ OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0) + OSSL_FIPS_PARAM(tdes_encrypt_disallowed, TDES_ENCRYPT_DISABLED, 0) + OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 1) + OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0) +-OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0) ++OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 1) + OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0) + OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0) + OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0) +-- +2.49.0 + diff --git a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch similarity index 86% rename from 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch rename to 0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch index 01fa935..464bf1a 100644 --- a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +++ b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch @@ -1,39 +1,37 @@ -From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:43:57 +0200 -Subject: [PATCH 37/48] - 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +From 004971c02760bcddb77954b90a2be4aeeb70ec22 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 29/50] FIPS: RSA: Remove X9.31 padding signatures tests -Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -Patch-id: 81 +The current draft of FIPS 186-5 [1] no longer contains specifications +for X9.31 signature padding. Instead, it contains the following +information in Appendix E: + +> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from +> this standard. + +Since this situation is unlikely to change in future revisions of the +draft, and future FIPS 140-3 validations of the provider will require +X9.31 to be disabled or marked as not approved with an explicit +indicator, disallow this padding mode now. + +Remove the X9.31 tests from the acvp test, since they will always fail +now. + + [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf + +Signed-off-by: Clemens Lang + +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/implementations/signature/rsa_sig.c | 6 + - test/acvp_test.inc | 214 ------------------ - 2 files changed, 6 insertions(+), 214 deletions(-) + test/acvp_test.inc | 225 --------------------------------------------- + 1 file changed, 225 deletions(-) -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 63ee11e566..cfaa4841cb 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -1279,7 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - err_extra_text = "No padding not allowed with RSA-PSS"; - goto cont; - case RSA_X931_PADDING: -+#ifndef FIPS_MODULE - err_extra_text = "X.931 padding not allowed with RSA-PSS"; -+#else /* !defined(FIPS_MODULE) */ -+ err_extra_text = "X.931 padding no longer allowed in FIPS mode," -+ " since it was removed from FIPS 186-5"; -+ goto bad_pad; -+#endif /* !defined(FIPS_MODULE) */ - cont: - if (RSA_test_flags(prsactx->rsa, - RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) diff --git a/test/acvp_test.inc b/test/acvp_test.inc -index 73b24bdb0c..96a72073f9 100644 +index 97ec1ff3e5..31fa0eafc6 100644 --- a/test/acvp_test.inc +++ b/test/acvp_test.inc -@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = { +@@ -1354,13 +1354,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = { ITM(rsa_siggen0_msg), NO_PSS_SALT_LEN, }, @@ -47,8 +45,8 @@ index 73b24bdb0c..96a72073f9 100644 { "pss", 2048, -@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = { - 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, +@@ -1772,202 +1765,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = { + 0xe9, 0x97, 0x20, 0x35, 0xf8, 0xf1, 0x78, 0xe1 }; -static const unsigned char rsa_sigverx931_0_n[] = { @@ -250,13 +248,24 @@ index 73b24bdb0c..96a72073f9 100644 static const struct rsa_sigver_st rsa_sigver_data[] = { { "pkcs1", /* pkcs1v1.5 */ -@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { +@@ -1991,28 +1788,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { NO_PSS_SALT_LEN, FAIL }, - { - "x931", - 3072, +- "SHA1", +- ITM(rsa_sigverx931_0_msg), +- ITM(rsa_sigverx931_0_n), +- ITM(rsa_sigverx931_0_e), +- ITM(rsa_sigverx931_0_sig), +- NO_PSS_SALT_LEN, +- PASS +- }, +- { +- "x931", +- 3072, - "SHA256", - ITM(rsa_sigverx931_1_msg), - ITM(rsa_sigverx931_1_n), @@ -269,5 +278,5 @@ index 73b24bdb0c..96a72073f9 100644 "pss", 4096, -- -2.41.0 +2.49.0 diff --git a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch new file mode 100644 index 0000000..86d09d0 --- /dev/null +++ b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch @@ -0,0 +1,387 @@ +From 0d8ac9675eaaf3eaded5f7d2ec304be022eacd10 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 12 Feb 2025 17:12:02 -0500 +Subject: [PATCH 30/50] FIPS: RSA: NEEDS-REWORK: + FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed + +Signed-off-by: Simo Sorce +--- + ...EP-in-KATs-support-fixed-OAEP-seed.p.patch | 348 ++++++++++++++++++ + REBASE.txt | 10 + + 2 files changed, 358 insertions(+) + create mode 100644 Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch + create mode 100644 REBASE.txt + +diff --git a/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch b/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch +new file mode 100644 +index 0000000000..793b8a4dac +--- /dev/null ++++ b/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch +@@ -0,0 +1,348 @@ ++From a0e92712c141cda0b8321feb492982506b18c612 Mon Sep 17 00:00:00 2001 ++From: rpm-build ++Date: Wed, 6 Mar 2024 19:17:15 +0100 ++Subject: [PATCH 28/55] ++ 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch ++ ++Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch ++Patch-id: 73 ++Patch-status: | ++ # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 ++From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce ++--- ++ crypto/rsa/rsa_local.h | 8 ++ ++ crypto/rsa/rsa_oaep.c | 34 ++++++-- ++ providers/fips/self_test_data.inc | 79 ++++++++++--------- ++ providers/fips/self_test_kats.c | 7 ++ ++ .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- ++ util/perl/OpenSSL/paramnames.pm | 1 + ++ 6 files changed, 126 insertions(+), 44 deletions(-) ++ ++diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h ++index ea70da05ad..dde57a1a0e 100644 ++--- a/crypto/rsa/rsa_local.h +++++ b/crypto/rsa/rsa_local.h ++@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to ++ int tlen, const unsigned char *from, ++ int flen); ++ +++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, +++ unsigned char *to, int tlen, +++ const unsigned char *from, int flen, +++ const unsigned char *param, +++ int plen, const EVP_MD *md, +++ const EVP_MD *mgf1md, +++ const char *redhat_st_seed); +++ ++ #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ ++diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c ++index b9030440c4..3d665c3860 100644 ++--- a/crypto/rsa/rsa_oaep.c +++++ b/crypto/rsa/rsa_oaep.c ++@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, ++ param, plen, NULL, NULL); ++ } ++ +++#ifdef FIPS_MODULE +++extern int REDHAT_FIPS_asym_cipher_st; +++#endif /* FIPS_MODULE */ +++ ++ /* ++ * Perform the padding as per NIST 800-56B 7.2.2.3 ++ * from (K) is the key material. ++@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, ++ * Step numbers are included here but not in the constant time inverse below ++ * to avoid complicating an already difficult enough function. ++ */ ++-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++- unsigned char *to, int tlen, ++- const unsigned char *from, int flen, ++- const unsigned char *param, ++- int plen, const EVP_MD *md, ++- const EVP_MD *mgf1md) +++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, +++ unsigned char *to, int tlen, +++ const unsigned char *from, int flen, +++ const unsigned char *param, +++ int plen, const EVP_MD *md, +++ const EVP_MD *mgf1md, +++ const char *redhat_st_seed) ++ { ++ int rv = 0; ++ int i, emlen = tlen - 1; ++@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++ db[emlen - flen - mdlen - 1] = 0x01; ++ memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); ++ /* step 3d: generate random byte string */ +++#ifdef FIPS_MODULE +++ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { +++ memcpy(seed, redhat_st_seed, mdlen); +++ } else +++#endif ++ if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) ++ goto err; ++ ++@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++ return rv; ++ } ++ +++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +++ unsigned char *to, int tlen, +++ const unsigned char *from, int flen, +++ const unsigned char *param, +++ int plen, const EVP_MD *md, +++ const EVP_MD *mgf1md) +++{ +++ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, +++ flen, param, plen, md, +++ mgf1md, NULL); +++} +++ ++ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, int plen, ++diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc ++index 4b80bb70b9..c33ecd0791 100644 ++--- a/providers/fips/self_test_data.inc +++++ b/providers/fips/self_test_data.inc ++@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ++ }; ++ ++ /*- ++- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the +++ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the ++ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient ++ * HP/UX PA-RISC compilers. ++ */ ++-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; +++static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; +++static const char oaep_fixed_seed[] = { +++ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, +++ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, +++ 0x2e, 0x4b, 0x2c, 0xe6 +++}; ++ ++ static const ST_KAT_PARAM rsa_enc_params[] = { ++- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), +++ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), +++ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, +++ oaep_fixed_seed), ++ ST_KAT_PARAM_END() ++ }; ++ ++@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = { ++ 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 ++ }; ++ ++-static const unsigned char rsa_asym_plaintext_encrypt[256] = { +++static const unsigned char rsa_asym_plaintext_encrypt[208] = { ++ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, ++ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, ++ }; ++ static const unsigned char rsa_asym_expected_encrypt[256] = { ++- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, ++- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, ++- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, ++- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, ++- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, ++- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, ++- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, ++- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, ++- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, ++- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, ++- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, ++- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, ++- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, ++- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, ++- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, ++- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, ++- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, ++- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, ++- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, ++- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, ++- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, ++- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, ++- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, ++- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, ++- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, ++- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, ++- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, ++- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, ++- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, ++- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, ++- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, ++- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, +++ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, +++ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, +++ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, +++ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, +++ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, +++ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, +++ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, +++ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, +++ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, +++ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, +++ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, +++ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, +++ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, +++ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, +++ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, +++ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, +++ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, +++ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, +++ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, +++ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, +++ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, +++ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, +++ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, +++ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, +++ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, +++ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, +++ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, +++ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, +++ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, +++ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, +++ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, +++ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 ++ }; ++ ++ #ifndef OPENSSL_NO_EC ++diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c ++index f13c41abd6..4ea10670c0 100644 ++--- a/providers/fips/self_test_kats.c +++++ b/providers/fips/self_test_kats.c ++@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) ++ return ret; ++ } ++ +++int REDHAT_FIPS_asym_cipher_st = 0; +++ ++ static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) ++ { ++ int i, ret = 1; ++ +++ REDHAT_FIPS_asym_cipher_st = 1; +++ ++ for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { ++ if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) ++ ret = 0; ++ } +++ +++ REDHAT_FIPS_asym_cipher_st = 0; +++ ++ return ret; ++ } ++ ++diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c ++index d548560f1f..f3443b0c66 100644 ++--- a/providers/implementations/asymciphers/rsa_enc.c +++++ b/providers/implementations/asymciphers/rsa_enc.c ++@@ -30,6 +30,9 @@ ++ #include "prov/implementations.h" ++ #include "prov/providercommon.h" ++ #include "prov/securitycheck.h" +++#ifdef FIPS_MODULE +++# include "crypto/rsa/rsa_local.h" +++#endif ++ ++ #include ++ ++@@ -75,6 +78,9 @@ typedef struct { ++ /* TLS padding */ ++ unsigned int client_version; ++ unsigned int alt_version; +++#ifdef FIPS_MODULE +++ char *redhat_st_oaep_seed; +++#endif /* FIPS_MODULE */ ++ /* PKCS#1 v1.5 decryption mode */ ++ unsigned int implicit_rejection; ++ } PROV_RSA_CTX; ++@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, ++ } ++ } ++ ret = ++- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, +++#ifdef FIPS_MODULE +++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( +++#else +++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( +++#endif +++ prsactx->libctx, tbuf, ++ rsasize, in, inlen, ++ prsactx->oaep_label, ++ prsactx->oaep_labellen, ++ prsactx->oaep_md, ++- prsactx->mgf1_md); +++ prsactx->mgf1_md +++#ifdef FIPS_MODULE +++ , prsactx->redhat_st_oaep_seed +++#endif +++ ); ++ ++ if (!ret) { ++ OPENSSL_free(tbuf); ++@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx) ++ EVP_MD_free(prsactx->oaep_md); ++ EVP_MD_free(prsactx->mgf1_md); ++ OPENSSL_free(prsactx->oaep_label); +++#ifdef FIPS_MODULE +++ OPENSSL_free(prsactx->redhat_st_oaep_seed); +++#endif /* FIPS_MODULE */ ++ ++ OPENSSL_free(prsactx); ++ } ++@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { ++ NULL, 0), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), +++#ifdef FIPS_MODULE +++ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), +++#endif /* FIPS_MODULE */ ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), ++ OSSL_PARAM_END ++ }; ++@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, ++ return known_gettable_ctx_params; ++ } ++ +++#ifdef FIPS_MODULE +++extern int REDHAT_FIPS_asym_cipher_st; +++#endif /* FIPS_MODULE */ +++ ++ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) ++ { ++ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; ++@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) ++ prsactx->oaep_labellen = tmp_labellen; ++ } ++ +++#ifdef FIPS_MODULE +++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); +++ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { +++ void *tmp_oaep_seed = NULL; +++ +++ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) +++ return 0; +++ OPENSSL_free(prsactx->redhat_st_oaep_seed); +++ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; +++ } +++#endif /* FIPS_MODULE */ +++ ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); ++ if (p != NULL) { ++ unsigned int client_version; ++diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm ++index c37ed7815f..70f7c50fe4 100644 ++--- a/util/perl/OpenSSL/paramnames.pm +++++ b/util/perl/OpenSSL/paramnames.pm ++@@ -401,6 +401,7 @@ my %params = ( ++ 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", ++ 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", ++ 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", +++ 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed", ++ ++ # Encoder / decoder parameters ++ ++-- ++2.48.1 ++ +diff --git a/REBASE.txt b/REBASE.txt +new file mode 100644 +index 0000000000..2833a383c1 +--- /dev/null ++++ b/REBASE.txt +@@ -0,0 +1,10 @@ ++0028-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch ++ ++Some asym testing has been dropped upstream, unclear if this needs to survive, ++if so we may need to resurrect deleted code in upstream patch: ++ ++ commit 635bf4946a7e948f26a348ddc3b5a8d282354f64 ++ ++ fips: remove redundant RSA encrypt/decrypt KAT ++-- ++ +-- +2.49.0 + diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0031-FIPS-Deny-SHA-1-signature-verification.patch similarity index 73% rename from 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch rename to 0031-FIPS-Deny-SHA-1-signature-verification.patch index 9991c5c..15ecd81 100644 --- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +++ b/0031-FIPS-Deny-SHA-1-signature-verification.patch @@ -1,7 +1,7 @@ -From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 18 May 2022 17:25:59 +0200 -Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider +From 446e3e1ec006a55206881c5e7e658918e104a972 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 31/50] FIPS: Deny SHA-1 signature verification For RHEL, we already disable SHA-1 signatures by default in the default provider, so it is unexpected that the FIPS provider would have a more @@ -27,112 +27,83 @@ This requires adjusting a few tests that would otherwise fail: the FIPS provider. Signed-off-by: Clemens Lang + +Bug Id: https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/implementations/signature/dsa_sig.c | 4 -- - .../implementations/signature/ecdsa_sig.c | 4 -- - providers/implementations/signature/rsa_sig.c | 8 +-- - test/acvp_test.inc | 20 ------- - .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++ - .../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++- + providers/implementations/signature/dsa_sig.c | 4 +- + .../implementations/signature/ecdsa_sig.c | 4 +- + providers/implementations/signature/rsa_sig.c | 8 ++- + .../30-test_evp_data/evppkey_ecdsa.txt | 11 +++- + .../30-test_evp_data/evppkey_ecdsa_sigalg.txt | 64 ++++++++++++++++--- + .../30-test_evp_data/evppkey_rsa_common.txt | 58 +++++++++++++++-- test/recipes/80-test_cms.t | 4 +- test/recipes/80-test_ssl_old.t | 4 ++ - test/smime-certs/smdh.pem | 18 +++--- - test/smime-certs/smdsa1.pem | 60 +++++++++---------- - test/smime-certs/smdsa2.pem | 60 +++++++++---------- - test/smime-certs/smdsa3.pem | 60 +++++++++---------- - test/smime-certs/smec1.pem | 30 +++++----- - test/smime-certs/smec2.pem | 30 +++++----- - test/smime-certs/smec3.pem | 30 +++++----- - test/smime-certs/smroot.pem | 38 ++++++------ - test/smime-certs/smrsa1.pem | 38 ++++++------ - test/smime-certs/smrsa2.pem | 38 ++++++------ - test/smime-certs/smrsa3.pem | 38 ++++++------ - 19 files changed, 286 insertions(+), 256 deletions(-) + 8 files changed, 130 insertions(+), 27 deletions(-) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index fa3822f39f..c365d7b13a 100644 +index 52ed52482d..0d3050dbe9 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); - int md_nid; - size_t mdname_len = strlen(mdname); --#ifdef FIPS_MODULE -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - int sha1_allowed = 0; --#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); +@@ -187,9 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + } + #ifdef FIPS_MODULE + { +- int sha1_allowed +- = ((ctx->operation +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); ++ int sha1_allowed = 0; + if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), + OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 99b228e82c..44a22832ec 100644 +index 80e4115b69..096d944896 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; - } --#ifdef FIPS_MODULE -- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - sha1_allowed = 0; --#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { +@@ -215,9 +215,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, + + #ifdef FIPS_MODULE + { +- int sha1_allowed +- = ((ctx->operation +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); ++ int sha1_allowed = 0; + + if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), + OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index f66d7705c3..34f45175e8 100644 +index 0e0810f60a..ac3888a1b9 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); - int md_nid; - size_t mdname_len = strlen(mdname); --#ifdef FIPS_MODULE -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - int sha1_allowed = 0; --#endif - md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); +@@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + } + #ifdef FIPS_MODULE + { +- int sha1_allowed +- = ((ctx->operation +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); ++ int sha1_allowed = 0; -@@ -1355,8 +1351,10 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), + OSSL_FIPS_IND_SETTABLE1, +@@ -1796,11 +1794,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (prsactx->md == NULL && pmdname == NULL && pad_mode == RSA_PKCS1_PSS_PADDING) { +#ifdef FIPS_MODULE + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; +#else - pmdname = RSA_DEFAULT_DIGEST_NAME; --#ifndef FIPS_MODULE - if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { + if (ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { + pmdname = RSA_DEFAULT_DIGEST_NAME; + } else { pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; } -diff --git a/test/acvp_test.inc b/test/acvp_test.inc -index ad11d3ae1e..73b24bdb0c 100644 ---- a/test/acvp_test.inc -+++ b/test/acvp_test.inc -@@ -1841,17 +1841,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { - NO_PSS_SALT_LEN, - FAIL - }, -- { -- "x931", -- 3072, -- "SHA1", -- ITM(rsa_sigverx931_0_msg), -- ITM(rsa_sigverx931_0_n), -- ITM(rsa_sigverx931_0_e), -- ITM(rsa_sigverx931_0_sig), -- NO_PSS_SALT_LEN, -- PASS -- }, - { - "x931", - 3072, ++#endif + } + + if (pmgf1mdname != NULL diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -index f36982845d..51e507a61c 100644 +index 06ec905be0..1602f0c521 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC @@ -140,14 +111,14 @@ index f36982845d..51e507a61c 100644 Title = ECDSA tests +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 # Digest too long +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF12345" @@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e @@ -155,7 +126,7 @@ index f36982845d..51e507a61c 100644 # Digest too short +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF123" @@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e @@ -163,7 +134,7 @@ index f36982845d..51e507a61c 100644 # Digest invalid +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1235" @@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e @@ -171,7 +142,7 @@ index f36982845d..51e507a61c 100644 # Invalid signature +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" @@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e @@ -179,7 +150,7 @@ index f36982845d..51e507a61c 100644 # BER signature +Availablein = default - Verify = P-256 + Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 @@ -189,8 +160,151 @@ index f36982845d..51e507a61c 100644 Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" +@@ -237,7 +244,7 @@ Unapproved = 1 + CtrlInit = digest-check:0 + Key = P-256 + Input = "Hello World" +-Result = SIGNATURE_MISMATCH ++Result = DIGESTSIGNINIT_ERROR + + # Test that SHA1 is not allowed in fips mode for signing + FIPSversion = >=3.4.0 +@@ -247,7 +254,7 @@ Unapproved = 1 + CtrlInit = digest-check:0 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +-Result = KEYOP_MISMATCH ++Result = PKEY_CTRL_ERROR + + Title = XOF disallowed + +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt +index 0ff482e4e8..d407ea1ca8 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt +@@ -37,34 +37,34 @@ PrivPubKeyPair = P-256:P-256-PUBLIC + + Title = ECDSA tests + +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + + # Digest too long +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF12345" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + Result = VERIFY_ERROR + + # Digest too short +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF123" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + Result = VERIFY_ERROR + + # Digest invalid +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF1235" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + Result = VERIFY_ERROR + + # Invalid signature +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 +@@ -78,16 +78,64 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # BER signature +-FIPSversion = >=3.4.0 ++Availablein = default + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF1234" + Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 + Result = VERIFY_ERROR + ++Availablein = fips ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF1234" ++Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 ++Result = KEYOP_INIT_ERROR ++ ++# Digest too long ++Availablein = fips ++FIPSversion = >=3.4.0 ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF12345" ++Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 ++Result = KEYOP_INIT_ERROR ++ ++# Digest too short ++Availablein = fips ++FIPSversion = >=3.4.0 ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF123" ++Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 ++Result = KEYOP_INIT_ERROR ++ ++# Digest invalid ++Availablein = fips ++FIPSversion = >=3.4.0 ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF1235" ++Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 ++Result = KEYOP_INIT_ERROR ++ ++# Invalid signature ++Availablein = fips ++FIPSversion = >=3.4.0 ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF1234" ++Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 ++Result = KEYOP_INIT_ERROR ++ ++# BER signature ++Availablein = fips ++FIPSversion = >=3.4.0 ++Verify = ECDSA-SHA1:P-256-PUBLIC ++Input = "0123456789ABCDEF1234" ++Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 ++Result = KEYOP_INIT_ERROR ++ ++Availablein = fips + FIPSversion = >=3.4.0 + Verify = ECDSA-SHA1:P-256-PUBLIC + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 ++Result = KEYOP_INIT_ERROR + + Title = Sign-Message and Verify-Message + +@@ -236,7 +284,7 @@ Securitycheck = 1 + Unapproved = 1 + CtrlInit = digest-check:0 + Input = "Hello World" +-Result = KEYOP_MISMATCH ++Result = KEYOP_INIT_ERROR + + # Test that SHA1 is not allowed in fips mode for signing + Availablein = fips +@@ -246,4 +294,4 @@ Securitycheck = 1 + Unapproved = 1 + CtrlInit = digest-check:0 + Input = "0123456789ABCDEF1234" +-Result = KEYOP_MISMATCH ++Result = KEYOP_INIT_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -index b8d8bb2993..8dd566067b 100644 +index 972e90f32f..61e2b4e3ac 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -96,6 +96,7 @@ NDL6WCBbets= @@ -304,16 +418,17 @@ index b8d8bb2993..8dd566067b 100644 Verify = RSA-2048-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" -@@ -370,6 +385,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" +@@ -939,7 +954,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A # Verify using salt length auto detect +-FIPSversion = <3.4.0 +# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 +Availablein = default Verify = RSA-2048-PUBLIC Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:auto -@@ -404,6 +421,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD +@@ -974,6 +990,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD Result = VERIFY_ERROR # Verify using default parameters, explicitly setting parameters @@ -324,7 +439,7 @@ index b8d8bb2993..8dd566067b 100644 Verify = RSA-PSS-DEFAULT Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:20 -@@ -412,6 +433,7 @@ Input="0123456789ABCDEF0123" +@@ -982,6 +1002,7 @@ Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF # Verify explicitly setting parameters "digest" salt length @@ -332,10 +447,11 @@ index b8d8bb2993..8dd566067b 100644 Verify = RSA-PSS-DEFAULT Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:digest -@@ -420,18 +442,21 @@ Input="0123456789ABCDEF0123" +@@ -990,20 +1011,21 @@ Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF # Verify using salt length larger than minimum +-FIPSversion = <3.4.0 +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:30 @@ -343,6 +459,7 @@ index b8d8bb2993..8dd566067b 100644 Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B # Verify using maximum salt length +-FIPSversion = <3.4.0 +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:max @@ -354,7 +471,7 @@ index b8d8bb2993..8dd566067b 100644 Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:0 Result = PKEY_CTRL_ERROR -@@ -439,21 +464,25 @@ Result = PKEY_CTRL_ERROR +@@ -1011,21 +1033,25 @@ Result = PKEY_CTRL_ERROR # Attempt to change padding mode # Note this used to return PKEY_CTRL_INVALID # but it is limited because setparams only returns 0 or 1. @@ -380,7 +497,7 @@ index b8d8bb2993..8dd566067b 100644 Verify = RSA-PSS-BAD2 Result = KEYOP_INIT_ERROR Reason = invalid salt length -@@ -472,36 +501,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh +@@ -1081,36 +1107,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh 4fINDOjP+yJJvZohNwIDAQAB -----END PUBLIC KEY----- @@ -423,7 +540,7 @@ index b8d8bb2993..8dd566067b 100644 Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 -@@ -517,36 +552,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh +@@ -1126,36 +1158,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== -----END PUBLIC KEY----- @@ -466,7 +583,7 @@ index b8d8bb2993..8dd566067b 100644 Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 -@@ -564,36 +605,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu +@@ -1173,36 +1211,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu BQIDAQAB -----END PUBLIC KEY----- @@ -509,9 +626,9 @@ index b8d8bb2993..8dd566067b 100644 Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 -@@ -1329,11 +1376,13 @@ Title = RSA FIPS tests - - # FIPS tests +@@ -1999,11 +2043,13 @@ Securitycheck = 1 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Result = KEYOP_INIT_ERROR -# Verifying with SHA1 is permitted in fips mode for older applications +# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode @@ -524,11 +641,29 @@ index b8d8bb2993..8dd566067b 100644 # Verifying with a 1024 bit key is permitted in fips mode for older applications DigestVerify = SHA256 +@@ -2019,7 +2065,7 @@ Securitycheck = 1 + Key = RSA-2048 + Input = "Hello" + Result = DIGESTSIGNINIT_ERROR +-Reason = invalid digest ++Reason = digest not allowed + + # Signing with a 1024 bit key is not allowed in fips mode + Availablein = fips +@@ -2085,7 +2131,7 @@ Unapproved = 1 + CtrlInit = digest-check:0 + Key = RSA-2048 + Input = "Hello" +-Result = SIGNATURE_MISMATCH ++Result = DIGESTSIGNINIT_ERROR + + Availablein = fips + FIPSversion = >=3.4.0 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 48a92f735d..34afe91b88 100644 +index d13dceaac5..ece29485f4 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t -@@ -162,7 +162,7 @@ my @smime_pkcs7_tests = ( +@@ -174,7 +174,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -537,7 +672,7 @@ index 48a92f735d..34afe91b88 100644 "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], -@@ -170,7 +170,7 @@ my @smime_pkcs7_tests = ( +@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = ( [ "signed zero-length content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -547,10 +682,10 @@ index 48a92f735d..34afe91b88 100644 \&zero_compare ], diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 8c52b637fc..ff75c5b6ec 100644 +index 568a1ddba4..6332aaec4b 100755 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t -@@ -394,6 +394,9 @@ sub testssl { +@@ -462,6 +462,9 @@ sub testssl { 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } @@ -560,7 +695,7 @@ index 8c52b637fc..ff75c5b6ec 100644 ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), 'test sslv2/sslv3 with server authentication'); ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), -@@ -402,6 +405,7 @@ sub testssl { +@@ -470,6 +473,7 @@ sub testssl { 'test sslv2/sslv3 with both client and server authentication via BIO pair'); ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); @@ -568,3 +703,6 @@ index 8c52b637fc..ff75c5b6ec 100644 SKIP: { skip "No IPv4 available on this machine", 4 +-- +2.49.0 + diff --git a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch new file mode 100644 index 0000000..532719c --- /dev/null +++ b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch @@ -0,0 +1,172 @@ +From f33528e229063b98748943d2fddaf83426fcb8eb Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 32/50] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW + +providers/implementations/rands/crngt.c is gone + +Patch-name: 0076-FIPS-140-3-DRBG.patch +Patch-id: 76 +Patch-status: | + # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/rand/prov_seed.c | 9 ++- + providers/implementations/rands/drbg.c | 11 ++- + providers/implementations/rands/drbg_local.h | 2 +- + .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- + 4 files changed, 23 insertions(+), 67 deletions(-) + +diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c +index 2985c7f2d8..3202a28226 100644 +--- a/crypto/rand/prov_seed.c ++++ b/crypto/rand/prov_seed.c +@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx, + size_t entropy_available; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); + return 0; +diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c +index 4925a3b400..1cdb67b22c 100644 +--- a/providers/implementations/rands/drbg.c ++++ b/providers/implementations/rands/drbg.c +@@ -559,6 +559,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg, + #endif + } + ++#ifdef FIPS_MODULE ++ prediction_resistance = 1; ++#endif + /* Reseed using our sources in addition */ + entropylen = get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, drbg->max_entropylen, +@@ -680,8 +683,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, + reseed_required = 1; + } + if (drbg->parent != NULL +- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) ++ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { ++#ifdef FIPS_MODULE ++ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/ ++ drbg->parent_reseed_counter = get_parent_reseed_count(drbg); ++#else + reseed_required = 1; ++#endif ++ } + + if (reseed_required || prediction_resistance) { + if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, +diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h +index e591e0b3d1..c7cafba1ea 100644 +--- a/providers/implementations/rands/drbg_local.h ++++ b/providers/implementations/rands/drbg_local.h +@@ -39,7 +39,7 @@ + * + * The value is in bytes. + */ +-#define CRNGT_BUFSIZ 16 ++#define CRNGT_BUFSIZ 32 + + /* + * Maximum input size for the DRBG (entropy, nonce, personalization string) +diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c +index c3a5d8b3bf..b7b34a9345 100644 +--- a/providers/implementations/rands/seeding/rand_unix.c ++++ b/providers/implementations/rands/seeding/rand_unix.c +@@ -53,6 +53,8 @@ + # include + # include + # include ++# include ++# include + + static uint64_t get_time_stamp(void); + +@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) + * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion + * between size_t and ssize_t is safe even without a range check. + */ +- +- /* +- * Do runtime detection to find getentropy(). +- * +- * Known OSs that should support this: +- * - Darwin since 16 (OSX 10.12, IOS 10.0). +- * - Solaris since 11.3 +- * - OpenBSD since 5.6 +- * - Linux since 3.17 with glibc 2.25 +- * +- * Note: Sometimes getentropy() can be provided but not implemented +- * internally. So we need to check errno for ENOSYS +- */ +-# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__) +-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); +- +- if (getentropy != NULL) { +- if (getentropy(buf, buflen) == 0) +- return (ssize_t)buflen; +- if (errno != ENOSYS) +- return -1; +- } +-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +- +- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) +- return (ssize_t)buflen; +- +- return -1; +-# else +- union { +- void *p; +- int (*f)(void *buffer, size_t length); +- } p_getentropy; +- +- /* +- * We could cache the result of the lookup, but we normally don't +- * call this function often. +- */ +- ERR_set_mark(); +- p_getentropy.p = DSO_global_lookup("getentropy"); +- ERR_pop_to_mark(); +- if (p_getentropy.p != NULL) +- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; +-# endif +-# endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */ +- +- /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) +- return syscall(__NR_getrandom, buf, buflen, 0); +-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ +- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \ +- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) +- return getrandom(buf, buflen, 0); +-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +- return sysctl_random(buf, buflen); +-# elif defined(__wasi__) +- if (getentropy(buf, buflen) == 0) +- return (ssize_t)buflen; +- return -1; +-# else +- errno = ENOSYS; +- return -1; +-# endif ++ /* Red Hat uses downstream patch to always seed from getrandom() */ ++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); + } + # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + +-- +2.49.0 + diff --git a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch similarity index 94% rename from 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch rename to 0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch index 4308f5e..140b42b 100644 --- a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +++ b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch @@ -1,26 +1,40 @@ -From 936e081bd752ca0a883568aaf3b5752c9eaccb12 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:38:21 +0200 -Subject: [PATCH 36/48] - 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +From c5a417c02dc6f50b8886eac366650c0f0bee38a0 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 33/50] FIPS: RAND: Forbid truncated hashes & SHA-3 -Patch-name: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch -Patch-id: 80 -Patch-status: | - # We believe that some changes present in CentOS are not necessary - # because ustream has a check for FIPS version +Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs" +of the Implementation Guidance for FIPS 140-3 [1] notes that there is no +efficiency improvement when using truncated hash functions (i.e. SHA-224 +rather than SHA-256 or SHA-384, SHA-512/224, or SHA512/256 rather than +SHA-512). Starting on 2023-05-16, all submissions to NIST's +Cryptographic Module Validation Program shall only use SHA-1, SHA-256, +or SHA-512. + +NIST further notes that the same will apply for the truncated versions +of SHA-3, i.e. SHA3-224 and SHA3-384, and that SHA-3 should currently +not be used. + +Adjust tests to only run Hash-DRBG and HMAC-DRBG tests with truncated +algorithms in the default provider. + +[1]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf + +Signed-off-by: Clemens Lang + +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- providers/implementations/rands/drbg_hash.c | 12 ++ providers/implementations/rands/drbg_hmac.c | 12 ++ - test/recipes/30-test_evp_data/evprand.txt | 129 ++++++++++++++++++++ - 3 files changed, 153 insertions(+) + test/recipes/30-test_evp_data/evprand.txt | 197 ++++++++++++++++---- + 3 files changed, 187 insertions(+), 34 deletions(-) diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c -index fb824abfa6..b90fee6dec 100644 +index 8bb831ae35..cedf5c3894 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c -@@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - if (!ossl_drbg_verify_digest(libctx, md)) +@@ -579,6 +579,18 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] + if (!ossl_drbg_verify_digest(ctx, libctx, md)) return 0; /* Error already raised for us */ +#ifdef FIPS_MODULE @@ -36,14 +50,14 @@ index fb824abfa6..b90fee6dec 100644 +#endif /* defined(FIPS_MODULE) */ + /* These are taken from SP 800-90 10.1 Table 2 */ - hash->blocklen = EVP_MD_get_size(md); - /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ + md_size = EVP_MD_get_size(md); + if (md_size <= 0) diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c -index 664a074639..cbd4d0f519 100644 +index 43b3f8766e..64b7610cd1 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c -@@ -367,6 +367,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - if (md != NULL && !ossl_drbg_verify_digest(libctx, md)) +@@ -505,6 +505,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] + if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md)) return 0; /* Error already raised for us */ +#ifdef FIPS_MODULE @@ -58,11 +72,11 @@ index 664a074639..cbd4d0f519 100644 + } +#endif /* defined(FIPS_MODULE) */ + - if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params, - NULL, NULL, NULL, libctx)) - return 0; + if (md != NULL && hmac->ctx != NULL) { + /* These are taken from SP 800-90 10.1 Table 2 */ + md_size = EVP_MD_get_size(md); diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt -index 0e2ee82c58..7a17e7b3e1 100644 +index 9756859c0e..9baecf6f31 100644 --- a/test/recipes/30-test_evp_data/evprand.txt +++ b/test/recipes/30-test_evp_data/evprand.txt @@ -7388,6 +7388,7 @@ Nonce.14 = 7239f92b63fb3dbe @@ -1097,6 +1111,85 @@ index 0e2ee82c58..7a17e7b3e1 100644 RAND = HMAC-DRBG Digest = SHA-512 PredictionResistance = 1 +@@ -79795,29 +79924,29 @@ Result = EVP_RAND_CTX_set_params + + Title = Test FIPS indicator callbacks for truncated digests + +-Availablein = fips +-FIPSversion = >=3.4.0 +-RAND = HASH-DRBG +-Digest = SHA2-224 +-PredictionResistance = 0 +-GenerateBits = 16 +-Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 +-Nonce.0 = 15e32abbae6b7433 +-Output.0 = 5af6 +-Result = EVP_RAND_CTX_set_params +-Reason = digest not allowed +- +-Availablein = fips +-FIPSversion = >=3.4.0 +-RAND = HASH-DRBG +-Unapproved = 1 +-CtrlInit = digest-check:0 +-Digest = SHA2-224 +-PredictionResistance = 0 +-GenerateBits = 16 +-Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 +-Nonce.0 = 15e32abbae6b7433 +-Output.0 = 5af6 ++#Availablein = fips ++#FIPSversion = >=3.4.0 ++#RAND = HASH-DRBG ++#Digest = SHA2-224 ++#PredictionResistance = 0 ++#GenerateBits = 16 ++#Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 ++#Nonce.0 = 15e32abbae6b7433 ++#Output.0 = 5af6 ++#Result = EVP_RAND_CTX_set_params ++#Reason = digest not allowed ++ ++#Availablein = fips ++#FIPSversion = >=3.4.0 ++#RAND = HASH-DRBG ++#Unapproved = 1 ++#CtrlInit = digest-check:0 ++#Digest = SHA2-224 ++#PredictionResistance = 0 ++#GenerateBits = 16 ++#Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 ++#Nonce.0 = 15e32abbae6b7433 ++#Output.0 = 5af6 + + Availablein = fips + FIPSversion = >=3.4.0 +@@ -79831,14 +79960,14 @@ Output.0 = ee9f + Result = EVP_RAND_CTX_set_params + Reason = digest not allowed + +-Availablein = fips +-FIPSversion = >=3.4.0 +-RAND = HMAC-DRBG +-Unapproved = 1 +-CtrlInit = digest-check:0 +-Digest = SHA2-384 +-PredictionResistance = 0 +-GenerateBits = 16 +-Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67 +-Nonce.0 = 15e32abbae6b7433 +-Output.0 = ee9f ++#Availablein = fips ++#FIPSversion = >=3.4.0 ++#RAND = HMAC-DRBG ++#Unapproved = 1 ++#CtrlInit = digest-check:0 ++#Digest = SHA2-384 ++#PredictionResistance = 0 ++#GenerateBits = 16 ++#Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67 ++#Nonce.0 = 15e32abbae6b7433 ++#Output.0 = ee9f -- -2.41.0 +2.49.0 diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch deleted file mode 100644 index 0bf3b2d..0000000 --- a/0033-FIPS-embed-hmac.patch +++ /dev/null @@ -1,396 +0,0 @@ -From 831d0025257fd3746ab3fe30c05dbbfc0043f78e Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 16/49] 0033-FIPS-embed-hmac.patch - -Patch-name: 0033-FIPS-embed-hmac.patch -Patch-id: 33 -Patch-status: | - # # Embed HMAC into the fips.so - # Modify fips self test as per - # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a -From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce ---- - providers/fips/self_test.c | 204 ++++++++++++++++++++++++-- - test/fipsmodule.cnf | 2 + - test/recipes/00-prep_fipsmodule_cnf.t | 2 +- - test/recipes/01-test_fipsmodule_cnf.t | 2 +- - test/recipes/03-test_fipsinstall.t | 2 +- - test/recipes/30-test_defltfips.t | 2 +- - test/recipes/80-test_ssl_new.t | 2 +- - test/recipes/90-test_sslapi.t | 2 +- - 8 files changed, 200 insertions(+), 18 deletions(-) - create mode 100644 test/fipsmodule.cnf - -diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index b8dc9817b2..28f536d13c 100644 ---- a/providers/fips/self_test.c -+++ b/providers/fips/self_test.c -@@ -230,11 +230,133 @@ err: - return ok; - } - -+#define HMAC_LEN 32 -+/* -+ * The __attribute__ ensures we've created the .rodata1 section -+ * static ensures it's zero filled -+*/ -+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; -+ - /* - * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify - * the result matches the expected value. - * Return 1 if verified, or 0 if it fails. - */ -+ -+#ifndef __USE_GNU -+#define __USE_GNU -+#include -+#undef __USE_GNU -+#else -+#include -+#endif -+#include -+ -+static int verify_integrity_rodata(OSSL_CORE_BIO *bio, -+ OSSL_FUNC_BIO_read_ex_fn read_ex_cb, -+ unsigned char *expected, size_t expected_len, -+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -+ const char *event_type) -+{ -+ int ret = 0, status; -+ unsigned char out[MAX_MD_SIZE]; -+ unsigned char buf[INTEGRITY_BUF_SIZE]; -+ size_t bytes_read = 0, out_len = 0; -+ EVP_MAC *mac = NULL; -+ EVP_MAC_CTX *ctx = NULL; -+ OSSL_PARAM params[2], *p = params; -+ Dl_info info; -+ void *extra_info = NULL; -+ struct link_map *lm = NULL; -+ unsigned long paddr; -+ unsigned long off = 0; -+ -+ if (expected_len != HMAC_LEN) -+ goto err; -+ -+ if (!integrity_self_test(ev, libctx)) -+ goto err; -+ -+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); -+ -+ if (!dladdr1 ((const void *)fips_hmac_container, -+ &info, &extra_info, RTLD_DL_LINKMAP)) -+ goto err; -+ lm = extra_info; -+ paddr = (unsigned long)fips_hmac_container - lm->l_addr; -+ -+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); -+ if (mac == NULL) -+ goto err; -+ ctx = EVP_MAC_CTX_new(mac); -+ if (ctx == NULL) -+ goto err; -+ -+ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0); -+ *p = OSSL_PARAM_construct_end(); -+ -+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) -+ goto err; -+ -+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ if (off < paddr) { -+ int delta = paddr - off; -+ status = read_ex_cb(bio, buf, delta, &bytes_read); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ /* read away the buffer */ -+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); -+ if (status != 1) -+ goto err; -+ -+ /* check that it is the expect bytes, no point in continuing otherwise */ -+ if (memcmp(expected, buf, HMAC_LEN) != 0) -+ goto err; -+ -+ /* replace in-file HMAC buffer with the original zeros */ -+ memset(buf, 0, HMAC_LEN); -+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) -+ goto err; -+ off += HMAC_LEN; -+ -+ while (bytes_read > 0) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) -+ goto err; -+ -+ OSSL_SELF_TEST_oncorrupt_byte(ev, out); -+ if (expected_len != out_len -+ || memcmp(expected, out, out_len) != 0) -+ goto err; -+ ret = 1; -+err: -+ OPENSSL_cleanse(out, MAX_MD_SIZE); -+ OSSL_SELF_TEST_onend(ev, ret); -+ EVP_MAC_CTX_free(ctx); -+ EVP_MAC_free(mac); -+ return ret; -+} -+ - static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, - unsigned char *expected, size_t expected_len, - OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -247,12 +369,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex - EVP_MAC *mac = NULL; - EVP_MAC_CTX *ctx = NULL; - OSSL_PARAM params[2], *p = params; -+ Dl_info info; -+ void *extra_info = NULL; -+ struct link_map *lm = NULL; -+ unsigned long paddr; -+ unsigned long off = 0; - - if (!integrity_self_test(ev, libctx)) - goto err; - - OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); - -+ if (!dladdr1 ((const void *)fips_hmac_container, -+ &info, &extra_info, RTLD_DL_LINKMAP)) -+ goto err; -+ lm = extra_info; -+ paddr = (unsigned long)fips_hmac_container - lm->l_addr; -+ - mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - if (mac == NULL) - goto err; -@@ -266,13 +399,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex - if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) - goto err; - -- while (1) { -- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); -+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); - if (status != 1) - break; - if (!EVP_MAC_update(ctx, buf, bytes_read)) - goto err; -+ off += bytes_read; - } -+ -+ if (off + INTEGRITY_BUF_SIZE > paddr) { -+ int delta = paddr - off; -+ status = read_ex_cb(bio, buf, delta, &bytes_read); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ -+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); -+ memset(buf, 0, HMAC_LEN); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ while (bytes_read > 0) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ - if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) - goto err; - -@@ -282,6 +444,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex - goto err; - ret = 1; - err: -+ OPENSSL_cleanse(out, sizeof(out)); - OSSL_SELF_TEST_onend(ev, ret); - EVP_MAC_CTX_free(ctx); - EVP_MAC_free(mac); -@@ -335,8 +498,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - return 0; - } - -- if (st == NULL -- || st->module_checksum_data == NULL) { -+ if (st == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); - goto end; - } -@@ -345,8 +507,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - if (ev == NULL) - goto end; - -- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, -- &checksum_len); -+ if (st->module_checksum_data == NULL) { -+ module_checksum = fips_hmac_container; -+ checksum_len = sizeof(fips_hmac_container); -+ } else { -+ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, -+ &checksum_len); -+ } -+ - if (module_checksum == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); - goto end; -@@ -354,14 +522,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); - - /* Always check the integrity of the fips module */ -- if (bio_module == NULL -- || !verify_integrity(bio_module, st->bio_read_ex_cb, -- module_checksum, checksum_len, st->libctx, -- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ if (bio_module == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); - goto end; - } -- -+ if (st->module_checksum_data == NULL) { -+ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb, -+ module_checksum, checksum_len, -+ st->libctx, ev, -+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); -+ goto end; -+ } -+ } else { -+ if (!verify_integrity(bio_module, st->bio_read_ex_cb, -+ module_checksum, checksum_len, -+ st->libctx, ev, -+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); -+ goto end; -+ } -+ } - /* This will be NULL during installation - so the self test KATS will run */ - if (st->indicator_data != NULL) { - /* -@@ -420,7 +601,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - end: - EVP_RAND_free(testrand); - OSSL_SELF_TEST_free(ev); -- OPENSSL_free(module_checksum); - OPENSSL_free(indicator_checksum); - - if (st != NULL) { -diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf -new file mode 100644 -index 0000000000..f05d0dedbe ---- /dev/null -+++ b/test/fipsmodule.cnf -@@ -0,0 +1,2 @@ -+[fips_sect] -+activate = 1 -diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t -index 4e3a6d85e8..e8255ba974 100644 ---- a/test/recipes/00-prep_fipsmodule_cnf.t -+++ b/test/recipes/00-prep_fipsmodule_cnf.t -@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --my $no_check = disabled("fips"); -+my $no_check = 1; - plan skip_all => "FIPS module config file only supported in a fips build" - if $no_check; - -diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t -index ce594817d5..00cebacff8 100644 ---- a/test/recipes/01-test_fipsmodule_cnf.t -+++ b/test/recipes/01-test_fipsmodule_cnf.t -@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --my $no_check = disabled("fips"); -+my $no_check = 1; - plan skip_all => "Test only supported in a fips build" - if $no_check; - plan tests => 1; -diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t -index b8b136d110..8242f4ebc3 100644 ---- a/test/recipes/03-test_fipsinstall.t -+++ b/test/recipes/03-test_fipsinstall.t -@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --plan skip_all => "Test only supported in a fips build" if disabled("fips"); -+plan skip_all => "Test only supported in a fips build" if 1; - - # Compatible options for pedantic FIPS compliance - my @pedantic_okay = -diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t -index c8f145405b..56a2ec5dc4 100644 ---- a/test/recipes/30-test_defltfips.t -+++ b/test/recipes/30-test_defltfips.t -@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); - plan skip_all => "Configuration loading is turned off" - if disabled("autoload-config"); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - - plan tests => - ($no_fips ? 1 : 5); -diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t -index 195b85ea8c..92d48dbf7d 100644 ---- a/test/recipes/80-test_ssl_new.t -+++ b/test/recipes/80-test_ssl_new.t -@@ -27,7 +27,7 @@ setup("test_ssl_new"); - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - - $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); - -diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t -index 18d9f3d204..71780d8caa 100644 ---- a/test/recipes/90-test_sslapi.t -+++ b/test/recipes/90-test_sslapi.t -@@ -17,7 +17,7 @@ setup("test_sslapi"); - setup("test_sslapi"); - } - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - my $fipsmodcfg_filename = "fipsmodule.cnf"; - my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); - --- -2.44.0 - diff --git a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch new file mode 100644 index 0000000..a9e94ce --- /dev/null +++ b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch @@ -0,0 +1,121 @@ +From 07db6d2bc68c37db2c8b00225c42e3c2e3c8b6cc Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 34/50] FIPS: PBKDF2: Set minimum password length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The Implementation Guidance for FIPS 140-3 says in section D.N +"Password-Based Key Derivation for Storage Applications" that "the +vendor shall document in the module’s Security Policy the length of +a password/passphrase used in key derivation and establish an upper +bound for the probability of having this parameter guessed at random. +This probability shall take into account not only the length of the +password/passphrase, but also the difficulty of guessing it. The +decision on the minimum length of a password used for key derivation is +the vendor’s, but the vendor shall at a minimum informally justify the +decision." + +We are choosing a minimum password length of 8 bytes, because NIST's +ACVP testing uses passwords as short as 8 bytes, and requiring longer +passwords combined with an implicit indicator (i.e., returning an error) +would cause the module to fail ACVP testing. + +Signed-off-by: Clemens Lang + +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + providers/implementations/kdfs/pbkdf2.c | 39 +++++++++++++++++++++---- + 1 file changed, 33 insertions(+), 6 deletions(-) + +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index b383314064..68f9355b7d 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -36,6 +36,21 @@ + #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF + #define KDF_PBKDF2_MIN_ITERATIONS 1000 + #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) ++/* The Implementation Guidance for FIPS 140-3 says in section D.N ++ * "Password-Based Key Derivation for Storage Applications" that "the vendor ++ * shall document in the module’s Security Policy the length of ++ * a password/passphrase used in key derivation and establish an upper bound ++ * for the probability of having this parameter guessed at random. This ++ * probability shall take into account not only the length of the ++ * password/passphrase, but also the difficulty of guessing it. The decision on ++ * the minimum length of a password used for key derivation is the vendor’s, ++ * but the vendor shall at a minimum informally justify the decision." ++ * ++ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP ++ * testing uses passwords as short as 8 bytes, and requiring longer passwords ++ * combined with an implicit indicator (i.e., returning an error) would cause ++ * the module to fail ACVP testing. */ ++#define KDF_PBKDF2_MIN_PASSWORD_LEN (8) + + static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; + static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup; +@@ -179,8 +194,8 @@ static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, + } + + static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter, +- size_t keylen, int *error, +- const char **desc) ++ size_t keylen, size_t passlen, ++ int *error, const char **desc) + { + if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { + *error = PROV_R_KEY_SIZE_TOO_SMALL; +@@ -200,7 +215,12 @@ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter, + *desc = "Iteration count"; + return 0; + } +- ++ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ *error = PROV_R_INVALID_INPUT_LENGTH; ++ if (desc != NULL) ++ *desc = "Password length"; ++ return 0; ++ } + return 1; + } + +@@ -211,7 +231,8 @@ static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen) + int error = 0; + const char *desc = NULL; + int approved = pbkdf2_lower_bound_check_passed(ctx->salt_len, ctx->iter, +- keylen, &error, &desc); ++ keylen, ctx->pass_len, ++ &error, &desc); + + if (!approved) { + if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx, +@@ -283,9 +304,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + #endif + } + +- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) ++ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) { ++ if (ctx->lower_bound_checks != 0 ++ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } + if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p)) + return 0; ++ } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { + if (ctx->lower_bound_checks != 0 +@@ -406,7 +433,7 @@ static int pbkdf2_derive(KDF_PBKDF2 *ctx, const char *pass, size_t passlen, + if (lower_bound_checks) { + int error = 0; + int passed = pbkdf2_lower_bound_check_passed(saltlen, iter, keylen, +- &error, NULL); ++ passlen, &error, NULL); + + if (!passed) { + ERR_raise(ERR_LIB_PROV, error); +-- +2.49.0 + diff --git a/0035-FIPS-DH-PCT.patch b/0035-FIPS-DH-PCT.patch new file mode 100644 index 0000000..f4ebd31 --- /dev/null +++ b/0035-FIPS-DH-PCT.patch @@ -0,0 +1,73 @@ +From 4201d6a3b23e14885f2703c705166c68db6351ab Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 24 Mar 2025 10:49:00 -0400 +Subject: [PATCH 35/50] FIPS: DH: PCT + +Signed-off-by: Simo Sorce +--- + crypto/dh/dh_key.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 7132b9b68e..189bfc3e8b 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + BN_MONT_CTX *mont = NULL; + BIGNUM *z = NULL, *pminus1; + int ret = -1; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -60,6 +63,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + return 0; + } + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ return 0; ++ } ++#endif ++ + ctx = BN_CTX_new_ex(dh->libctx); + if (ctx == NULL) + goto err; +@@ -271,6 +281,9 @@ static int generate_key(DH *dh) + #endif + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -369,8 +382,21 @@ static int generate_key(DH *dh) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->pub_key = pub_key; + dh->priv_key = priv_key; ++#ifdef FIPS_MODULE ++ if (ossl_dh_check_pairwise(dh) <= 0) { ++ abort(); ++ } ++#endif ++ + dh->dirty_cnt++; + ok = 1; + err: +-- +2.49.0 + diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch deleted file mode 100644 index d52d5e1..0000000 --- a/0035-speed-skip-unavailable-dgst.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch - -Patch-name: 0035-speed-skip-unavailable-dgst.patch -Patch-id: 35 -Patch-status: | - # Skip unavailable algorithms running `openssl speed` -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - apps/speed.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/apps/speed.c b/apps/speed.c -index d527f12f18..2ff3eb53bd 100644 ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args) - for (count = 0; COND(c[algindex][testnum]); count++) { - size_t outl; - -+ if (mctx == NULL) -+ return -1; -+ - if (!EVP_MAC_init(mctx, NULL, 0, NULL) - || !EVP_MAC_update(mctx, buf, lengths[testnum]) - || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) --- -2.41.0 - diff --git a/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch similarity index 86% rename from 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch rename to 0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch index c92d417..c86fcaa 100644 --- a/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +++ b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch @@ -1,11 +1,29 @@ -From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:07:18 +0200 -Subject: [PATCH 43/48] - 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +From ea3020727f873e14b4ee4c7f94dfa038d4777319 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 36/50] FIPS: DH: Disable FIPS 186-4 type parameters -Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch -Patch-id: 93 +For DH parameter and key pair generation/verification, the DSA +procedures specified in FIPS 186-4 are used. With the release of FIPS +186-5 and the removal of DSA, the approved status of these groups is in +peril. Once the transition for DSA ends (this transition will be 1 year +long and start once CMVP has published the guidance), no more +submissions claiming DSA will be allowed. Hence, FIPS 186-type +parameters will also be automatically non-approved. + +In the FIPS provider, disable validation of any DH parameters that are +not well-known groups, and remove DH parameter generation completely. + +Adjust tests to use well-known groups or larger DH groups where this +change would now cause failures, and skip tests that are expected to +fail due to this change. + +Related: rhbz#2169757, rhbz#2169757 +Signed-off-by: Clemens Lang + +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce + +NOTE: Dropped changes in test/recipes/80-test_cms.t --- crypto/dh/dh_backend.c | 10 ++++ crypto/dh/dh_check.c | 12 ++-- @@ -17,15 +35,14 @@ Patch-id: 93 test/evp_libctx_test.c | 2 +- test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++ test/helpers/predefined_dhparams.h | 1 + - test/recipes/80-test_cms.t | 4 +- test/recipes/80-test_ssl_old.t | 3 + - 12 files changed, 118 insertions(+), 20 deletions(-) + 11 files changed, 116 insertions(+), 18 deletions(-) diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c -index 726843fd30..24c65ca84f 100644 +index 1aaa88daca..aa3a491799 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c -@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) +@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) if (!dh_ffc_params_fromdata(dh, params)) return 0; @@ -43,7 +60,7 @@ index 726843fd30..24c65ca84f 100644 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); if (param_priv_len != NULL diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index 0b391910d6..75581ca347 100644 +index ae23f61839..6e30a9b735 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret) @@ -68,7 +85,7 @@ index 0b391910d6..75581ca347 100644 #else int DH_check_params(const DH *dh, int *ret) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c -index 204662a81c..9961f21920 100644 +index b73bfb7f3b..275ce2c1af 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, @@ -101,10 +118,10 @@ index 204662a81c..9961f21920 100644 dh->dirty_cnt++; return ret; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 83773cceea..7e988368d3 100644 +index 189bfc3e8b..023d628502 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c -@@ -321,8 +321,12 @@ static int generate_key(DH *dh) +@@ -336,8 +336,12 @@ static int generate_key(DH *dh) goto err; } else { #ifdef FIPS_MODULE @@ -119,7 +136,7 @@ index 83773cceea..7e988368d3 100644 #else if (dh->params.q == NULL) { /* secret exponent length, must satisfy 2^(l-1) <= p */ -@@ -343,9 +347,7 @@ static int generate_key(DH *dh) +@@ -358,9 +362,7 @@ static int generate_key(DH *dh) if (!BN_clear_bit(priv_key, 0)) goto err; } @@ -130,7 +147,7 @@ index 83773cceea..7e988368d3 100644 /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, NULL)) -@@ -361,6 +363,7 @@ static int generate_key(DH *dh) +@@ -376,6 +378,7 @@ static int generate_key(DH *dh) priv_key)) goto err; } @@ -139,10 +156,10 @@ index 83773cceea..7e988368d3 100644 } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c -index f201eede0d..30f90d15be 100644 +index c11ada9826..e279e9d60d 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c -@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, +@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, prime_len, subprime_len, &res, pcb); else @@ -164,10 +181,10 @@ index f201eede0d..30f90d15be 100644 DH_free(ret); return NULL; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c -index 9a7dde7c66..b3e7bca5ac 100644 +index c2ee859355..51c21e436f 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c -@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype) +@@ -420,6 +420,11 @@ static int dh_validate(const void *keydata, int selection, int checktype) if ((selection & DH_POSSIBLE_SELECTIONS) == 0) return 1; /* nothing to validate */ @@ -180,10 +197,10 @@ index 9a7dde7c66..b3e7bca5ac 100644 /* * Both of these functions check parameters. DH_check_params_ex() diff --git a/test/endecode_test.c b/test/endecode_test.c -index 53385028fc..169f3ccd73 100644 +index 85c84f6592..d2ff9e6eb6 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) +@@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) * for testing only. Use a minimum key size of 2048 for security purposes. */ if (strcmp(type, "DH") == 0) @@ -197,10 +214,10 @@ index 53385028fc..169f3ccd73 100644 /* diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index a7913cda4c..96a35ac1cc 100644 +index 039fca9bb0..2838f343bd 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c -@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) +@@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) @@ -294,28 +311,11 @@ index f0e8709062..2ff6d6e721 100644 EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct); EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 2a459856f0..afac836fa3 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -627,10 +627,10 @@ my @smime_cms_param_tests = ( - ], - - [ "enveloped content test streaming S/MIME format, X9.42 DH", -- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, -+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, - "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], -- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), -+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "{output}.cms", "-out", "{output}.txt" ], - \&final_compare - ] diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 527abcea6e..e1d38b1e62 100644 +index 6332aaec4b..4d8c900c00 100755 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t -@@ -390,6 +390,9 @@ sub testssl { +@@ -458,6 +458,9 @@ sub testssl { skip "skipping dhe1024dsa test", 1 if ($no_dh); @@ -326,5 +326,5 @@ index 527abcea6e..e1d38b1e62 100644 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } -- -2.41.0 +2.49.0 diff --git a/0114-FIPS-enforce-EMS-support.patch b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch similarity index 54% rename from 0114-FIPS-enforce-EMS-support.patch rename to 0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch index fd1e90e..2415b7b 100644 --- a/0114-FIPS-enforce-EMS-support.patch +++ b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch @@ -1,32 +1,34 @@ -From 9b02ad7225b74a5b9088b361caead0a41e570e93 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:40:56 +0200 -Subject: [PATCH 48/48] 0114-FIPS-enforce-EMS-support.patch +From 39afccf3c978a35d1a2d3ebd072d3d1a7a0d0e09 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 37/50] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE + +NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code +change the option to enforce it seem to be available only in FIPS build Patch-name: 0114-FIPS-enforce-EMS-support.patch Patch-id: 114 Patch-status: | - # We believe that some changes present in CentOS are not necessary - # because ustream has a check for FIPS version + # # We believe that some changes present in CentOS are not necessary + # # because ustream has a check for FIPS version +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - doc/man3/SSL_CONF_cmd.pod | 3 +++ - doc/man5/fips_config.pod | 13 +++++++++++ - include/openssl/fips_names.h | 8 +++++++ - include/openssl/ssl.h.in | 1 + - providers/fips/fipsprov.c | 2 +- - providers/implementations/kdfs/tls1_prf.c | 22 +++++++++++++++++++ - ssl/ssl_conf.c | 1 + - ssl/statem/extensions_srvr.c | 8 ++++++- - ssl/t1_enc.c | 11 ++++++++-- - .../30-test_evp_data/evpkdf_tls12_prf.txt | 10 +++++++++ - test/sslapitest.c | 2 +- - 11 files changed, 76 insertions(+), 5 deletions(-) + doc/man3/SSL_CONF_cmd.pod | 3 +++ + doc/man5/fips_config.pod | 13 +++++++++++++ + include/openssl/ssl.h.in | 1 + + providers/fips/include/fips_indicator_params.inc | 2 +- + ssl/ssl_conf.c | 1 + + ssl/statem/extensions_srvr.c | 8 +++++++- + ssl/t1_enc.c | 11 +++++++++-- + test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 10 ++++++++++ + test/sslapitest.c | 2 +- + 9 files changed, 46 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod -index ae6ca43282..b83c04a308 100644 +index e2c1e69847..009b683b27 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod -@@ -524,6 +524,9 @@ B: use extended master secret extension, enabled by +@@ -621,6 +621,9 @@ B: use extended master secret extension, enabled by default. Inverse of B: that is, B<-ExtendedMasterSecret> is the same as setting B. @@ -37,12 +39,12 @@ index ae6ca43282..b83c04a308 100644 default. Inverse of B: that is, B<-CANames> is the same as setting B. diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod -index 1c15e32a5c..f2cedaf88d 100644 +index 15748c5756..34cbfbb2ad 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod -@@ -15,6 +15,19 @@ for more information. - - This functionality was added in OpenSSL 3.0. +@@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the + environment variable B is set. See the documentation + for more information. +Red Hat Enterprise Linux uses a supplementary config for FIPS module located in +OpenSSL configuration directory and managed by crypto policies. If present, it @@ -59,31 +61,12 @@ index 1c15e32a5c..f2cedaf88d 100644 + =head1 COPYRIGHT - Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. -diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h -index 5c77f6d691..8cdd5a6bf7 100644 ---- a/include/openssl/fips_names.h -+++ b/include/openssl/fips_names.h -@@ -70,6 +70,14 @@ extern "C" { - */ - # define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" - -+/* -+ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed. -+ * This is disabled by default. -+ * -+ * Type: OSSL_PARAM_UTF8_STRING -+ */ -+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" -+ - # ifdef __cplusplus - } - # endif + Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index 0b6de603e2..26a69ca282 100644 +index 0b2232b01c..99b2ad4eb3 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -415,6 +415,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); +@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * interoperability with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) @@ -91,84 +74,42 @@ index 0b6de603e2..26a69ca282 100644 /* * Disable RFC8879 certificate compression * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 5ff9872bd8..eb9653a9df 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) - if (fgbl == NULL) - return NULL; - init_fips_option(&fgbl->fips_security_checks, 1); -- init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */ -+ init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */ - init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); - return fgbl; - } -diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c -index 25a6c79a2e..79bc7a9719 100644 ---- a/providers/implementations/kdfs/tls1_prf.c -+++ b/providers/implementations/kdfs/tls1_prf.c -@@ -131,6 +131,7 @@ static void *kdf_tls1_prf_new(void *provctx) - static void kdf_tls1_prf_free(void *vctx) - { - TLS1_PRF *ctx = (TLS1_PRF *)vctx; -+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); - - if (ctx != NULL) { - kdf_tls1_prf_reset(ctx); -@@ -222,6 +223,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, - } - } - -+ /* -+ * The seed buffer is prepended with a label. -+ * If EMS mode is enforced then the label "master secret" is not allowed, -+ * We do the check this way since the PRF is used for other purposes, as well -+ * as "extended master secret". -+ */ -+#ifdef FIPS_MODULE -+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE -+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, -+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ if (ossl_tls1_prf_ems_check_enabled(libctx)) { -+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE -+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, -+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED); -+ return 0; -+ } -+ } -+ - return tls1_prf_alg(ctx->P_hash, ctx->P_sha1, - ctx->sec, ctx->seclen, - ctx->seed, ctx->seedlen, +diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc +index c1b029de86..47d1cf2d01 100644 +--- a/providers/fips/include/fips_indicator_params.inc ++++ b/providers/fips/include/fips_indicator_params.inc +@@ -1,5 +1,5 @@ + OSSL_FIPS_PARAM(security_checks, SECURITY_CHECKS, 1) +-OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 0) ++OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 1) + OSSL_FIPS_PARAM(no_short_mac, NO_SHORT_MAC, 1) + OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0) + OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c -index 5146cedb96..086db98c33 100644 +index 946d20be52..b52c1675fd 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c -@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) +@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("ClientRenegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), + SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS), SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), - SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), + SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX), diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 00b1ee531e..22cdabb308 100644 +index 1a09913ad6..936be81819 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c -@@ -11,6 +11,7 @@ - #include "../ssl_local.h" +@@ -12,6 +12,7 @@ #include "statem_local.h" #include "internal/cryptlib.h" + #include "internal/ssl_unwrap.h" +#include #define COOKIE_STATE_FORMAT_VERSION 1 -@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, +@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -184,10 +125,10 @@ index 00b1ee531e..22cdabb308 100644 if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) || !WPACKET_put_bytes_u16(pkt, 0)) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index 91238e6457..e8ad8ecd9e 100644 +index 474ea7bf5b..e0e595e989 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c -@@ -20,6 +20,7 @@ +@@ -21,6 +21,7 @@ #include #include #include @@ -195,7 +136,7 @@ index 91238e6457..e8ad8ecd9e 100644 /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL_CONNECTION *s, -@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s, +@@ -78,8 +79,14 @@ static int tls1_PRF(SSL_CONNECTION *s, } err: @@ -213,7 +154,7 @@ index 91238e6457..e8ad8ecd9e 100644 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); EVP_KDF_CTX_free(kctx); diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt -index 44040ff66b..deb6bf3fcb 100644 +index 50944328cb..edb2e81273 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt @@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c @@ -234,10 +175,10 @@ index 44040ff66b..deb6bf3fcb 100644 KDF = TLS1-PRF Ctrl.digest = digest:SHA256 diff --git a/test/sslapitest.c b/test/sslapitest.c -index 169e3c7466..e67b5bb44c 100644 +index 39118a9162..9522478ad2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c -@@ -574,7 +574,7 @@ static int test_client_cert_verify_cb(void) +@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void) STACK_OF(X509) *server_chain; SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -247,5 +188,5 @@ index 169e3c7466..e67b5bb44c 100644 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, -- -2.41.0 +2.49.0 diff --git a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch new file mode 100644 index 0000000..3465171 --- /dev/null +++ b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch @@ -0,0 +1,61 @@ +From e1d57286ca07c3d89018d3c4368bed420f5c454a Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 13 Feb 2025 18:08:34 -0500 +Subject: [PATCH 38/50] FIPS: CMS: Set default padding to OAEP + +From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe +--- + apps/cms.c | 1 + + crypto/cms/cms_env.c | 10 ++++++++++ + 2 files changed, 11 insertions(+) + +diff --git a/apps/cms.c b/apps/cms.c +index 919d306ff6..b4950df759 100644 +--- a/apps/cms.c ++++ b/apps/cms.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + static int save_certs(char *signerfile, STACK_OF(X509) *signers); + static int cms_cb(int ok, X509_STORE_CTX *ctx); +diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c +index 375239c78d..e09ad03ece 100644 +--- a/crypto/cms/cms_env.c ++++ b/crypto/cms/cms_env.c +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + #include "internal/sizes.h" + #include "crypto/asn1.h" + #include "crypto/evp.h" +@@ -375,6 +376,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, + return 0; + if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) + return 0; ++ if (FIPS_mode()) { ++ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0) ++ return 0; ++ } + } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) + return 0; + return 1; +@@ -540,6 +545,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; ++ ++ if (FIPS_mode()) { ++ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0) ++ goto err; ++ } + } + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) +-- +2.49.0 + diff --git a/0125-PBMAC1-PKCS12-FIPS-default.patch b/0039-FIPS-PKCS12-PBMAC1-defaults.patch similarity index 50% rename from 0125-PBMAC1-PKCS12-FIPS-default.patch rename to 0039-FIPS-PKCS12-PBMAC1-defaults.patch index f7257ea..fa3e3b4 100644 --- a/0125-PBMAC1-PKCS12-FIPS-default.patch +++ b/0039-FIPS-PKCS12-PBMAC1-defaults.patch @@ -1,6 +1,17 @@ -diff -up openssl-3.2.2/apps/pkcs12.c.xxx openssl-3.2.2/apps/pkcs12.c ---- openssl-3.2.2/apps/pkcs12.c.xxx 2024-08-14 11:24:41.164589397 +0200 -+++ openssl-3.2.2/apps/pkcs12.c 2024-08-14 11:28:21.071004221 +0200 +From db948b9f36c27a72595eb81633d787e6c95977b4 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 13 Feb 2025 18:16:29 -0500 +Subject: [PATCH 39/50] FIPS: PKCS12: PBMAC1 defaults + +From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708 +--- + apps/pkcs12.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/apps/pkcs12.c b/apps/pkcs12.c +index 9964faf21a..59439a8cc0 100644 +--- a/apps/pkcs12.c ++++ b/apps/pkcs12.c @@ -17,6 +17,7 @@ #include #include @@ -9,7 +20,7 @@ diff -up openssl-3.2.2/apps/pkcs12.c.xxx openssl-3.2.2/apps/pkcs12.c #include #include #include -@@ -708,6 +709,9 @@ int pkcs12_main(int argc, char **argv) +@@ -709,6 +710,9 @@ int pkcs12_main(int argc, char **argv) } if (maciter != -1) { @@ -19,3 +30,6 @@ diff -up openssl-3.2.2/apps/pkcs12.c.xxx openssl-3.2.2/apps/pkcs12.c if (pbmac1_pbkdf2 == 1) { if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, macsaltlen, maciter, +-- +2.49.0 + diff --git a/0040-FIPS-Fix-encoder-decoder-negative-test.patch b/0040-FIPS-Fix-encoder-decoder-negative-test.patch new file mode 100644 index 0000000..d94c9ec --- /dev/null +++ b/0040-FIPS-Fix-encoder-decoder-negative-test.patch @@ -0,0 +1,35 @@ +From c49eb02a6c08ab8398688e609a6c1681b86c24e0 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 5 Mar 2025 13:22:03 -0500 +Subject: [PATCH 40/50] FIPS: Fix encoder/decoder negative test + +Signed-off-by: Simo Sorce +--- + test/recipes/04-test_encoder_decoder.t | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + mode change 100644 => 100755 test/recipes/04-test_encoder_decoder.t + +diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t +old mode 100644 +new mode 100755 +index 2acc980e90..660d4e1115 +--- a/test/recipes/04-test_encoder_decoder.t ++++ b/test/recipes/04-test_encoder_decoder.t +@@ -75,10 +75,10 @@ SKIP: { + } + my $no_des = disabled("des"); + SKIP: { +- skip "MD5 disabled", 2 if disabled("md5"); +- ok(run(app([ 'openssl', 'genrsa', '-aes128', '-out', 'epki.pem', +- '-traditional', '-passout', 'pass:pass' ])), +- "rsa encrypted using a non fips algorithm MD5 in pbe"); ++ skip "DES disabled", 2 if disabled("des3"); ++ ok(run(app([ 'openssl', 'genrsa', '-des3', '-out', 'epki.pem', ++ '-traditional', '-passout', 'pass:pass'])), ++ "rsa encrypted using a non fips algorithm DES3 in pbe"); + + my $conf2 = srctop_file("test", "default-and-fips.cnf"); + ok(run(test(['decoder_propq_test', '-config', $conf2, +-- +2.49.0 + diff --git a/0041-FIPS-EC-DH-DSA-PCTs.patch b/0041-FIPS-EC-DH-DSA-PCTs.patch new file mode 100644 index 0000000..25ea8c1 --- /dev/null +++ b/0041-FIPS-EC-DH-DSA-PCTs.patch @@ -0,0 +1,180 @@ +From ad8a02985f28b1ead7169ca20dca010113f52250 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 24 Mar 2025 10:50:06 -0400 +Subject: [PATCH 41/50] FIPS: EC: DH/DSA PCTs + +Signed-off-by: Simo Sorce +--- + .../implementations/exchange/ecdh_exch.c | 19 ++++++++++ + providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++++- + .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++++++-- + 3 files changed, 75 insertions(+), 5 deletions(-) + +diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c +index 58fbc7bc09..98d4354f3e 100644 +--- a/providers/implementations/exchange/ecdh_exch.c ++++ b/providers/implementations/exchange/ecdh_exch.c +@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, + #endif + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); ++#ifdef FIPS_MODULE ++ { ++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); ++ int check = 0; ++ ++ if (bn_ctx == NULL) { ++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); ++ BN_CTX_free(bn_ctx); ++ ++ if (check <= 0) { ++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); ++ goto end; ++ } ++ } ++#endif + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + +diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c +index 9421aabb14..77531c4b59 100644 +--- a/providers/implementations/keymgmt/ec_kmgmt.c ++++ b/providers/implementations/keymgmt/ec_kmgmt.c +@@ -993,9 +993,18 @@ struct ec_gen_ctx { + EC_GROUP *gen_group; + unsigned char *dhkem_ikm; + size_t dhkem_ikmlen; ++#ifdef FIPS_MODULE ++ void *ecdsa_sig_ctx; ++#endif + OSSL_FIPS_IND_DECLARE + }; + ++#ifdef FIPS_MODULE ++void *ecdsa_newctx(void *provctx, const char *propq); ++void ecdsa_freectx(void *vctx); ++int do_ec_pct(void *, const char *, void *); ++#endif ++ + static void *ec_gen_init(void *provctx, int selection, + const OSSL_PARAM params[]) + { +@@ -1015,6 +1024,10 @@ static void *ec_gen_init(void *provctx, int selection, + gctx = NULL; + } + } ++#ifdef FIPS_MODULE ++ if (gctx != NULL) ++ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL); ++#endif + return gctx; + } + +@@ -1326,6 +1339,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + + if (gctx->ecdh_mode != -1) + ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); ++#ifdef FIPS_MODULE ++ /* Pairwise consistency test */ ++ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ++ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1) ++ abort(); ++#endif + + if (gctx->group_check != NULL) + ret = ret && ossl_ec_set_check_group_type_from_name(ec, +@@ -1396,7 +1415,10 @@ static void ec_gen_cleanup(void *genctx) + + if (gctx == NULL) + return; +- ++#ifdef FIPS_MODULE ++ ecdsa_freectx(gctx->ecdsa_sig_ctx); ++ gctx->ecdsa_sig_ctx = NULL; ++#endif + OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen); + EC_GROUP_free(gctx->gen_group); + BN_free(gctx->p); +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 096d944896..34fb3aa56e 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -33,7 +33,7 @@ + #include "prov/der_ec.h" + #include "crypto/ec.h" + +-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; ++OSSL_FUNC_signature_newctx_fn ecdsa_newctx; + static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; + static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; + static OSSL_FUNC_signature_sign_fn ecdsa_sign; +@@ -48,7 +48,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; + static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; + static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; + static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; +-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; ++OSSL_FUNC_signature_freectx_fn ecdsa_freectx; + static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx; + static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types; + static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params; +@@ -139,7 +139,7 @@ typedef struct { + OSSL_FIPS_IND_DECLARE + } PROV_ECDSA_CTX; + +-static void *ecdsa_newctx(void *provctx, const char *propq) ++void *ecdsa_newctx(void *provctx, const char *propq) + { + PROV_ECDSA_CTX *ctx; + +@@ -613,7 +613,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, + return ok; + } + +-static void ecdsa_freectx(void *vctx) ++void ecdsa_freectx(void *vctx) + { + PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; + +@@ -862,6 +862,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) + return EVP_MD_settable_ctx_params(ctx->md); + } + ++#ifdef FIPS_MODULE ++int do_ec_pct(void *vctx, const char *mdname, void *ec) ++{ ++ static const unsigned char data[32]; ++ unsigned char sigbuf[256]; ++ size_t siglen = sizeof(sigbuf); ++ ++ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) ++ return 0; ++ ++ return 1; ++} ++#endif ++ + const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, +-- +2.49.0 + diff --git a/0042-FIPS-EC-disable-weak-curves.patch b/0042-FIPS-EC-disable-weak-curves.patch new file mode 100644 index 0000000..7c0a5a2 --- /dev/null +++ b/0042-FIPS-EC-disable-weak-curves.patch @@ -0,0 +1,31 @@ +From 998f0c96eb674c2647bfead8b925f3599be3bd0a Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:06:36 -0500 +Subject: [PATCH 42/50] FIPS: EC: disable weak curves + +Signed-off-by: Simo Sorce +--- + apps/ecparam.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/apps/ecparam.c b/apps/ecparam.c +index f0879dfb11..a6042e7d2a 100644 +--- a/apps/ecparam.c ++++ b/apps/ecparam.c +@@ -77,6 +77,13 @@ static int list_builtin_curves(BIO *out) + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + ++ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1) ++ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1) ++ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1) ++ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1) ++ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL)) ++ continue; ++ + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) +-- +2.49.0 + diff --git a/0043-FIPS-NO-DSA-Support.patch b/0043-FIPS-NO-DSA-Support.patch new file mode 100644 index 0000000..e3471ec --- /dev/null +++ b/0043-FIPS-NO-DSA-Support.patch @@ -0,0 +1,400 @@ +From 64467bd0ad1bf2a0c1a67462a27e405632704026 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:10:52 -0500 +Subject: [PATCH 43/50] FIPS: NO DSA Support + +Signed-off-by: Simo Sorce +--- + providers/fips/fipsprov.c | 8 +++++--- + providers/fips/self_test_data.inc | 6 +++++- + test/acvp_test.c | 2 ++ + test/endecode_test.c | 2 ++ + test/recipes/15-test_gendsa.t | 2 +- + test/recipes/20-test_cli_fips.t | 3 +-- + test/recipes/30-test_evp.t | 7 ++----- + test/recipes/30-test_evp_data/evppkey_dsa.txt | 18 ++++++++++++++++- + test/recipes/80-test_cms.t | 20 +++++++++---------- + 9 files changed, 45 insertions(+), 23 deletions(-) + mode change 100644 => 100755 test/recipes/30-test_evp.t + +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index aa1ab85470..7999744b5a 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -430,7 +430,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = { + }; + + static const OSSL_ALGORITHM fips_signature[] = { +-#ifndef OPENSSL_NO_DSA ++/* We don't certify DSA in our FIPS provider */ ++#if 0 /* #ifndef OPENSSL_NO_DSA */ + { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, + { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, + { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, +@@ -560,8 +561,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { + PROV_DESCS_DHX }, + #endif + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, +- PROV_DESCS_DSA }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, ++ PROV_DESCS_DSA }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, + PROV_DESCS_RSA }, +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 5cbb5352a5..10ca473764 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -1522,8 +1522,9 @@ static const unsigned char ed448_expected_sig[] = { + # endif /* OPENSSL_NO_ECX */ + #endif /* OPENSSL_NO_EC */ + +-#ifndef OPENSSL_NO_DSA + /* dsa 2048 */ ++#if 0 ++#ifndef OPENSSL_NO_DSA + static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, +@@ -1651,6 +1652,7 @@ static const ST_KAT_PARAM dsa_key[] = { + ST_KAT_PARAM_END() + }; + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_ML_DSA + static const unsigned char ml_dsa_65_pub_key[] = { +@@ -3013,6 +3015,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + }, + # endif /* OPENSSL_NO_ECX */ + #endif /* OPENSSL_NO_EC */ ++#if 0 + #ifndef OPENSSL_NO_DSA + { + OSSL_SELF_TEST_DESC_SIGN_DSA, +@@ -3025,6 +3028,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + ITM(dsa_expected_sig) + }, + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_ML_DSA + { +diff --git a/test/acvp_test.c b/test/acvp_test.c +index 2bcc886fd2..db0282d043 100644 +--- a/test/acvp_test.c ++++ b/test/acvp_test.c +@@ -1735,6 +1735,7 @@ int setup_tests(void) + OSSL_NELEM(dh_safe_prime_keyver_data)); + #endif /* OPENSSL_NO_DH */ + ++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ + #ifndef OPENSSL_NO_DSA + dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0); + ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); +@@ -1743,6 +1744,7 @@ int setup_tests(void) + ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); + ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_EC + ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0); +diff --git a/test/endecode_test.c b/test/endecode_test.c +index d2ff9e6eb6..dfd5e92f7e 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -1536,6 +1536,7 @@ int setup_tests(void) + * so no legacy tests. + */ + #endif ++ if (is_fips == 0) { + #ifndef OPENSSL_NO_DSA + ADD_TEST_SUITE(DSA); + ADD_TEST_SUITE_PARAMS(DSA); +@@ -1546,6 +1547,7 @@ int setup_tests(void) + ADD_TEST_SUITE_PROTECTED_PVK(DSA); + # endif + #endif ++ } + #ifndef OPENSSL_NO_EC + ADD_TEST(ec_encode_to_data_multi); + ADD_TEST_SUITE(EC); +diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t +index cd331c4cfc..e21d6acda4 100644 +--- a/test/recipes/15-test_gendsa.t ++++ b/test/recipes/15-test_gendsa.t +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "This test is unsupported in a no-dsa build" + if disabled("dsa"); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; + + plan tests => + ($no_fips ? 0 : 2) # FIPS related tests +diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t +index 2abc4d2434..9a6875b3ec 100644 +--- a/test/recipes/20-test_cli_fips.t ++++ b/test/recipes/20-test_cli_fips.t +@@ -283,8 +283,7 @@ SKIP: { + } + + SKIP : { +- skip "FIPS DSA tests because of no dsa in this build", 1 +- if disabled("dsa") || $dsasignpass == '0'; ++ skip "FIPS DSA tests because of no dsa in this build", 1; + + subtest DSA => sub { + my $testtext_prefix = 'DSA'; +diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t +old mode 100644 +new mode 100755 +index a86456157b..05a61c8abe +--- a/test/recipes/30-test_evp.t ++++ b/test/recipes/30-test_evp.t +@@ -83,10 +83,6 @@ push @files, qw( + evppkey_slh_dsa_siggen.txt + evppkey_slh_dsa_sigver.txt + ) unless $no_slh_dsa; +-push @files, qw( +- evppkey_dsa.txt +- evppkey_dsa_sigalg.txt +- ) unless $no_dsa; + push @files, qw( + evppkey_ecx.txt + evppkey_ecx_sigalg.txt +@@ -166,11 +162,12 @@ my @defltfiles = qw( + push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; + push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx; +-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; + push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; + push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2; ++push @defltfiles, qw(evppkey_dsa.txt ++ evppkey_dsa_sigalg.txt) unless $no_dsa; + + plan tests => + + (scalar(@configs) * scalar(@files)) +diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt +index 5e5315a5b9..660d1db149 100644 +--- a/test/recipes/30-test_evp_data/evppkey_dsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt +@@ -44,17 +44,22 @@ PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC + + Title = DSA tests + ++## Red Hat all SHA1 tests are unavailable ++ ++Availablein = none + Verify = DSA-1024 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 + ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 + + # Modified signature ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -62,6 +67,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239 + Result = VERIFY_ERROR + + # Digest too short ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF123" +@@ -69,6 +75,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239 + Result = VERIFY_ERROR + + # Digest too long ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF12345" +@@ -76,12 +83,14 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239 + Result = VERIFY_ERROR + + # Garbage after signature ++Availablein = none + Verify = DSA-1024-PUBLIC + Input = "0123456789ABCDEF1234" + Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700 + Result = VERIFY_ERROR + + # Invalid tag ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -89,6 +98,7 @@ Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239 + Result = VERIFY_ERROR + + # BER signature ++Availablein = none + Verify = DSA-1024-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -277,6 +287,7 @@ Output = 00 + Result = DIGESTSIGNINIT_ERROR + + # Test sign with a 2048 bit key with N == 224 is allowed in fips mode ++Availablein = none + FIPSversion = <3.4.0 + DigestSign = SHA256 + Key = DSA-2048-224 +@@ -285,6 +296,7 @@ Output = 00 + Result = SIGNATURE_MISMATCH + + # Test sign with a 2048 bit key with N == 256 is allowed in fips mode ++Availablein = none + FIPSversion = <3.4.0 + DigestSign = SHA256 + Key = DSA-2048-256 +@@ -292,6 +304,7 @@ Input = "Hello" + Result = SIGNATURE_MISMATCH + + # Test sign with a 3072 bit key with N == 256 is allowed in fips mode ++Availablein = none + FIPSversion = <3.4.0 + DigestSign = SHA256 + Key = DSA-3072-256 +@@ -299,6 +312,7 @@ Input = "Hello" + Result = SIGNATURE_MISMATCH + + # Test sign with a 2048 bit SHA3 is allowed in fips mode ++Availablein = none + FIPSversion = <3.4.0 + DigestSign = SHA3-224 + Key = DSA-2048-256 +@@ -306,19 +320,21 @@ Input = "Hello" + Result = SIGNATURE_MISMATCH + + # Test verify with a 1024 bit key is allowed in fips mode ++Availablein = default + DigestVerify = SHA256 + Key = DSA-1024 + Input = "Hello " + Output = 302c02142e32c8a5b0bd19b2ba33fd9c78aad3729dcb1b9e02142c006f7726a9d6833d414865b95167ea5f4f7713 + + # Test verify with SHA1 is allowed in fips mode ++Availablein = none + DigestVerify = SHA1 + Key = DSA-1024 + Input = "Hello " + Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6 + + # Test verify with a 2048/160 bit key is allowed in fips mode +-FIPSversion = >3.1.1 ++Availablein = default + DigestVerify = SHA256 + Key = DSA-2048-160 + Input = "Hello" +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index ece29485f4..756f90c1bd 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -107,7 +107,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content DER format, DSA key", ++ [ "signed content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -115,7 +115,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, DSA key", ++ [ "signed detached content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, add RSA signer (with DSA existing)", ++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", +@@ -135,7 +135,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, DSA key", ++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], +@@ -144,7 +144,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -157,7 +157,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = ( + \&zero_compare + ], + +- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -199,7 +199,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -265,7 +265,7 @@ if ($no_fips || $old_fips) { + + my @smime_cms_tests = ( + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", $smrsa1, +@@ -278,7 +278,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +-- +2.49.0 + diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch deleted file mode 100644 index e9012e4..0000000 --- a/0044-FIPS-140-3-keychecks.patch +++ /dev/null @@ -1,404 +0,0 @@ -From b300beb172d5813b01b93bfd62fe191f8187fe1e Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 12:05:23 +0200 -Subject: [PATCH 20/48] 0044-FIPS-140-3-keychecks.patch - -Patch-name: 0044-FIPS-140-3-keychecks.patch -Patch-id: 44 -Patch-status: | - # Extra public/private key checks required by FIPS-140-3 ---- - crypto/dh/dh_key.c | 26 ++++++++++ - .../implementations/exchange/ecdh_exch.c | 19 ++++++++ - providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++- - providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++ - .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++-- - providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++-- - 6 files changed, 162 insertions(+), 9 deletions(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 4e9705beef..83773cceea 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - BN_MONT_CTX *mont = NULL; - BIGNUM *z = NULL, *pminus1; - int ret = -1; -+#ifdef FIPS_MODULE -+ int validate = 0; -+#endif - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - return 0; - } - -+#ifdef FIPS_MODULE -+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { -+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); -+ return 0; -+ } -+#endif -+ - ctx = BN_CTX_new_ex(dh->libctx); - if (ctx == NULL) - goto err; -@@ -262,6 +272,9 @@ static int generate_key(DH *dh) - #endif - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; -+#ifdef FIPS_MODULE -+ int validate = 0; -+#endif - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -354,8 +367,21 @@ static int generate_key(DH *dh) - if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) - goto err; - -+#ifdef FIPS_MODULE -+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { -+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); -+ goto err; -+ } -+#endif -+ - dh->pub_key = pub_key; - dh->priv_key = priv_key; -+#ifdef FIPS_MODULE -+ if (ossl_dh_check_pairwise(dh) <= 0) { -+ abort(); -+ } -+#endif -+ - dh->dirty_cnt++; - ok = 1; - err: -diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c -index 43caedb6df..73873f9758 100644 ---- a/providers/implementations/exchange/ecdh_exch.c -+++ b/providers/implementations/exchange/ecdh_exch.c -@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, - } - - ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); -+#ifdef FIPS_MODULE -+ { -+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); -+ int check = 0; -+ -+ if (bn_ctx == NULL) { -+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); -+ BN_CTX_free(bn_ctx); -+ -+ if (check <= 0) { -+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); -+ goto end; -+ } -+ } -+#endif - - retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); - -diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index a37cbbdba8..bca3f3c674 100644 ---- a/providers/implementations/keymgmt/ec_kmgmt.c -+++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -989,8 +989,17 @@ struct ec_gen_ctx { - EC_GROUP *gen_group; - unsigned char *dhkem_ikm; - size_t dhkem_ikmlen; -+#ifdef FIPS_MODULE -+ void *ecdsa_sig_ctx; -+#endif - }; - -+#ifdef FIPS_MODULE -+void *ecdsa_newctx(void *provctx, const char *propq); -+void ecdsa_freectx(void *vctx); -+int do_ec_pct(void *, const char *, void *); -+#endif -+ - static void *ec_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) - { -@@ -1009,6 +1018,10 @@ static void *ec_gen_init(void *provctx, int selection, - gctx = NULL; - } - } -+#ifdef FIPS_MODULE -+ if (gctx != NULL) -+ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL); -+#endif - return gctx; - } - -@@ -1279,6 +1292,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) - - if (gctx->ecdh_mode != -1) - ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); -+#ifdef FIPS_MODULE -+ /* Pairwise consistency test */ -+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 -+ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1) -+ abort(); -+#endif - - if (gctx->group_check != NULL) - ret = ret && ossl_ec_set_check_group_type_from_name(ec, -@@ -1348,7 +1367,10 @@ static void ec_gen_cleanup(void *genctx) - - if (gctx == NULL) - return; -- -+#ifdef FIPS_MODULE -+ ecdsa_freectx(gctx->ecdsa_sig_ctx); -+ gctx->ecdsa_sig_ctx = NULL; -+#endif - OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen); - EC_GROUP_free(gctx->gen_group); - BN_free(gctx->p); -diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c -index 3ba12c4889..ff49f8fcd8 100644 ---- a/providers/implementations/keymgmt/rsa_kmgmt.c -+++ b/providers/implementations/keymgmt/rsa_kmgmt.c -@@ -434,6 +434,7 @@ struct rsa_gen_ctx { - #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - /* ACVP test parameters */ - OSSL_PARAM *acvp_test_params; -+ void *prov_rsa_ctx; - #endif - }; - -@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) - return gctx->cb(params, gctx->cbarg); - } - -+#ifdef FIPS_MODULE -+void *rsa_newctx(void *provctx, const char *propq); -+void rsa_freectx(void *vctx); -+int do_rsa_pct(void *, const char *, void *); -+#endif -+ - static void *gen_init(void *provctx, int selection, int rsa_type, - const OSSL_PARAM params[]) - { -@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type, - - if (!rsa_gen_set_params(gctx, params)) - goto err; -+#ifdef FIPS_MODULE -+ if (gctx != NULL) -+ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL); -+#endif - return gctx; - - err: -@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) - - rsa = rsa_tmp; - rsa_tmp = NULL; -+#ifdef FIPS_MODULE -+ /* Pairwise consistency test */ -+ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1) -+ abort(); -+#endif - err: - BN_GENCB_free(gencb); - RSA_free(rsa_tmp); -@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx) - #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); - gctx->acvp_test_params = NULL; -+ rsa_freectx(gctx->prov_rsa_ctx); -+ gctx->prov_rsa_ctx = NULL; - #endif - BN_clear_free(gctx->pub_exp); - OPENSSL_free(gctx); -diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 865d49d100..ebeb30e002 100644 ---- a/providers/implementations/signature/ecdsa_sig.c -+++ b/providers/implementations/signature/ecdsa_sig.c -@@ -32,7 +32,7 @@ - #include "crypto/ec.h" - #include "prov/der_ec.h" - --static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; -+OSSL_FUNC_signature_newctx_fn ecdsa_newctx; - static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; - static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; - static OSSL_FUNC_signature_sign_fn ecdsa_sign; -@@ -43,7 +43,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; - static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; - static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; - static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; --static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; -+OSSL_FUNC_signature_freectx_fn ecdsa_freectx; - static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx; - static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params; - static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params; -@@ -104,7 +104,7 @@ typedef struct { - unsigned int nonce_type; - } PROV_ECDSA_CTX; - --static void *ecdsa_newctx(void *provctx, const char *propq) -+void *ecdsa_newctx(void *provctx, const char *propq) - { - PROV_ECDSA_CTX *ctx; - -@@ -370,7 +370,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, - return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen); - } - --static void ecdsa_freectx(void *vctx) -+void ecdsa_freectx(void *vctx) - { - PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - -@@ -581,6 +581,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) - return EVP_MD_settable_ctx_params(ctx->md); - } - -+#ifdef FIPS_MODULE -+int do_ec_pct(void *vctx, const char *mdname, void *ec) -+{ -+ static const unsigned char data[32]; -+ unsigned char sigbuf[256]; -+ size_t siglen = sizeof(sigbuf); -+ -+ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0) -+ return 0; -+ -+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) -+ return 0; -+ -+ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0) -+ return 0; -+ -+ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0) -+ return 0; -+ -+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) -+ return 0; -+ -+ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) -+ return 0; -+ -+ return 1; -+} -+#endif -+ - const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = { - { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, - { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index cd5de6bd51..d4261e8f7d 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -34,7 +34,7 @@ - - #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 - --static OSSL_FUNC_signature_newctx_fn rsa_newctx; -+OSSL_FUNC_signature_newctx_fn rsa_newctx; - static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; - static OSSL_FUNC_signature_verify_init_fn rsa_verify_init; - static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init; -@@ -47,7 +47,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final; - static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init; - static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_signverify_update; - static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final; --static OSSL_FUNC_signature_freectx_fn rsa_freectx; -+OSSL_FUNC_signature_freectx_fn rsa_freectx; - static OSSL_FUNC_signature_dupctx_fn rsa_dupctx; - static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params; - static OSSL_FUNC_signature_gettable_ctx_params_fn rsa_gettable_ctx_params; -@@ -170,7 +170,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen) - return 1; - } - --static void *rsa_newctx(void *provctx, const char *propq) -+void *rsa_newctx(void *provctx, const char *propq) - { - PROV_RSA_CTX *prsactx = NULL; - char *propq_copy = NULL; -@@ -977,7 +977,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, - return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); - } - --static void rsa_freectx(void *vprsactx) -+void rsa_freectx(void *vprsactx) - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - -@@ -1455,6 +1455,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) - return EVP_MD_settable_ctx_params(prsactx->md); - } - -+#ifdef FIPS_MODULE -+int do_rsa_pct(void *vctx, const char *mdname, void *rsa) -+{ -+ static const unsigned char data[32]; -+ unsigned char *sigbuf = NULL; -+ size_t siglen = 0; -+ int ret = 0; -+ -+ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0) -+ return 0; -+ -+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) -+ return 0; -+ -+ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0) -+ return 0; -+ -+ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL) -+ return 0; -+ -+ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0) -+ goto err; -+ -+ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0) -+ goto err; -+ -+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) -+ goto err; -+ -+ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) -+ goto err; -+ ret = 1; -+ -+ err: -+ OPENSSL_free(sigbuf); -+ return ret; -+} -+#endif -+ - const OSSL_DISPATCH ossl_rsa_signature_functions[] = { - { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, - { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, --- -2.41.0 -diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c -index e0d139d..35f23b2 100644 ---- a/crypto/rsa/rsa_gen.c -+++ b/crypto/rsa/rsa_gen.c -@@ -463,6 +463,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, - rsa->dmp1 = NULL; - rsa->dmq1 = NULL; - rsa->iqmp = NULL; -+#ifdef FIPS_MODULE -+ abort(); -+#endif /* defined(FIPS_MODULE) */ - } - } - return ok; --- -2.41.0 - diff --git a/0044-FIPS-NO-DES-support.patch b/0044-FIPS-NO-DES-support.patch new file mode 100644 index 0000000..a117127 --- /dev/null +++ b/0044-FIPS-NO-DES-support.patch @@ -0,0 +1,174 @@ +From 88abbb0a30dd2d990992c769eaad71f6c6764237 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:15:13 -0500 +Subject: [PATCH 44/50] FIPS: NO DES support + +Signed-off-by: Simo Sorce +--- + providers/fips/fipsprov.c | 3 ++- + providers/fips/self_test_data.inc | 5 ++++- + test/evp_libctx_test.c | 4 +++- + .../30-test_evp_data/evpciph_des3_common.txt | 13 ++++--------- + test/recipes/30-test_evp_data/evpmac_cmac_des.txt | 10 ---------- + test/recipes/80-test_cms.t | 2 +- + 6 files changed, 14 insertions(+), 23 deletions(-) + +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 7999744b5a..30f0c8ca14 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -354,7 +354,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { + ossl_cipher_capable_aes_cbc_hmac_sha256), + ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, + ossl_cipher_capable_aes_cbc_hmac_sha256), +-#ifndef OPENSSL_NO_DES ++/* We don't certify 3DES in our FIPS provider */ ++#if 0 /* ifndef OPENSSL_NO_DES */ + ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), + #endif /* OPENSSL_NO_DES */ +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 10ca473764..6a69e1687b 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -209,6 +209,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = + /*- CIPHER TEST DATA */ + + /* DES3 test data */ ++#if 0 + static const unsigned char des_ede3_cbc_pt[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, +@@ -229,7 +230,7 @@ static const unsigned char des_ede3_cbc_ct[] = { + 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, + 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 + }; +- ++#endif + /* AES-256 GCM test data */ + static const unsigned char aes_256_gcm_key[] = { + 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, +@@ -315,6 +316,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { + CIPHER_MODE_DECRYPT, + ITM(aes_128_ecb_key) + }, ++#if 0 + #ifndef OPENSSL_NO_DES + { + { +@@ -327,6 +329,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { + ITM(tdes_key) + } + #endif ++#endif + }; + + static const char hkdf_digest[] = "SHA256"; +diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c +index 2838f343bd..19dd2c6c63 100644 +--- a/test/evp_libctx_test.c ++++ b/test/evp_libctx_test.c +@@ -831,7 +831,9 @@ int setup_tests(void) + ADD_TEST(kem_invalid_keytype); + #endif + #ifndef OPENSSL_NO_DES +- ADD_TEST(test_cipher_tdes_randkey); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_TEST(test_cipher_tdes_randkey); ++ } + #endif + return 1; + } +diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt +index 1947e21f74..119b75d9ce 100644 +--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt ++++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt +@@ -14,7 +14,7 @@ + Title = DES3 Tests + + # DES EDE3 CBC tests (from destest) +-FIPSversion = <3.4.0 ++Availablein = default + Cipher = DES-EDE3-CBC + Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 + IV = fedcba9876543210 +@@ -24,8 +24,7 @@ NextIV = 1c673812cfde9675 + + # DES EDE3 ECB test + # FIPS(3.0.0): has a bug in the IV length #17591 +-FIPSversion = >3.0.0 +-FIPSversion = <3.4.0 ++Availablein = default + Cipher = DES-EDE3-ECB + Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 + Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +@@ -42,7 +41,6 @@ Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d + + # Test that DES3 CBC mode encryption fails because it is not FIPS approved + Availablein = fips +-FIPSversion = >=3.4.0 + Cipher = DES-EDE3-CBC + Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 + IV = fedcba9876543210 +@@ -52,7 +50,6 @@ Result = CIPHERINIT_ERROR + + # Test that DES3 EBC mode encryption fails because it is not FIPS approved + Availablein = fips +-FIPSversion = >=3.4.0 + Cipher = DES-EDE3-ECB + Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 + Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +@@ -62,8 +59,7 @@ Result = CIPHERINIT_ERROR + Title = DES3 FIPS Indicator Tests + + # Test that DES3 CBC mode encryption is not FIPS approved +-Availablein = fips +-FIPSversion = >=3.4.0 ++Availablein = none + Cipher = DES-EDE3-CBC + Unapproved = 1 + CtrlInit = encrypt-check:0 +@@ -74,8 +70,7 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 + Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + + # Test that DES3 ECB mode encryption is not FIPS approved +-Availablein = fipss +-FIPSversion = >=3.4.0 ++Availablein = none + Cipher = DES-EDE3-ECB + Operation = ENCRYPT + Unapproved = 1 +diff --git a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt +index a11e5ffe54..e4a7cbe75e 100644 +--- a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt ++++ b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt +@@ -35,13 +35,3 @@ Algorithm = DES-EDE3-CBC + Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 + Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E + Result = MAC_INIT_ERROR +- +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = CMAC +-Unapproved = 1 +-Ctrl = encrypt-check:0 +-Algorithm = DES-EDE3-CBC +-Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 +-Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E +-Output = 8F49A1B7D6AA2258 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 756f90c1bd..ac833d2a2f 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -398,7 +398,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "encrypted content test streaming PEM format, triple DES key", ++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", + [ "{cmd1}", @defaultprov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], +-- +2.49.0 + diff --git a/0045-FIPS-NO-Kmac.patch b/0045-FIPS-NO-Kmac.patch new file mode 100644 index 0000000..5abcbc0 --- /dev/null +++ b/0045-FIPS-NO-Kmac.patch @@ -0,0 +1,426 @@ +From 77495dcfb162a588e9121305e798997c687862cd Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:22:07 -0500 +Subject: [PATCH 45/50] FIPS: NO Kmac + +Signed-off-by: Simo Sorce +--- + providers/fips/fipsprov.c | 10 +- + providers/fips/self_test_data.inc | 4 + + test/recipes/30-test_evp.t | 2 +- + test/recipes/30-test_evp_data/evpkdf_hkdf.txt | 2 +- + .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 2 +- + test/recipes/30-test_evp_data/evpkdf_ss.txt | 6 +- + .../30-test_evp_data/evpmac_common.txt | 100 ++++-------------- + 7 files changed, 40 insertions(+), 86 deletions(-) + +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 30f0c8ca14..00b7d1e2aa 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -293,10 +293,11 @@ static const OSSL_ALGORITHM fips_digests[] = { + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ +- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, ++ /* We don't certify KECCAK in our FIPS provider */ ++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, + ossl_keccak_kmac_128_functions }, + { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, +- ossl_keccak_kmac_256_functions }, ++ ossl_keccak_kmac_256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -369,8 +370,9 @@ static const OSSL_ALGORITHM fips_macs[] = { + #endif + { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, +- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, +- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, ++ /* We don't certify KMAC in our FIPS provider */ ++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, ++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ + { NULL, NULL, NULL } + }; + +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 6a69e1687b..f3059a8446 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -544,6 +544,7 @@ static const ST_KAT_PARAM kbkdf_params[] = { + ST_KAT_PARAM_END() + }; + ++#if 0 + static const char kbkdf_kmac_mac[] = "KMAC128"; + static unsigned char kbkdf_kmac_label[] = { + 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, +@@ -570,6 +571,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = { + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), + ST_KAT_PARAM_END() + }; ++#endif + + static const char tls13_kdf_digest[] = "SHA256"; + static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; +@@ -660,12 +662,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = + kbkdf_params, + ITM(kbkdf_expected) + }, ++#if 0 + { + OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, + OSSL_KDF_NAME_KBKDF, + kbkdf_kmac_params, + ITM(kbkdf_kmac_expected) + }, ++#endif + { + OSSL_SELF_TEST_DESC_KDF_HKDF, + OSSL_KDF_NAME_HKDF, +diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t +index 05a61c8abe..4f2e8277b5 100755 +--- a/test/recipes/30-test_evp.t ++++ b/test/recipes/30-test_evp.t +@@ -52,7 +52,6 @@ my @files = qw( + evpciph_des3_common.txt + evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt +- evpkdf_kbkdf_kmac.txt + evpkdf_pbkdf1.txt + evpkdf_pbkdf2.txt + evpkdf_ss.txt +@@ -144,6 +143,7 @@ my @defltfiles = qw( + evpkdf_scrypt.txt + evpkdf_tls11_prf.txt + evpkdf_hmac_drbg.txt ++ evpkdf_kbkdf_kmac.txt + evpmac_blake.txt + evpmac_poly1305.txt + evpmac_siphash.txt +diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt +index c617f2cc44..c5cbaf5840 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt +@@ -244,7 +244,7 @@ Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +-Result = KDF_CTRL_ERROR ++Result = KDF_DERIVE_ERROR + Reason = invalid key length + + # Test that the key whose length is shorter than 112 bits is reported as +diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +index 67090f2112..bc87975449 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +@@ -1869,7 +1869,7 @@ Ctrl.use-separator = use-separator:0 + Ctrl.r = r:8 + Ctrl.hexkey = hexkey:0ef9 + Ctrl.hexinfo = hexinfo:56ec +-Result = KDF_CTRL_ERROR ++Result = KDF_DERIVE_ERROR + Reason = invalid key length + + Availablein = fips +diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt +index 07691ccf57..4503af711f 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt +@@ -1171,6 +1171,7 @@ Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96CB056DEBAEB6E5E706F99435257C + Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 + Output = 428979EA52175DC833C04215AC6B4BA89BA4FCAA0E0FA3B4E2C0E264C5746F0A5C788F2907A2C2B90719E396B35A14C4B583C51B9911125D34100FADDC4D94C0D936263CC1EF0B0D526E3891FE1F67BCB94DEA2525B84A8E7949A4CA34F36AEEC55099BF0EC5DE24B86428F4E6E6E23FE9AA443E2BDCF25A77ECD22BF758D554 + ++Availablein = default + KDF = SSKDF + Ctrl.mac = mac:KMAC-128 + Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2 +@@ -1209,7 +1210,7 @@ Ctrl.mac = mac:KMAC-128 + Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A + Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 + Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Reason = unsupported + + Title = Secret length < 112 is not approved in FIPS + +@@ -1246,6 +1247,8 @@ Ctrl.mac = mac:KMAC-128 + Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A + Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 + Output = b160ca853957becf10f4edd06b24cff412b6ca85cff76490afb53ce2f81081ef ++Result = KDF_CTRL_ERROR ++Reason = unsupported + + Title = Test Small salt is allowed + +@@ -1257,6 +1260,7 @@ Ctrl.hexsalt = hexsalt:00 + Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314 + Output = 02cfca07797566285b38982b86762abd + ++Availablein = default + KDF = SSKDF + Ctrl.mac = mac:KMAC-128 + Ctrl.hexsalt = hexsalt:00000000 +diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt +index 831eecbac9..af92ceea98 100644 +--- a/test/recipes/30-test_evp_data/evpmac_common.txt ++++ b/test/recipes/30-test_evp_data/evpmac_common.txt +@@ -399,6 +399,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C + Result = MAC_INIT_ERROR + Reason = invalid mode + ++Availablein = default + Title = KMAC Tests (From NIST) + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +@@ -409,12 +410,14 @@ Ctrl = xof:0 + OutputSize = 32 + BlockSize = 168 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Custom = "My Tagged Application" + Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -422,6 +425,7 @@ Custom = "My Tagged Application" + Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -430,12 +434,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC + OutputSize = 64 + BlockSize = 136 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 + Custom = "" + Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -445,12 +451,14 @@ Ctrl = size:64 + + Title = KMAC XOF Tests (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -458,6 +466,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -466,6 +475,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F + XOF = 1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -473,6 +483,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -480,6 +491,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -490,6 +502,7 @@ XOF = 1 + + Title = KMAC long customisation string (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -500,12 +513,14 @@ XOF = 1 + + Title = KMAC XOF Tests via ctrl (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -513,6 +528,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -521,6 +537,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F + Ctrl = xof:1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -528,6 +545,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -535,6 +553,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -545,6 +564,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string via ctrl (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -555,6 +575,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string negative test + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -564,6 +585,7 @@ Reason = invalid custom length + + Title = KMAC output is too large + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -572,81 +594,3 @@ Ctrl = size:2097152 + Result = MAC_INIT_ERROR + Reason = invalid output length + +-Title = KMAC output is too small in FIPS +- +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Output = 28c815 +-Custom = "My Tagged Application" +-Unapproved = 1 +-Ctrl = size:3 +-Ctrl = no-short-mac:0 +- +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Output = 28c815 +-Custom = "My Tagged Application" +-Ctrl = size:3 +-Result = MAC_INIT_ERROR +-Reason = invalid output length +- +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Output = 28c815 +-Custom = "My Tagged Application" +-Ctrl = size:3 +-Ctrl = no-short-mac:1 +-Result = MAC_INIT_ERROR +-Reason = invalid output length +- +-# Old FIPS providers accept short output +-FIPSversion = <3.4.0 +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Output = 28c815 +-Custom = "My Tagged Application" +-Ctrl = size:3 +- +-# The default provider accepts short output +-Availablein = default +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Output = 28c815 +-Custom = "My Tagged Application" +-Ctrl = size:3 +- +-Title = KMAC FIPS short key test +- +-# Test KMAC with key < 112 bits is not allowed +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = KMAC256 +-Key = 404142434445464748494A4B4C +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Custom = "" +-Result = MAC_INIT_ERROR +-Reason = invalid key length +- +-Title = KMAC FIPS short key indicator test +- +-# Test KMAC with key < 112 bits is unapproved +-Availablein = fips +-FIPSversion = >=3.4.0 +-MAC = KMAC256 +-Unapproved = 1 +-Ctrl = key-check:0 +-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +-Custom = "" +-Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 +-- +2.49.0 + diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch deleted file mode 100644 index befa23b..0000000 --- a/0045-FIPS-services-minimize.patch +++ /dev/null @@ -1,792 +0,0 @@ -From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 12:55:57 +0200 -Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch - -Patch-name: 0045-FIPS-services-minimize.patch -Patch-id: 45 -Patch-status: | - # Minimize fips services ---- - apps/ecparam.c | 7 +++ - apps/req.c | 2 +- - providers/common/capabilities.c | 2 +- - providers/fips/fipsprov.c | 44 +++++++++++-------- - providers/fips/self_test_data.inc | 9 +++- - providers/implementations/signature/rsa_sig.c | 26 +++++++++++ - ssl/ssl_ciph.c | 3 ++ - test/acvp_test.c | 2 + - test/endecode_test.c | 4 ++ - test/evp_libctx_test.c | 9 +++- - test/recipes/15-test_gendsa.t | 2 +- - test/recipes/20-test_cli_fips.t | 3 +- - test/recipes/30-test_evp.t | 16 +++---- - .../30-test_evp_data/evpmac_common.txt | 22 ++++++++++ - test/recipes/80-test_cms.t | 22 +++++----- - test/recipes/80-test_ssl_old.t | 2 +- - 16 files changed, 128 insertions(+), 47 deletions(-) - -diff --git a/apps/ecparam.c b/apps/ecparam.c -index 9e9ad13683..9c66cf2434 100644 ---- a/apps/ecparam.c -+++ b/apps/ecparam.c -@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) - const char *comment = curves[n].comment; - const char *sname = OBJ_nid2sn(curves[n].nid); - -+ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1) -+ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1) -+ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1) -+ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1) -+ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL)) -+ continue; -+ - if (comment == NULL) - comment = "CURVE DESCRIPTION NOT AVAILABLE"; - if (sname == NULL) -diff --git a/apps/req.c b/apps/req.c -index 23757044ab..5916914978 100644 ---- a/apps/req.c -+++ b/apps/req.c -@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) - unsigned long chtype = MBSTRING_ASC, reqflag = 0; - - #ifndef OPENSSL_NO_DES -- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - #endif - - opt_set_unknown_name("digest"); -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index ed37e76969..eb836dfa6a 100644 ---- a/providers/common/capabilities.c -+++ b/providers/common/capabilities.c -@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { - TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), - TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), - TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), --# endif - TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), - TLS_GROUP_ENTRY("x448", "X448", "X448", 29), -+# endif - # ifndef FIPS_MODULE - TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30), - TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31), -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 518226dfc6..29438faea8 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) - OSSL_LIB_CTX_FIPS_PROV_INDEX); - - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); - if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) -@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = { - * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for - * KMAC128 and KMAC256. - */ -- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, -+ /* We don't certify KECCAK in our FIPS provider */ -+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_128_functions }, - { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, -- ossl_keccak_kmac_256_functions }, -+ ossl_keccak_kmac_256_functions }, */ - { NULL, NULL, NULL } - }; - -@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { - ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), - #ifndef OPENSSL_NO_DES -- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), -- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), -+ /* We don't certify 3DES in our FIPS provider */ -+ /* UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), -+ UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ - #endif /* OPENSSL_NO_DES */ - { { NULL, NULL, NULL }, NULL } - }; -@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = { - #endif - { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, - { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, -- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, -- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, -+ /* We don't certify KMAC in our FIPS provider */ -+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, -+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ - { NULL, NULL, NULL } - }; - -@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { - #ifndef OPENSSL_NO_EC - { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, - # ifndef OPENSSL_NO_ECX -- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, -- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, -+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ - # endif - #endif - { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, -@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { - PROV_DESCS_DHX }, - #endif - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -- PROV_DESCS_DSA }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -+ PROV_DESCS_DSA }, */ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, -@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { - { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, - PROV_DESCS_EC }, - # ifndef OPENSSL_NO_ECX -- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, - PROV_DESCS_X25519 }, - { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, - PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, - PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, -- PROV_DESCS_ED448 }, -+ PROV_DESCS_ED448 }, */ - # endif - #endif - { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, -diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 2057378d3d..4b80bb70b9 100644 ---- a/providers/fips/self_test_data.inc -+++ b/providers/fips/self_test_data.inc -@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = - /*- CIPHER TEST DATA */ - - /* DES3 test data */ -+#if 0 - static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, -@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = { - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 - }; -- -+#endif - /* AES-256 GCM test data */ - static const unsigned char aes_256_gcm_key[] = { - 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { - # endif /* OPENSSL_NO_EC2M */ - #endif /* OPENSSL_NO_EC */ - --#ifndef OPENSSL_NO_DSA - /* dsa 2048 */ -+#if 0 -+#ifndef OPENSSL_NO_DSA - static const unsigned char dsa_p[] = { - 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, - 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, -@@ -1590,6 +1592,7 @@ static const ST_KAT_PARAM dsa_key[] = { - ST_KAT_PARAM_END() - }; - #endif /* OPENSSL_NO_DSA */ -+#endif - - /* Hash DRBG inputs for signature KATs */ - static const unsigned char sig_kat_entropyin[] = { -@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { - }, - # endif - #endif /* OPENSSL_NO_EC */ -+#if 0 - #ifndef OPENSSL_NO_DSA - { - OSSL_SELF_TEST_DESC_SIGN_DSA, -@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { - ITM(dsa_expected_sig) - }, - #endif /* OPENSSL_NO_DSA */ -+#endif - }; - - static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index d4261e8f7d..2a5504d104 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx, - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - int ret; -+# ifdef FIPS_MODULE -+ size_t rsabits = RSA_bits(prsactx->rsa); -+ -+ if (rsabits < 2048) { -+ if (rsabits != 1024 -+ && rsabits != 1280 -+ && rsabits != 1536 -+ && rsabits != 1792) { -+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ } -+# endif - - if (!ossl_prov_is_running()) - return 0; -@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - size_t rslen; -+# ifdef FIPS_MODULE -+ size_t rsabits = RSA_bits(prsactx->rsa); -+ -+ if (rsabits < 2048) { -+ if (rsabits != 1024 -+ && rsabits != 1280 -+ && rsabits != 1536 -+ && rsabits != 1792) { -+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ } -+# endif - - if (!ossl_prov_is_running()) - return 0; -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index a5e60e8839..f9af07d12b 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) - ctx->disabled_mkey_mask = 0; - ctx->disabled_auth_mask = 0; - -+ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) -+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; -+ - /* - * We ignore any errors from the fetches below. They are expected to fail - * if these algorithms are not available. -diff --git a/test/acvp_test.c b/test/acvp_test.c -index fee880d441..13d7a0ea8b 100644 ---- a/test/acvp_test.c -+++ b/test/acvp_test.c -@@ -1476,6 +1476,7 @@ int setup_tests(void) - OSSL_NELEM(dh_safe_prime_keyver_data)); - #endif /* OPENSSL_NO_DH */ - -+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ - #ifndef OPENSSL_NO_DSA - ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); - ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); -@@ -1483,6 +1484,7 @@ int setup_tests(void) - ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); - ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); - #endif /* OPENSSL_NO_DSA */ -+#endif - - #ifndef OPENSSL_NO_EC - ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); -diff --git a/test/endecode_test.c b/test/endecode_test.c -index 9a437d8c64..53385028fc 100644 ---- a/test/endecode_test.c -+++ b/test/endecode_test.c -@@ -1407,6 +1407,7 @@ int setup_tests(void) - * so no legacy tests. - */ - #endif -+ if (is_fips == 0) { - #ifndef OPENSSL_NO_DSA - ADD_TEST_SUITE(DSA); - ADD_TEST_SUITE_PARAMS(DSA); -@@ -1417,6 +1418,7 @@ int setup_tests(void) - ADD_TEST_SUITE_PROTECTED_PVK(DSA); - # endif - #endif -+ } - #ifndef OPENSSL_NO_EC - ADD_TEST_SUITE(EC); - ADD_TEST_SUITE_PARAMS(EC); -@@ -1431,10 +1433,12 @@ int setup_tests(void) - ADD_TEST_SUITE(ECExplicitTri2G); - ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); - # endif -+ if (is_fips == 0) { - ADD_TEST_SUITE(ED25519); - ADD_TEST_SUITE(ED448); - ADD_TEST_SUITE(X25519); - ADD_TEST_SUITE(X448); -+ } - /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. -diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index 2448c35a14..a7913cda4c 100644 ---- a/test/evp_libctx_test.c -+++ b/test/evp_libctx_test.c -@@ -21,6 +21,7 @@ - */ - #include "internal/deprecated.h" - #include -+#include - #include - #include - #include -@@ -726,7 +727,9 @@ int setup_tests(void) - return 0; - - #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) -- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); -+ if (strcmp(prov_name, "fips") != 0) { -+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); -+ } - #endif - #ifndef OPENSSL_NO_DH - ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); -@@ -746,7 +749,9 @@ int setup_tests(void) - ADD_TEST(kem_invalid_keytype); - #endif - #ifndef OPENSSL_NO_DES -- ADD_TEST(test_cipher_tdes_randkey); -+ if (strcmp(prov_name, "fips") != 0) { -+ ADD_TEST(test_cipher_tdes_randkey); -+ } - #endif - return 1; - } -diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t -index b495b08bda..69bd299521 100644 ---- a/test/recipes/15-test_gendsa.t -+++ b/test/recipes/15-test_gendsa.t -@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); - plan skip_all => "This test is unsupported in a no-dsa build" - if disabled("dsa"); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; - - plan tests => - ($no_fips ? 0 : 2) # FIPS related tests -diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t -index 6d3c5ba1bb..2ba47b5fca 100644 ---- a/test/recipes/20-test_cli_fips.t -+++ b/test/recipes/20-test_cli_fips.t -@@ -273,8 +273,7 @@ SKIP: { - } - - SKIP : { -- skip "FIPS DSA tests because of no dsa in this build", 1 -- if disabled("dsa"); -+ skip "FIPS DSA tests because of no dsa in this build", 1; - - subtest DSA => sub { - my $testtext_prefix = 'DSA'; -diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index 9d7040ced2..f8beb538d4 100644 ---- a/test/recipes/30-test_evp.t -+++ b/test/recipes/30-test_evp.t -@@ -42,10 +42,8 @@ my @files = qw( - evpciph_aes_cts.txt - evpciph_aes_wrap.txt - evpciph_aes_stitched.txt -- evpciph_des3_common.txt - evpkdf_hkdf.txt - evpkdf_kbkdf_counter.txt -- evpkdf_kbkdf_kmac.txt - evpkdf_pbkdf1.txt - evpkdf_pbkdf2.txt - evpkdf_ss.txt -@@ -91,6 +83,7 @@ my @defltfiles = qw( - evpciph_cast5.txt - evpciph_chacha.txt - evpciph_des.txt -+ evpciph_des3_common.txt - evpciph_idea.txt - evpciph_rc2.txt - evpciph_rc4.txt -@@ -114,10 +107,17 @@ my @defltfiles = qw( - evpmd_whirlpool.txt - evppbe_scrypt.txt - evppbe_pkcs12.txt -+ evpkdf_kbkdf_kmac.txt - evppkey_kdf_scrypt.txt - evppkey_kdf_tls1_prf.txt - evppkey_rsa.txt - ); -+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; -+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; -+push @defltfiles, qw( -+ evpkdf_x942_des.txt -+ evpmac_cmac_des.txt -+ ) unless $no_des; - push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; - push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; -diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt -index 93195df97c..315413cd9b 100644 ---- a/test/recipes/30-test_evp_data/evpmac_common.txt -+++ b/test/recipes/30-test_evp_data/evpmac_common.txt -@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C - Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 - Result = MAC_INIT_ERROR - -+Availablein = default - Title = KMAC Tests (From NIST) - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -@@ -350,12 +351,14 @@ Ctrl = xof:0 - OutputSize = 32 - BlockSize = 168 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Custom = "My Tagged Application" - Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -363,6 +366,7 @@ Custom = "My Tagged Application" - Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC - OutputSize = 64 - BlockSize = 136 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 - Custom = "" - Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -386,12 +392,14 @@ Ctrl = size:64 - - Title = KMAC XOF Tests (From NIST) - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 - XOF = 1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -399,6 +407,7 @@ Custom = "My Tagged Application" - Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C - XOF = 1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F - XOF = 1 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -414,6 +424,7 @@ Custom = "My Tagged Application" - Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B - XOF = 1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -421,6 +432,7 @@ Custom = "" - Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B - XOF = 1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -431,6 +443,7 @@ XOF = 1 - - Title = KMAC long customisation string (from NIST ACVP) - -+Availablein = default - MAC = KMAC256 - Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 - Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -441,12 +454,14 @@ XOF = 1 - - Title = KMAC XOF Tests via ctrl (From NIST) - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -454,6 +469,7 @@ Custom = "My Tagged Application" - Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F - Ctrl = xof:1 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -469,6 +486,7 @@ Custom = "My Tagged Application" - Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -476,6 +494,7 @@ Custom = "" - Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -486,6 +505,7 @@ Ctrl = xof:1 - - Title = KMAC long customisation string via ctrl (from NIST ACVP) - -+Availablein = default - MAC = KMAC256 - Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 - Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -496,6 +516,7 @@ Ctrl = xof:1 - - Title = KMAC long customisation string negative test - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR - - Title = KMAC output is too large - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 40dd585c18..cbec426137 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content DER format, DSA key", -+ [ "signed content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, DSA key", -+ [ "signed detached content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, add RSA signer (with DSA existing)", -+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", -@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, DSA key", -+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], -@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-noattr", "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = ( - \&zero_compare - ], - -- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( - - my @smime_cms_tests = ( - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-keyid", - "-signer", $smrsa1, -@@ -261,7 +261,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -371,7 +371,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "encrypted content test streaming PEM format, triple DES key", -+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-stream", "-out", "{output}.cms" ], -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 50b74a1e29..e2dcb68fb5 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t -@@ -436,7 +436,7 @@ sub testssl { - my @exkeys = (); - my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; - -- if (!$no_dsa) { -+ if (!$no_dsa && $provider ne "fips") { - push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; - } - --- -2.41.0 - -diff -up openssl-3.2.0/test/recipes/30-test_evp.t.patch openssl-3.2.0/test/recipes/30-test_evp.t ---- openssl-3.2.0/test/recipes/30-test_evp.t.patch 2023-12-06 15:33:27.843751147 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp.t 2023-12-06 15:34:27.585351920 +0100 -@@ -70,15 +70,6 @@ push @files, qw( - evppkey_dh.txt - ) unless $no_dh; - push @files, qw( -- evpkdf_x942_des.txt -- evpmac_cmac_des.txt -- ) unless $no_des; --push @files, qw(evppkey_dsa.txt) unless $no_dsa; --push @files, qw( -- evppkey_ecx.txt -- evppkey_mismatch_ecx.txt -- ) unless $no_ecx; --push @files, qw( - evppkey_ecc.txt - evppkey_ecdh.txt - evppkey_ecdsa.txt -diff -up openssl-3.2.0/providers/fips/fipsprov.c.patch-fips openssl-3.2.0/providers/fips/fipsprov.c ---- openssl-3.2.0/providers/fips/fipsprov.c.patch-fips 2023-12-06 15:49:08.711198219 +0100 -+++ openssl-3.2.0/providers/fips/fipsprov.c 2023-12-06 15:55:42.362078721 +0100 -@@ -426,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch - - static const OSSL_ALGORITHM fips_signature[] = { - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, - #ifndef OPENSSL_NO_EC - # ifndef OPENSSL_NO_ECX -- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, - ossl_ed25519_signature_functions }, -- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, -+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/ - # endif - { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, - #endif -diff -up openssl-3.2.0/test/recipes/30-test_evp.t.fips-min openssl-3.2.0/test/recipes/30-test_evp.t ---- openssl-3.2.0/test/recipes/30-test_evp.t.fips-min 2024-02-01 11:00:56.823687618 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp.t 2024-02-01 11:01:20.131934678 +0100 -@@ -124,7 +124,6 @@ push @defltfiles, qw( - ) unless $no_des; - push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; --push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; - push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; diff --git a/0046-FIPS-NO-PQ-ML-SLH-DSA.patch b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch new file mode 100644 index 0000000..503a515 --- /dev/null +++ b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch @@ -0,0 +1,33 @@ +From 5de6758ff6d27df266280e8df7f587d7deba6d92 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 7 Mar 2025 18:24:36 -0500 +Subject: [PATCH 46/50] FIPS: NO PQ (ML/SLH-DSA) + +Signed-off-by: Simo Sorce +--- + providers/fips/self_test_data.inc | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index f3059a8446..9659f10613 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -3037,6 +3037,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + #endif /* OPENSSL_NO_DSA */ + #endif + ++#if 0 + #ifndef OPENSSL_NO_ML_DSA + { + OSSL_SELF_TEST_DESC_SIGN_ML_DSA, +@@ -3081,6 +3082,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + slh_dsa_sig_params, slh_dsa_sig_params + }, + #endif /* OPENSSL_NO_SLH_DSA */ ++#endif + }; + + #if !defined(OPENSSL_NO_ML_DSA) +-- +2.49.0 + diff --git a/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch new file mode 100644 index 0000000..16d336c --- /dev/null +++ b/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch @@ -0,0 +1,106 @@ +From 7996dc097918cf09350312d5ee04c727c3cd42ac Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 10 Mar 2025 13:52:50 -0400 +Subject: [PATCH 47/50] FIPS: Fix some tests due to our versioning change + +Signed-off-by: Simo Sorce +--- + test/ssl-tests/13-fragmentation.cnf.in | 4 ++-- + test/ssl-tests/17-renegotiate.cnf.in | 4 ++-- + test/ssl-tests/18-dtls-renegotiate.cnf.in | 2 +- + test/ssl-tests/19-mac-then-encrypt.cnf.in | 2 +- + test/ssl-tests/20-cert-select.cnf.in | 6 +++--- + 5 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in +index 318fd65960..87ec08ee5b 100644 +--- a/test/ssl-tests/13-fragmentation.cnf.in ++++ b/test/ssl-tests/13-fragmentation.cnf.in +@@ -14,7 +14,7 @@ use warnings; + + package ssltests; + +-our $fips_3_4; ++our $fips_mode; + + our @tests = ( + # Default fragment size is 512. +@@ -273,4 +273,4 @@ my @tests_rsa = ( + ); + + push @tests, @tests_rsa +- unless $fips_3_4; ++ unless $fips_mode; +diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in +index 2812e4c38b..9cbd972eba 100644 +--- a/test/ssl-tests/17-renegotiate.cnf.in ++++ b/test/ssl-tests/17-renegotiate.cnf.in +@@ -15,7 +15,7 @@ use warnings; + package ssltests; + use OpenSSL::Test::Utils; + +-our $fips_3_4; ++our $fips_mode; + + our @tests = ( + { +@@ -318,5 +318,5 @@ our @tests_tls1_2 = ( + } + ); + +-push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_3_4; ++push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_mode; + push @tests, @tests_tls1_2 unless disabled("tls1_2"); +diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in +index 8996849a2c..415dc2978d 100644 +--- a/test/ssl-tests/18-dtls-renegotiate.cnf.in ++++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in +@@ -133,7 +133,7 @@ foreach my $sctp ("No", "Yes") + ); + push @tests, @tests_basic; + +- next if disabled("dtls1_2") || $fips_3_4; ++ next if disabled("dtls1_2") || $fips_mode; + our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead".$suffix, +diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in +index 32bcec4be4..2f8a123c20 100644 +--- a/test/ssl-tests/19-mac-then-encrypt.cnf.in ++++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in +@@ -17,7 +17,7 @@ our $fips_mode; + our $fips_3_4; + + # Nothing to test with newer fips providers +-return if $fips_3_4; ++return if $fips_mode; + + our @tests = ( + { +diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in +index af47842fd8..21c75033e8 100644 +--- a/test/ssl-tests/20-cert-select.cnf.in ++++ b/test/ssl-tests/20-cert-select.cnf.in +@@ -266,7 +266,7 @@ our @tests = ( + }, + test => { + "ExpectedServerCertType" =>, "RSA", +- "ExpectedResult" => $fips_3_4 ? "ClientFail" : "Success" ++ "ExpectedResult" => $fips_mode ? "ClientFail" : "Success" + }, + }, + { +@@ -1005,8 +1005,8 @@ my @tests_dsa_tls_1_3 = ( + ); + + if (!disabled("dsa")) { +- push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_3_4; +- push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); ++ push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_mode; ++ push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3") || $fips_mode; + } + + my @tests_mldsa_tls_1_3 = ( +-- +2.49.0 + diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch deleted file mode 100644 index 6dffded..0000000 --- a/0047-FIPS-early-KATS.patch +++ /dev/null @@ -1,57 +0,0 @@ -From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 19 Oct 2023 13:12:40 +0200 -Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch - -Patch-name: 0047-FIPS-early-KATS.patch -Patch-id: 47 -Patch-status: | - # # Execute KATS before HMAC verification -From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 ---- - providers/fips/self_test.c | 22 ++++++++++------------ - 1 file changed, 10 insertions(+), 12 deletions(-) - -diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index e3a629018a..3c09bd8638 100644 ---- a/providers/fips/self_test.c -+++ b/providers/fips/self_test.c -@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - if (ev == NULL) - goto end; - -+ /* -+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements -+ */ -+ if (kats_already_passed == 0) { -+ if (!SELF_TEST_kats(ev, st->libctx)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); -+ goto end; -+ } -+ } -+ - if (st->module_checksum_data == NULL) { - module_checksum = fips_hmac_container; - checksum_len = sizeof(fips_hmac_container); -@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) - } - } - -- /* -- * Only runs the KAT's during installation OR on_demand(). -- * NOTE: If the installation option 'self_test_onload' is chosen then this -- * path will always be run, since kats_already_passed will always be 0. -- */ -- if (on_demand_test || kats_already_passed == 0) { -- if (!SELF_TEST_kats(ev, st->libctx)) { -- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); -- goto end; -- } -- } -- - /* Verify that the RNG has been restored properly */ - rng = ossl_rand_get0_private_noncreating(st->libctx); - if (rng != NULL) --- -2.41.0 - diff --git a/0048-Current-Rebase-status.patch b/0048-Current-Rebase-status.patch new file mode 100644 index 0000000..a130864 --- /dev/null +++ b/0048-Current-Rebase-status.patch @@ -0,0 +1,106 @@ +From d2068b5ee18ccb9014bc49e71be49e467f1bf07f Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 12 Feb 2025 17:25:47 -0500 +Subject: [PATCH 48/50] Current Rebase status + +Signed-off-by: Simo Sorce +--- + REBASE.txt | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 81 insertions(+) + +diff --git a/REBASE.txt b/REBASE.txt +index 2833a383c1..c8f6c992a8 100644 +--- a/REBASE.txt ++++ b/REBASE.txt +@@ -1,3 +1,6 @@ ++REBASED on TOP of tagged openssl-3.5.0 ++ ++ + 0028-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch + + Some asym testing has been dropped upstream, unclear if this needs to survive, +@@ -8,3 +11,81 @@ if so we may need to resurrect deleted code in upstream patch: + fips: remove redundant RSA encrypt/decrypt KAT + -- + ++This does not apply cleanly and I can't figure out the original intent exactly ++to modify the existing code correctly. ++ ++-- ++0030-0075-FIPS-Use-FFDHE2048-in-self-test.patch.patch ++ ++Unnecessary, upstream aleady change to use ffsh2048 ++ ++-- ++0032-0077-FIPS-140-3-zeroization.patch.patch ++ ++Unnecessary, but MUST define OPENSSL_PEDANTIC_ZEROIZATION to do the same ++ ++-- ++0048-Spec-cleanup.patch ++ ++Not applied as I did not get in the initial patch that imports into packit ++-- ++0049-0117-ignore-unknown-sigalgorithms-groups.patch.patch ++ ++Unnecessary, already included in 3.5 ++ ++-- ++0050-0118-no-crl-memleak.patch.patch ++ ++Unnecessary, already included in 3.5 ++ ++-- ++0051-0119-provider-sigalgs-in-signaturealgorithms-conf.pa.patch ++ ++Unnecessary, already included in 3.5 ++ ++-- ++ ++Recheck ++====== ++ ++- Dropped: openssl speed - skip unavailable dgst ++ ++- Dropped: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signa.patch ++ ++- Dropped patch to disable ECX algorihms ++ ++Needed build/spec changes ++==================== ++ ++Add -DOPENSSL_PEDANTIC_ZEROIZATION to ./Configure line ++This is needed for zeroizations required for FIPS ++ ++Add -DREDHAT_FIPS_VENDOR for the module name ++ ++Drop 0025-for-tests.patch from dist-git ++We now use a separate config file for tests and for install ++Copy rh-openssl.cnf over the openssl default conf file in the install section. ++ ++Testing ++======= ++./Configure \ ++ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ ++ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config \ ++ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ ++ enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\ ++ no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\ ++ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ ++ -Wl,--allow-multiple-definition ++ ++prefix=$HOME/tmp/openssl-rebase ++sysconfigdir=$prefix/etc ++fips="Rebase Testing" ++sslarch=linux-x86_64 ++sslflags=enable-ec_nistp_64_gcc_128 ++ktlsopt=enable-ktls ++ ++Example Testing ++=============== ++ ++./Configure --prefix=$HOME/tmp/openssl-rebase --openssldir=$HOME/tmp/openssl-rebase/etc/pki/tls enable-ec_nistp_64_gcc_128 --system-ciphers-file=$HOME/tmp/openssl-rebase/etc/crypto-policies/back-ends/opensslcnf.config zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 enable-ktls enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++ shared linux-x86_64 $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DOPENSSL_PEDANTIC_ZEROIZATION -DREDHAT_FIPS_VENDOR="\"Red Hat Enterprise Linux OpenSSL FIPS Provider\"" -DREDHAT_FIPS_VERSION="\"3.5.0-4c714d97fd77d1a8\""' -Wl,--allow-multiple-definition ++ +-- +2.49.0 + diff --git a/0049-FIPS-KDF-key-lenght-errors.patch b/0049-FIPS-KDF-key-lenght-errors.patch new file mode 100644 index 0000000..e29f212 --- /dev/null +++ b/0049-FIPS-KDF-key-lenght-errors.patch @@ -0,0 +1,175 @@ +From f9fb76834b0c471d770463e5d7d70f1e2fca3237 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 14 Apr 2025 15:25:40 -0400 +Subject: [PATCH 49/50] FIPS: KDF key lenght errors + +Signed-off-by: Simo Sorce +--- + test/recipes/30-test_evp_data/evpkdf_ss.txt | 8 ++++---- + test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 6 +++--- + test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 11 ++++++----- + test/recipes/30-test_evp_data/evpkdf_x942.txt | 3 +-- + test/recipes/30-test_evp_data/evpkdf_x963.txt | 6 ++---- + test/recipes/30-test_evp_data/evpmac_common.txt | 2 +- + test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt | 2 +- + 7 files changed, 18 insertions(+), 20 deletions(-) + +diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt +index 4503af711f..7ef2894ae6 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt +@@ -1189,8 +1189,8 @@ KDF = SSKDF + Ctrl.digest = digest:SHA1 + Ctrl.hexsecret = hexsecret:d7e6 + Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_DERIVE_ERROR ++#Reason = invalid key length + + Availablein = fips + FIPSversion = >=3.4.0 +@@ -1200,8 +1200,8 @@ Ctrl.digest = digest:SHA224 + Ctrl.salt = hexsalt:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96C + Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_DERIVE_ERROR ++#Reason = invalid key length + + Availablein = fips + FIPSversion = >=3.4.0 +diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +index edb2e81273..d663e5e5a5 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +@@ -104,8 +104,8 @@ Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55 + Ctrl.label = seed:extended master secret + Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c + Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +-Result = KDF_CTRL_ERROR +-Reason = digest not allowed ++Result = KDF_DERIVE_ERROR ++Reason = invalid key length + + # Test that the operation with unapproved digest function is is reported as + # unapproved +@@ -131,7 +131,7 @@ Ctrl.Secret = hexsecret:0102030405060708090a0b + Ctrl.label = seed:extended master secret + Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c + Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +-Result = KDF_CTRL_ERROR ++Result = KDF_DERIVE_ERROR + Reason = invalid key length + + # Test that the key whose length is shorter than 112 bits is reported as +diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt +index f2ea9ac44a..0f2f6e3904 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt +@@ -4963,7 +4963,7 @@ KDF = TLS13-KDF + Ctrl.mode = mode:EXTRACT_ONLY + Ctrl.digest = digest:SHA512-256 + Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +-Result = KDF_CTRL_ERROR ++Result = KDF_DERIVE_ERROR + + # Test that the operation with unapproved digest function is is reported as + # unapproved +@@ -4985,20 +4985,21 @@ KDF = TLS13-KDF + Ctrl.mode = mode:EXTRACT_ONLY + Ctrl.digest = digest:SHA2-256 + Ctrl.key = hexkey:0102030405060708090a0b +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_DERIVE_ERROR ++Reason = wrong output buffer size + + Availablein = fips + FIPSversion = >=3.4.0 + KDF = TLS13-KDF ++Unapproved = 1 + Ctrl.mode = mode:EXPAND_ONLY + Ctrl.digest = digest:SHA2-256 + Ctrl.key = hexkey:0102030405060708090a0b + Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 + Ctrl.prefix = hexprefix:746c73313320 + Ctrl.label = hexlabel:6320652074726166666963 +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_MISMATCH ++#Reason = invalid key length + + # Test that the key whose length is shorter than 112 bits is reported as + # unapproved +diff --git a/test/recipes/30-test_evp_data/evpkdf_x942.txt b/test/recipes/30-test_evp_data/evpkdf_x942.txt +index b1774592e9..6869fd0f20 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_x942.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_x942.txt +@@ -124,11 +124,10 @@ Reason = xof digests not allowed + Availablein = fips + FIPSversion = >=3.4.0 + KDF = X942KDF-ASN1 ++Unapproved = 1 + Ctrl.digest = digest:SHA256 + Ctrl.hexsecret = hexsecret:6B + Ctrl.use-keybits = use-keybits:0 + Ctrl.cekalg = cekalg:id-aes128-wrap + Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC + Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A +-Result = KDF_CTRL_ERROR +-Reason = invalid key length +diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt +index b8f3cff3d3..74524c4694 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_x963.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt +@@ -148,8 +148,7 @@ KDF = X963KDF + Ctrl.digest = digest:SHA1 + Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 + Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +-Result = KDF_CTRL_ERROR +-Reason = digest not allowed ++Result = KDF_DERIVE_ERROR + + # Test that the operation with unapproved digest function is is reported as + # unapproved +@@ -170,8 +169,7 @@ KDF = X963KDF + Ctrl.digest = digest:SHA224 + Ctrl.hexsecret = hexsecret:0102030405060908090a0b + Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10 +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_DERIVE_ERROR + + # Test that the key whose length is shorter than 112 bits is reported as + # unapproved +diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt +index af92ceea98..a1541bf226 100644 +--- a/test/recipes/30-test_evp_data/evpmac_common.txt ++++ b/test/recipes/30-test_evp_data/evpmac_common.txt +@@ -271,7 +271,7 @@ MAC = HMAC + Algorithm = SHA256 + Input = "Test Input" + Key = 0001020304 +-Result = MAC_INIT_ERROR ++Output = db70da6176d87813b059879ccc27bc53e295c6eca74db8bdc4e77d7e951d894b + + Title = HMAC FIPS short key indicator test + +diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt +index 1fb2472001..93c07ede7c 100644 +--- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt ++++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt +@@ -216,7 +216,7 @@ Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +-Result = PKEY_CTRL_ERROR ++Result = KDF_DERIVE_ERROR + Reason = invalid key length + + # Test that the key whose length is shorter than 112 bits is reported as +-- +2.49.0 + diff --git a/0050-FIPS-fix-disallowed-digests-tests.patch b/0050-FIPS-fix-disallowed-digests-tests.patch new file mode 100644 index 0000000..bd56dca --- /dev/null +++ b/0050-FIPS-fix-disallowed-digests-tests.patch @@ -0,0 +1,51 @@ +From 7dc0e5c5dbab91874602bbe73a3c0b627283ff64 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 15 Apr 2025 13:41:42 -0400 +Subject: [PATCH 50/50] FIPS: fix disallowed digests tests + +Signed-off-by: Simo Sorce +--- + test/recipes/30-test_evp_data/evpkdf_ssh.txt | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt +index 6688c217aa..8347f773e6 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt +@@ -4894,13 +4894,14 @@ Title = FIPS indicator tests + Availablein = fips + FIPSversion = >=3.4.0 + KDF = SSHKDF ++Unapproved = 1 + Ctrl.digest = digest:SHA512-256 + Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 + Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 + Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 + Ctrl.type = type:A +-Result = KDF_CTRL_ERROR +-Reason = digest not allowed ++Result = KDF_MISMATCH ++#Reason = digest not allowed + + # Test that the operation with unapproved digest function is is reported as + # unapproved +@@ -4920,13 +4921,14 @@ Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2 + Availablein = fips + FIPSversion = >=3.4.0 + KDF = SSHKDF ++Unapproved = 1 + Ctrl.digest = digest:SHA1 + Ctrl.hexkey = hexkey:0102030405060708090a0b + Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 + Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 + Ctrl.type = type:A +-Result = KDF_CTRL_ERROR +-Reason = invalid key length ++Result = KDF_MISMATCH ++#Reason = invalid key length + + # Test that the key whose length is shorter than 112 bits is reported as + # unapproved +-- +2.49.0 + diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch deleted file mode 100644 index 6b740ce..0000000 --- a/0056-strcasecmp.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num ---- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 -+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 -@@ -5425,5 +5425,7 @@ ASN1_item_d2i_ex - X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: - OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: - BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK -+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c ---- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 -+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 -@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char - #endif - } - --int OPENSSL_strcasecmp(const char *s1, const char *s2) -+int -+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) -+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), -+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) -+#endif -+OPENSSL_strcasecmp(const char *s1, const char *s2) - { - int t; - -@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c - return t; - } - --int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+int -+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) -+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), -+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) -+#endif -+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) - { - int t; - size_t i; -diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t ---- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 -+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 -@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { - s| .*||; - # Drop OpenSSL dynamic version information if there is any - s|\@\@.+$||; -+ s|\@.+$||; - # Return the result - $_ - } diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch deleted file mode 100644 index f1ad59d..0000000 --- a/0062-fips-Expose-a-FIPS-indicator.patch +++ /dev/null @@ -1,466 +0,0 @@ -From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Tue, 7 Jun 2022 12:02:49 +0200 -Subject: [PATCH] fips: Expose a FIPS indicator - -FIPS 140-3 requires us to indicate whether an operation was using -approved services or not. The FIPS 140-3 implementation guidelines -provide two basic approaches to doing this: implicit indicators, and -explicit indicators. - -Implicit indicators are basically the concept of "if the operation -passes, it was approved". We were originally aiming for implicit -indicators in our copy of OpenSSL. However, this proved to be a problem, -because we wanted to certify a signature service, and FIPS 140-3 -requires that a signature service computes the digest to be signed -within the boundaries of the FIPS module. Since we were planning to -certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify -would have to be blocked. Unfortunately, EVP_SignFinal uses -EVP_PKEY_sign internally, but outside of fips.so and thus outside of the -FIPS module boundary. This means that using implicit indicators in -combination with certifying only fips.so would require us to block both -EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used -by most users of OpenSSL for signatures. - -EVP_DigestSign would be acceptable, but has only been added in 3.0 and -is thus not yet widely used. - -As a consequence, we've decided to introduce explicit indicators so that -EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but -FIPS-aware applications can query the explicit indicator to check -whether the operation was approved. - -To avoid affecting the ABI and public API too much, this is implemented -as an exported symbol in fips.so and a private header, so applications -that wish to use this will have to dlopen(3) fips.so, locate the -function using dlsym(3), and then call it. These applications will have -to build against the private header in order to use the returned -pointer. - -Modify util/mkdef.pl to support exposing a symbol only for a specific -provider identified by its name and path. - -Signed-off-by: Clemens Lang ---- - doc/build.info | 6 ++ - doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++ - providers/fips/fipsprov.c | 71 +++++++++++++ - providers/fips/indicator.h | 66 ++++++++++++ - util/mkdef.pl | 25 ++++- - util/providers.num | 1 + - 6 files changed, 322 insertions(+), 1 deletion(-) - create mode 100644 doc/man7/fips_module_indicators.pod - create mode 100644 providers/fips/indicator.h - -diff --git a/doc/build.info b/doc/build.info -index b0aa4297a4..af235113bb 100644 ---- a/doc/build.info -+++ b/doc/build.info -@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod - GENERATE[html/man7/fips_module.html]=man7/fips_module.pod - DEPEND[man/man7/fips_module.7]=man7/fips_module.pod - GENERATE[man/man7/fips_module.7]=man7/fips_module.pod -+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod -+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod -+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod -+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod - DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod - GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod - DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod -@@ -4631,6 +4635,7 @@ html/man7/ct.html \ - html/man7/des_modes.html \ - html/man7/evp.html \ - html/man7/fips_module.html \ -+html/man7/fips_module_indicators.html \ - html/man7/life_cycle-cipher.html \ - html/man7/life_cycle-digest.html \ - html/man7/life_cycle-kdf.html \ -@@ -4754,6 +4759,7 @@ man/man7/ct.7 \ - man/man7/des_modes.7 \ - man/man7/evp.7 \ - man/man7/fips_module.7 \ -+man/man7/fips_module_indicators.7 \ - man/man7/life_cycle-cipher.7 \ - man/man7/life_cycle-digest.7 \ - man/man7/life_cycle-kdf.7 \ -diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod -new file mode 100644 -index 0000000000..23db2b395c ---- /dev/null -+++ b/doc/man7/fips_module_indicators.pod -@@ -0,0 +1,154 @@ -+=pod -+ -+=head1 NAME -+ -+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide -+ -+=head1 DESCRIPTION -+ -+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider -+implements Approved Security Service Indicators according to the FIPS 140-3 -+Implementation Guidelines, section 2.4.C. See -+L -+for the FIPS 140-3 Implementation Guidelines. -+ -+For all approved services except signatures, the Red Hat OpenSSL FIPS provider -+uses the return code as the indicator as understood by FIPS 140-3. That means -+that every operation that succeeds denotes use of an approved security service. -+Operations that do not succeed may not have been approved security services, or -+may have been used incorrectly. -+ -+For signatures, an explicit indicator API is available to determine whether -+a selected operation is an approved security service, in combination with the -+return code of the operation. For a signature operation to be approved, the -+explicit indicator must claim it as approved, and it must succeed. -+ -+=head2 Querying the explicit indicator -+ -+The Red Hat OpenSSL FIPS provider exports a symbol named -+I that provides information on which signature -+operations are approved security functions. To use this function, either link -+against I directly, or load it at runtime using dlopen(3) and -+dlsym(3). -+ -+ #include -+ #include "providers/fips/indicator.h" -+ -+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); -+ if (provider == NULL) { -+ fprintf(stderr, "%s\n", dlerror()); -+ // handle error -+ } -+ -+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ -+ = dlsym(provider, "redhat_ossl_query_fipsindicator"); -+ if (redhat_ossl_query_fipsindicator == NULL) { -+ fprintf(stderr, "%s\n", dlerror()); -+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" -+ " patches?\n"); -+ // handle error -+ } -+ -+Note that this uses the I header, which is not -+public. Install the I package from the I -+repository using I and include -+I in the compiler's include path. -+ -+I expects an operation ID as its only -+argument. Currently, the only supported operation ID is I to -+obtain the indicators for signature operations. On success, the return value is -+a pointer to an array of Is. On failure, NULL is -+returned. The last entry in the array is indicated by I being -+NULL. -+ -+ typedef struct ossl_rh_fipsindicator_algorithm_st { -+ const char *algorithm_names; /* key */ -+ const char *property_definition; /* key */ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; -+ } OSSL_RH_FIPSINDICATOR_ALGORITHM; -+ -+ typedef struct ossl_rh_fipsindicator_dispatch_st { -+ int function_id; -+ int approved; -+ } OSSL_RH_FIPSINDICATOR_DISPATCH; -+ -+The I field is a colon-separated list of algorithm names from -+one of the I constants, e.g., I. strtok(3) can -+be used to locate the appropriate entry. See the example below, where -+I contains the algorithm name to search for: -+ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; -+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = -+ redhat_ossl_query_fipsindicator(operation_id); -+ if (indicator == NULL) { -+ fprintf(stderr, "No indicator for operation, probably using implicit" -+ " indicators.\n"); -+ // handle error -+ } -+ -+ for (; indicator->algorithm_names != NULL; ++indicator) { -+ char *algorithm_names = strdup(indicator->algorithm_names); -+ if (algorithm_names == NULL) { -+ perror("strdup(3)"); -+ // handle error -+ } -+ -+ const char *algorithm_name = strtok(algorithm_names, ":"); -+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { -+ if (strcasecmp(algorithm_name, algorithm) == 0) { -+ indicator_dispatch = indicator->indicators; -+ free(algorithm_names); -+ algorithm_names = NULL; -+ break; -+ } -+ } -+ free(algorithm_names); -+ } -+ if (indicator_dispatch == NULL) { -+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); -+ // handle error -+ } -+ -+If an appropriate I array is available for the -+given algorithm name, it maps function IDs to their approval status. The last -+entry is indicated by a zero I. I is -+I if the operation is an approved security -+service, or part of an approved security service, or -+I otherwise. Any other value is invalid. -+Function IDs are I constants from I, -+e.g., I or I. -+ -+Assuming I is the function in question, the following code can be -+used to query the approval status: -+ -+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { -+ if (indicator_dispatch->function_id == function_id) { -+ switch (indicator_dispatch->approved) { -+ case OSSL_RH_FIPSINDICATOR_APPROVED: -+ // approved security service -+ break; -+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: -+ // unapproved security service -+ break; -+ default: -+ // invalid result -+ break; -+ } -+ break; -+ } -+ } -+ -+=head1 SEE ALSO -+ -+L, L -+ -+=head1 COPYRIGHT -+ -+Copyright 2022 Red Hat, Inc. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index de391ce067..1cfd71c5cf 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -23,6 +23,7 @@ - #include "self_test.h" - #include "crypto/context.h" - #include "internal/core.h" -+#include "indicator.h" - - static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; - static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; -@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = { - { NULL, NULL, NULL } - }; - -+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { -+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } -+}; -+ -+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { -+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } -+}; -+ -+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { -+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, -+ redhat_rsa_signature_indicators }, -+#ifndef OPENSSL_NO_EC -+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, -+ redhat_ecdsa_signature_indicators }, -+#endif -+ { NULL, NULL, NULL } -+}; -+ - static const OSSL_ALGORITHM fips_asym_cipher[] = { - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, - { NULL, NULL, NULL } -@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { - return NULL; - } - -+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { -+ switch (operation_id) { -+ case OSSL_OP_SIGNATURE: -+ return redhat_indicator_fips_signature; -+ } -+ return NULL; -+} -+ - static void fips_teardown(void *provctx) - { - OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); -diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h -new file mode 100644 -index 0000000000..b323efe44c ---- /dev/null -+++ b/providers/fips/indicator.h -@@ -0,0 +1,66 @@ -+/* -+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#ifndef OPENSSL_FIPS_INDICATOR_H -+# define OPENSSL_FIPS_INDICATOR_H -+# pragma once -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) -+# define OSSL_RH_FIPSINDICATOR_APPROVED (1) -+ -+/* -+ * FIPS indicator dispatch table element. function_id numbers and the -+ * functions are defined in core_dispatch.h, see macros with -+ * 'OSSL_CORE_MAKE_FUNC' in their names. -+ * -+ * An array of these is always terminated by function_id == 0 -+ */ -+typedef struct ossl_rh_fipsindicator_dispatch_st { -+ int function_id; -+ int approved; -+} OSSL_RH_FIPSINDICATOR_DISPATCH; -+ -+/* -+ * Type to tie together algorithm names, property definition string and the -+ * algorithm implementation's FIPS indicator status in the form of a FIPS -+ * indicator dispatch table. -+ * -+ * An array of these is always terminated by algorithm_names == NULL -+ */ -+typedef struct ossl_rh_fipsindicator_algorithm_st { -+ const char *algorithm_names; /* key */ -+ const char *property_definition; /* key */ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; -+} OSSL_RH_FIPSINDICATOR_ALGORITHM; -+ -+/** -+ * Query FIPS indicator status for the given operation. Possible values for -+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms -+ * use implicit indicators. The return value is an array of -+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with -+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of -+ * algorithm names, 'property_definition' a comma-separated list of properties, -+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This -+ * list is terminated by function_id == 0. 'function_id' is one of the -+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. -+ * -+ * If there is no entry in the returned struct for the given operation_id, -+ * algorithm name, or function_id, the algorithm is unapproved. -+ */ -+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); -+ -+# ifdef __cplusplus -+} -+# endif -+ -+#endif -diff --git a/util/mkdef.pl b/util/mkdef.pl -index a1c76f7c97..eda39b71ee 100755 ---- a/util/mkdef.pl -+++ b/util/mkdef.pl -@@ -149,7 +149,8 @@ $ordinal_opts{filter} = - return - $item->exists() - && platform_filter($item) -- && feature_filter($item); -+ && feature_filter($item) -+ && fips_filter($item, $name); - }; - my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); - -@@ -205,6 +206,28 @@ sub feature_filter { - return $verdict; - } - -+sub fips_filter { -+ my $item = shift; -+ my $name = uc(shift); -+ my @features = ( $item->features() ); -+ -+ # True if no features are defined -+ return 1 if scalar @features == 0; -+ -+ my @matches = grep(/^ONLY_.*$/, @features); -+ if (@matches) { -+ # There is at least one only_* flag on this symbol, check if any of -+ # them match the name -+ for (@matches) { -+ if ($_ eq "ONLY_${name}") { -+ return 1; -+ } -+ } -+ return 0; -+ } -+ return 1; -+} -+ - sub sorter_unix { - my $by_name = OpenSSL::Ordinals::by_name(); - my %weight = ( -diff --git a/util/providers.num b/util/providers.num -index 4e2fa81b98..77879d0e5f 100644 ---- a/util/providers.num -+++ b/util/providers.num -@@ -1 +1,2 @@ - OSSL_provider_init 1 * EXIST::FUNCTION: -+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS --- -2.35.3 - diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch deleted file mode 100644 index 6f5fef2..0000000 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ /dev/null @@ -1,347 +0,0 @@ -From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 29/35] - 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch - -Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -Patch-id: 73 -Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - crypto/rsa/rsa_local.h | 8 ++ - crypto/rsa/rsa_oaep.c | 34 ++++++-- - include/openssl/core_names.h | 3 + - providers/fips/self_test_data.inc | 79 ++++++++++--------- - providers/fips/self_test_kats.c | 7 ++ - .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- - 6 files changed, 128 insertions(+), 44 deletions(-) - -diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h -index ea70da05ad..dde57a1a0e 100644 ---- a/crypto/rsa/rsa_local.h -+++ b/crypto/rsa/rsa_local.h -@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to - int tlen, const unsigned char *from, - int flen); - -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md, -+ const char *redhat_st_seed); -+ - #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ -diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c -index d9be1a4f98..b2f7f7dc4b 100644 ---- a/crypto/rsa/rsa_oaep.c -+++ b/crypto/rsa/rsa_oaep.c -@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - param, plen, NULL, NULL); - } - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_asym_cipher_st; -+#endif /* FIPS_MODULE */ -+ - /* - * Perform the padding as per NIST 800-56B 7.2.2.3 - * from (K) is the key material. -@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - * Step numbers are included here but not in the constant time inverse below - * to avoid complicating an already difficult enough function. - */ --int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, -- unsigned char *to, int tlen, -- const unsigned char *from, int flen, -- const unsigned char *param, -- int plen, const EVP_MD *md, -- const EVP_MD *mgf1md) -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md, -+ const char *redhat_st_seed) - { - int rv = 0; - int i, emlen = tlen - 1; -@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, - db[emlen - flen - mdlen - 1] = 0x01; - memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); - /* step 3d: generate random byte string */ -+#ifdef FIPS_MODULE -+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { -+ memcpy(seed, redhat_st_seed, mdlen); -+ } else -+#endif - if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) - goto err; - -@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, - return rv; - } - -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md) -+{ -+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, -+ flen, param, plen, md, -+ mgf1md, NULL); -+} -+ - int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, -diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index e0fdc0daa4..aa2012c04a 100644 ---- a/providers/fips/self_test_data.inc -+++ b/providers/fips/self_test_data.inc -@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { - }; - - /*- -- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the -+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the - * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient - * HP/UX PA-RISC compilers. - */ --static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; -+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; -+static const char oaep_fixed_seed[] = { -+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, -+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, -+ 0x2e, 0x4b, 0x2c, 0xe6 -+}; - - static const ST_KAT_PARAM rsa_enc_params[] = { -- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), -+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), -+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, -+ oaep_fixed_seed), - ST_KAT_PARAM_END() - }; - -@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = { - 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 - }; - --static const unsigned char rsa_asym_plaintext_encrypt[256] = { -+static const unsigned char rsa_asym_plaintext_encrypt[208] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - }; - static const unsigned char rsa_asym_expected_encrypt[256] = { -- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, -- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, -- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, -- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, -- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, -- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, -- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, -- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, -- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, -- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, -- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, -- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, -- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, -- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, -- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, -- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, -- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, -- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, -- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, -- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, -- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, -- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, -- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, -- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, -- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, -- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, -- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, -- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, -- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, -- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, -- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, -- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, -+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, -+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, -+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, -+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, -+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, -+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, -+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, -+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, -+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, -+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, -+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, -+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, -+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, -+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, -+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, -+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, -+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, -+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, -+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, -+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, -+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, -+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, -+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, -+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, -+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, -+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, -+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, -+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, -+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, -+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, -+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, -+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 - }; - - #ifndef OPENSSL_NO_EC -diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index 74ee25dcb6..a9bc8be7fa 100644 ---- a/providers/fips/self_test_kats.c -+++ b/providers/fips/self_test_kats.c -@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) - return ret; - } - -+int REDHAT_FIPS_asym_cipher_st = 0; -+ - static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) - { - int i, ret = 1; - -+ REDHAT_FIPS_asym_cipher_st = 1; -+ - for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { - if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) - ret = 0; - } -+ -+ REDHAT_FIPS_asym_cipher_st = 0; -+ - return ret; - } - -diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 9cd8904131..40de5ce8fa 100644 ---- a/providers/implementations/asymciphers/rsa_enc.c -+++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -30,6 +30,9 @@ - #include "prov/implementations.h" - #include "prov/providercommon.h" - #include "prov/securitycheck.h" -+#ifdef FIPS_MODULE -+# include "crypto/rsa/rsa_local.h" -+#endif - - #include - -@@ -75,6 +78,9 @@ typedef struct { - /* TLS padding */ - unsigned int client_version; - unsigned int alt_version; -+#ifdef FIPS_MODULE -+ char *redhat_st_oaep_seed; -+#endif /* FIPS_MODULE */ - /* PKCS#1 v1.5 decryption mode */ - unsigned int implicit_rejection; - } PROV_RSA_CTX; -@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - } - } - ret = -- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, -+#ifdef FIPS_MODULE -+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( -+#else -+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( -+#endif -+ prsactx->libctx, tbuf, - rsasize, in, inlen, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, -- prsactx->mgf1_md); -+ prsactx->mgf1_md -+#ifdef FIPS_MODULE -+ , prsactx->redhat_st_oaep_seed -+#endif -+ ); - - if (!ret) { - OPENSSL_free(tbuf); -@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) - EVP_MD_free(prsactx->oaep_md); - EVP_MD_free(prsactx->mgf1_md); - OPENSSL_free(prsactx->oaep_label); -+#ifdef FIPS_MODULE -+ OPENSSL_free(prsactx->redhat_st_oaep_seed); -+#endif /* FIPS_MODULE */ - - OPENSSL_free(prsactx); - } -@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { - NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), -+#endif /* FIPS_MODULE */ - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - OSSL_PARAM_END - }; -@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, - return known_gettable_ctx_params; - } - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_asym_cipher_st; -+#endif /* FIPS_MODULE */ -+ - static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - prsactx->oaep_labellen = tmp_labellen; - } - -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); -+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { -+ void *tmp_oaep_seed = NULL; -+ -+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) -+ return 0; -+ OPENSSL_free(prsactx->redhat_st_oaep_seed); -+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; -+ } -+#endif /* FIPS_MODULE */ -+ - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); - if (p != NULL) { - unsigned int client_version; --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config 2023-12-14 13:48:23.398025507 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2023-12-14 14:24:49.519488385 +0100 -@@ -401,6 +401,7 @@ my %params = ( - 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", - 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", - 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", -+ 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed", - - # Encoder / decoder parameters - diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch deleted file mode 100644 index e41fadd..0000000 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ /dev/null @@ -1,408 +0,0 @@ -From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 15 Jul 2022 17:45:40 +0200 -Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test - -In review for FIPS 140-3, the lack of a self-test for the digest_sign -and digest_verify provider functions was highlighted as a problem. NIST -no longer provides ACVP tests for the RSA SigVer primitive (see -https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 -recommends the use of functions that compute the digest and signature -within the module, we have been advised in our module review that the -self tests should also use the combined digest and signature APIs, i.e. -the digest_sign and digest_verify provider functions. - -Modify the signature self-test to use these instead by switching to -EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to -crypto/evp/m_sigver.c to make these functions usable in the FIPS module. - -Signed-off-by: Clemens Lang ---- - crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ - providers/fips/self_test_kats.c | 37 +++++++++++++++------------- - 2 files changed, 56 insertions(+), 24 deletions(-) - -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index db1a1d7bc3..c94c3c53bd 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) - ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); - return 0; - } -+#endif /* !defined(FIPS_MODULE) */ - - /* - * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); -+#ifndef FIPS_MODULE - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); -+#endif /* !defined(FIPS_MODULE) */ - } - if (ctx->pctx == NULL) - return 0; -@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - locpctx = ctx->pctx; - ERR_set_mark(); - -+#ifndef FIPS_MODULE - if (evp_pkey_ctx_is_legacy(locpctx)) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - /* do not reinitialize if pkey is set or operation is different */ - if (reinit -@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); -+#ifndef FIPS_MODULE - if (signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - break; - } - if (signature == NULL) -@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->fetched_digest != NULL) { - ctx->digest = ctx->reqdigest = ctx->fetched_digest; -+#ifndef FIPS_MODULE - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } -+#endif /* !defined(FIPS_MODULE) */ - } - (void)ERR_pop_to_mark(); - } - } - -+#ifndef FIPS_MODULE - if (ctx->reqdigest != NULL - && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - goto err; - } - } -+#endif /* !defined(FIPS_MODULE) */ - - if (ver) { - if (signature->digest_verify_init == NULL) { -@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - -+#ifndef FIPS_MODULE - legacy: - /* - * If we don't have the full support we need with provided methods, -@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->pctx->flag_call_digest_custom = 1; - - ret = 1; -+#endif /* !defined(FIPS_MODULE) */ - - end: - #ifndef FIPS_MODULE -@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); - } --#endif /* FIPS_MDOE */ - - int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - { -@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - } - } - return 1; -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - if (vctx || !r) - return r; - return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - return -1; - return EVP_DigestVerifyFinal(ctx, sigret, siglen); - } --#endif /* FIPS_MODULE */ -diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index b6d5e8e134..77eec075e6 100644 ---- a/providers/fips/self_test_kats.c -+++ b/providers/fips/self_test_kats.c -@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, - int ret = 0; - OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD *bld = NULL; -+ EVP_MD *md = NULL; -+ EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; - EVP_PKEY *pkey = NULL; -- unsigned char sig[256]; - BN_CTX *bnctx = NULL; -+ const char *msg = "Hello World!"; -+ unsigned char sig[256]; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, - || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) - goto err; - -- /* Create a EVP_PKEY_CTX to use for the signing operation */ -- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); -- if (sctx == NULL -- || EVP_PKEY_sign_init(sctx) <= 0) -- goto err; -- -- /* set signature parameters */ -- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, -- t->mdalgorithm, -- strlen(t->mdalgorithm) + 1)) -- goto err; -+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature -+ * parameters and sign */ - params_sig = OSSL_PARAM_BLD_to_param(bld); -- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) -+ md = EVP_MD_fetch(libctx, "SHA256", NULL); -+ ctx = EVP_MD_CTX_new(); -+ if (md == NULL || ctx == NULL) -+ goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 -+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 -+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 -+ || EVP_MD_CTX_reset(ctx) <= 0) - goto err; - -- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 -- || EVP_PKEY_verify_init(sctx) <= 0 -+ /* sctx is not freed automatically inside the FIPS module */ -+ EVP_PKEY_CTX_free(sctx); -+ sctx = NULL; -+ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 - || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) - goto err; - -@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, sig); -- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) -+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) - goto err; - ret = 1; - err: - BN_CTX_free(bnctx); - EVP_PKEY_free(pkey); -- EVP_PKEY_CTX_free(kctx); -+ EVP_MD_free(md); -+ EVP_MD_CTX_free(ctx); -+ /* sctx is not freed automatically inside the FIPS module */ - EVP_PKEY_CTX_free(sctx); -+ EVP_PKEY_CTX_free(kctx); - OSSL_PARAM_free(params); - OSSL_PARAM_free(params_sig); - OSSL_PARAM_BLD_free(bld); --- -2.37.1 - -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 11:44:18.761559765 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 11:51:18.297195401 +0100 -@@ -560,26 +560,33 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -@@ -591,8 +598,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -704,25 +713,32 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -@@ -733,8 +749,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:39:26.858137284 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:40:28.201680446 +0100 -@@ -736,9 +736,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - goto legacy; - #endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ --#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:55:41.172653897 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:56:23.562017396 +0100 -@@ -584,9 +584,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - goto legacy; - #endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ --#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fips-new openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.fips-new 2024-01-30 23:50:10.115710238 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-31 00:04:31.448164500 +0100 -@@ -598,7 +598,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+ return r; - #endif /* !defined(FIPS_MODULE) */ -+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, -+ sigret, siglen, -+ sigret == NULL ? 0 : *siglen); - return r; - - #ifndef FIPS_MODULE -@@ -749,7 +753,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+ return r; - #endif /* !defined(FIPS_MODULE) */ -+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, -+ sig, siglen); - return r; - - #ifndef FIPS_MODULE -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef 2024-02-01 09:23:07.877696442 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-02-01 09:25:30.857169997 +0100 -@@ -599,11 +599,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - else - EVP_PKEY_CTX_free(dctx); - return r; --#endif /* !defined(FIPS_MODULE) */ -+#else - r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); - return r; -+#endif /* !defined(FIPS_MODULE) */ - - #ifndef FIPS_MODULE - legacy: -@@ -754,10 +755,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - else - EVP_PKEY_CTX_free(dctx); - return r; --#endif /* !defined(FIPS_MODULE) */ -+#else - r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); - return r; -+#endif /* !defined(FIPS_MODULE) */ - - #ifndef FIPS_MODULE - legacy: diff --git a/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/0075-FIPS-Use-FFDHE2048-in-self-test.patch deleted file mode 100644 index 096e62d..0000000 --- a/0075-FIPS-Use-FFDHE2048-in-self-test.patch +++ /dev/null @@ -1,378 +0,0 @@ -From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 22 Jul 2022 17:51:16 +0200 -Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test - -Signed-off-by: Clemens Lang ---- - providers/fips/self_test_data.inc | 342 +++++++++++++++--------------- - 1 file changed, 172 insertions(+), 170 deletions(-) - -diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index a29cc650b5..1b5623833f 100644 ---- a/providers/fips/self_test_data.inc -+++ b/providers/fips/self_test_data.inc -@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = - - #ifndef OPENSSL_NO_DH - /* DH KAT */ -+/* RFC7919 FFDHE2048 p */ - static const unsigned char dh_p[] = { -- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, -- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, -- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, -- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, -- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, -- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, -- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, -- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, -- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, -- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, -- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, -- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, -- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, -- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, -- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, -- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, -- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, -- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, -- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, -- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, -- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, -- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, -- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, -- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, -- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, -- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, -- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, -- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, -- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, -- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, -- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, -- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 --}; -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, -+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, -+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, -+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, -+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, -+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, -+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, -+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, -+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, -+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, -+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, -+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, -+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, -+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, -+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, -+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, -+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, -+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, -+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, -+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, -+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, -+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, -+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, -+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, -+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, -+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, -+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, -+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, -+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, -+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff -+}; -+/* RFC7919 FFDHE2048 q */ - static const unsigned char dh_q[] = { -- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, -- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, -- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, -- 0x11, 0xac, 0xb5, 0x7d --}; -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, -+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, -+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, -+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, -+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, -+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, -+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, -+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, -+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, -+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, -+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, -+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, -+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, -+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, -+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, -+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, -+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, -+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, -+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, -+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff -+}; -+/* RFC7919 FFDHE2048 g */ - static const unsigned char dh_g[] = { -- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, -- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, -- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, -- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, -- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, -- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, -- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, -- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, -- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, -- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, -- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, -- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, -- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, -- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, -- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, -- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, -- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, -- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, -- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, -- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, -- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, -- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, -- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, -- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, -- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, -- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, -- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, -- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, -- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, -- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, -- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, -- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 -+ 0x02 - }; - static const unsigned char dh_priv[] = { -- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, -- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, -- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, -- 0x40, 0xb8, 0xfc, 0xe6 -+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, -+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, -+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, -+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 - }; - static const unsigned char dh_pub[] = { -- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, -- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, -- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, -- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, -- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, -- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, -- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, -- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, -- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, -- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, -- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, -- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, -- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, -- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, -- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, -- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, -- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, -- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, -- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, -- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, -- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, -- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, -- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, -- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, -- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, -- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, -- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, -- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, -- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, -- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, -- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, -- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 -+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, -+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, -+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, -+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, -+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, -+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, -+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, -+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, -+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, -+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, -+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, -+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, -+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, -+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, -+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, -+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, -+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, -+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, -+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, -+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, -+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, -+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, -+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, -+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, -+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, -+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, -+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, -+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, -+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, -+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, -+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, -+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, -+ 0x32 - }; - static const unsigned char dh_peer_pub[] = { -- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, -- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, -- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, -- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, -- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, -- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, -- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, -- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, -- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, -- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, -- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, -- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, -- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, -- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, -- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, -- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, -- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, -- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, -- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, -- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, -- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, -- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, -- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, -- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, -- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, -- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, -- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, -- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, -- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, -- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, -- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, -- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b -+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, -+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, -+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, -+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, -+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, -+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, -+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, -+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, -+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, -+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, -+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, -+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, -+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, -+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, -+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, -+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, -+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, -+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, -+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, -+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, -+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, -+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, -+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, -+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, -+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, -+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, -+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, -+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, -+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, -+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, -+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, -+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, -+ 0x64 - }; - - static const unsigned char dh_secret_expected[] = { -- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, -- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, -- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, -- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, -- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, -- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, -- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, -- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, -- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, -- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, -- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, -- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, -- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, -- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, -- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, -- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, -- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, -- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, -- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, -- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, -- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, -- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, -- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, -- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, -- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, -- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, -- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, -- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, -- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, -- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, -- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, -- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 -+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, -+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, -+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, -+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, -+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, -+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, -+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, -+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, -+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, -+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, -+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, -+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, -+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, -+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, -+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, -+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, -+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, -+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, -+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, -+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, -+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, -+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, -+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, -+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, -+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, -+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, -+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, -+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, -+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, -+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, -+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, -+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 - }; - - static const ST_KAT_PARAM dh_group[] = { --- -2.35.3 - diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch deleted file mode 100644 index 23084f0..0000000 --- a/0076-FIPS-140-3-DRBG.patch +++ /dev/null @@ -1,317 +0,0 @@ -From 0329eb6523363705946887d4f145dd77c741ae4a Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 30/49] 0076-FIPS-140-3-DRBG.patch - -Patch-name: 0076-FIPS-140-3-DRBG.patch -Patch-id: 76 -Patch-status: | - # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) - # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce ---- - crypto/rand/prov_seed.c | 9 ++- - providers/implementations/rands/crngt.c | 6 +- - providers/implementations/rands/drbg.c | 11 ++- - providers/implementations/rands/drbg_local.h | 2 +- - .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- - 5 files changed, 28 insertions(+), 68 deletions(-) - -diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c ---- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 -+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 -@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused - size_t entropy_available; - RAND_POOL *pool; - -- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); -+ /* -+ * OpenSSL still implements an internal entropy pool of -+ * some size that is hashed to get seed data. -+ * Note that this is a conditioning step for which SP800-90C requires -+ * 64 additional bits from the entropy source to claim the requested -+ * amount of entropy. -+ */ -+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); - return 0; -diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c ---- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200 -+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200 -@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG - * to the nearest byte. If the entropy is of less than full quality, - * the amount required should be scaled up appropriately here. - */ -- bytes_needed = (entropy + 7) / 8; -+ /* -+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy -+ * + 128 bits during initial seeding -+ */ -+ bytes_needed = (entropy + 128 + 7) / 8; - if (bytes_needed < min_len) - bytes_needed = min_len; - if (bytes_needed > max_len) -diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c ---- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 -+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200 -@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb - #endif - } - -+#ifdef FIPS_MODULE -+ prediction_resistance = 1; -+#endif - /* Reseed using our sources in addition */ - entropylen = get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen, -@@ -669,8 +669,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d - reseed_required = 1; - } - if (drbg->parent != NULL -- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) -+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { -+#ifdef FIPS_MODULE -+ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/ -+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg); -+#else - reseed_required = 1; -+#endif -+ } - - if (reseed_required || prediction_resistance) { - if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, -diff -up openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg openssl-3.0.7/providers/implementations/rands/drbg_local.h ---- openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg 2023-03-13 12:17:47.705538612 +0100 -+++ openssl-3.0.7/providers/implementations/rands/drbg_local.h 2023-03-13 12:18:03.060702092 +0100 -@@ -38,7 +38,7 @@ - * - * The value is in bytes. - */ --#define CRNGT_BUFSIZ 16 -+#define CRNGT_BUFSIZ 32 - - /* - * Maximum input size for the DRBG (entropy, nonce, personalization string) -diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c ---- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 -+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 -@@ -48,6 +48,8 @@ - # include - # include - # include -+# include -+# include - - static uint64_t get_time_stamp(void); - -@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) - * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion - * between size_t and ssize_t is safe even without a range check. - */ -- -- /* -- * Do runtime detection to find getentropy(). -- * -- * Known OSs that should support this: -- * - Darwin since 16 (OSX 10.12, IOS 10.0). -- * - Solaris since 11.3 -- * - OpenBSD since 5.6 -- * - Linux since 3.17 with glibc 2.25 -- * - FreeBSD since 12.0 (1200061) -- * -- * Note: Sometimes getentropy() can be provided but not implemented -- * internally. So we need to check errno for ENOSYS -- */ --# if !defined(__DragonFly__) && !defined(__NetBSD__) --# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) -- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); -- -- if (getentropy != NULL) { -- if (getentropy(buf, buflen) == 0) -- return (ssize_t)buflen; -- if (errno != ENOSYS) -- return -1; -- } --# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) -- -- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) -- return (ssize_t)buflen; -- -- return -1; --# else -- union { -- void *p; -- int (*f)(void *buffer, size_t length); -- } p_getentropy; -- -- /* -- * We could cache the result of the lookup, but we normally don't -- * call this function often. -- */ -- ERR_set_mark(); -- p_getentropy.p = DSO_global_lookup("getentropy"); -- ERR_pop_to_mark(); -- if (p_getentropy.p != NULL) -- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; --# endif --# endif /* !__DragonFly__ */ -- -- /* Linux supports this since version 3.17 */ --# if defined(__linux) && defined(__NR_getrandom) -- return syscall(__NR_getrandom, buf, buflen, 0); --# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) -- return sysctl_random(buf, buflen); --# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ -- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) -- return getrandom(buf, buflen, 0); --# elif defined(__wasi__) -- if (getentropy(buf, buflen) == 0) -- return (ssize_t)buflen; -- return -1; --# else -- errno = ENOSYS; -- return -1; --# endif -+ int realbuflen = buflen > 32 ? 32 : buflen; /* Red Hat uses downstream patch to always seed from getrandom() */ -+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, realbuflen, GRND_RANDOM) : getrandom(buf, buflen, 0); - } - # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ - -diff -up openssl-3.2.1/providers/implementations/rands/seed_src.c.xxx openssl-3.2.1/providers/implementations/rands/seed_src.c ---- openssl-3.2.1/providers/implementations/rands/seed_src.c.xxx 2024-04-10 13:14:38.984033920 +0200 -+++ openssl-3.2.1/providers/implementations/rands/seed_src.c 2024-04-10 13:15:20.565045748 +0200 -@@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed - return 0; - } - -- pool = ossl_rand_pool_new(strength, 1, outlen, outlen); -+ /* -+ * OpenSSL still implements an internal entropy pool of -+ * some size that is hashed to get seed data. -+ * Note that this is a conditioning step for which SP800-90C requires -+ * 64 additional bits from the entropy source to claim the requested -+ * amount of entropy. -+ */ -+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen); - if (pool == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); - return 0; -@@ -189,7 +189,14 @@ static size_t seed_get_seed(void *vseed, - size_t i; - RAND_POOL *pool; - -- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); -+ /* -+ * OpenSSL still implements an internal entropy pool of -+ * some size that is hashed to get seed data. -+ * Note that this is a conditioning step for which SP800-90C requires -+ * 64 additional bits from the entropy source to claim the requested -+ * amount of entropy. -+ */ -+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); - return 0; -diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c -index 14999540ab..b05b84717b 100644 ---- a/crypto/rand/rand_lib.c -+++ b/crypto/rand/rand_lib.c -@@ -11,6 +11,7 @@ - #define OPENSSL_SUPPRESS_DEPRECATED - - #include -+#include - #include - #include - #include "internal/cryptlib.h" -@@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx) - return ret; - } - --#ifndef FIPS_MODULE -- if (dgbl->seed == NULL) { -- ERR_set_mark(); -- dgbl->seed = rand_new_seed(ctx); -- ERR_pop_to_mark(); -- } --#endif -- -- ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, -+ ret = dgbl->primary = rand_new_drbg(ctx, NULL, - PRIMARY_RESEED_INTERVAL, - PRIMARY_RESEED_TIME_INTERVAL, 1); - /* -@@ -766,7 +766,7 @@ EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_ - if (CRYPTO_THREAD_get_local(&dgbl->private) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) - return NULL; -- rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, -+ rand = rand_new_drbg(ctx, NULL, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL, 0); - CRYPTO_THREAD_set_local(&dgbl->public, rand); - } -@@ -799,7 +799,7 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB - if (CRYPTO_THREAD_get_local(&dgbl->public) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) - return NULL; -- rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, -+ rand = rand_new_drbg(ctx, NULL, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL, 0); - CRYPTO_THREAD_set_local(&dgbl->private, rand); - } -diff -up openssl-3.2.1/test/drbgtest.c.xxx openssl-3.2.1/test/drbgtest.c ---- openssl-3.2.1/test/drbgtest.c.xxx 2024-05-02 15:37:23.550979597 +0200 -+++ openssl-3.2.1/test/drbgtest.c 2024-05-02 15:45:37.189979881 +0200 -@@ -218,7 +218,7 @@ static int test_drbg_reseed(int expect_s - reseed_when = time(NULL); - - /* Generate random output from the public and private DRBG */ -- before_reseed = expect_primary_reseed == 1 ? reseed_when : 0; -+ before_reseed = 0; - if (!TEST_int_eq(rand_bytes((unsigned char*)public_random, - RANDOM_SIZE), expect_success) - || !TEST_int_eq(rand_priv_bytes((unsigned char*) private_random, -@@ -232,8 +232,8 @@ static int test_drbg_reseed(int expect_s - */ - - /* Test whether reseeding succeeded as expected */ -- if (!TEST_int_eq(state(primary), expected_state) -- || !TEST_int_eq(state(public), expected_state) -+ if (/*!TEST_int_eq(state(primary), expected_state) -+ ||*/ !TEST_int_eq(state(public), expected_state) - || !TEST_int_eq(state(private), expected_state)) - return 0; - -@@ -246,16 +246,16 @@ static int test_drbg_reseed(int expect_s - if (expect_public_reseed >= 0) { - /* Test whether public DRBG was reseeded as expected */ - if (!TEST_int_ge(reseed_counter(public), public_reseed) -- || !TEST_uint_ge(reseed_counter(public), -- reseed_counter(primary))) -+ /*|| !TEST_uint_ge(reseed_counter(public), -+ reseed_counter(primary))*/) - return 0; - } - - if (expect_private_reseed >= 0) { - /* Test whether public DRBG was reseeded as expected */ - if (!TEST_int_ge(reseed_counter(private), private_reseed) -- || !TEST_uint_ge(reseed_counter(private), -- reseed_counter(primary))) -+ /*|| !TEST_uint_ge(reseed_counter(private), -+ reseed_counter(primary))*/) - return 0; - } - -@@ -577,8 +577,8 @@ static int test_rand_reseed(void) - if (!TEST_ptr_ne(public, private) - || !TEST_ptr_ne(public, primary) - || !TEST_ptr_ne(private, primary) -- || !TEST_ptr_eq(prov_rand(public)->parent, prov_rand(primary)) -- || !TEST_ptr_eq(prov_rand(private)->parent, prov_rand(primary))) -+ /*|| !TEST_ptr_eq(prov_rand(public)->parent, prov_rand(primary)) -+ || !TEST_ptr_eq(prov_rand(private)->parent, prov_rand(primary))*/) - return 0; - - /* Disable CRNG testing for the primary DRBG */ diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch deleted file mode 100644 index 692bebc..0000000 --- a/0077-FIPS-140-3-zeroization.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 31 Jul 2023 09:41:29 +0200 -Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch - -Patch-name: 0077-FIPS-140-3-zeroization.patch -Patch-id: 77 -Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd ---- - crypto/ec/ec_lib.c | 4 ++++ - crypto/ffc/ffc_params.c | 8 ++++---- - crypto/rsa/rsa_lib.c | 4 ++-- - providers/implementations/kdfs/hkdf.c | 2 +- - providers/implementations/kdfs/pbkdf2.c | 2 +- - 5 files changed, 12 insertions(+), 8 deletions(-) - -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 6c37bf78ae..cfbc3c3c1d 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) - - void EC_POINT_free(EC_POINT *point) - { -+#ifdef FIPS_MODULE -+ EC_POINT_clear_free(point); -+#else - if (point == NULL) - return; - - if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_free(point); -+#endif - } - - void EC_POINT_clear_free(EC_POINT *point) -diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c -index 3536efd1ad..f3c164b8fc 100644 ---- a/crypto/ffc/ffc_params.c -+++ b/crypto/ffc/ffc_params.c -@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params) - - void ossl_ffc_params_cleanup(FFC_PARAMS *params) - { -- BN_free(params->p); -- BN_free(params->q); -- BN_free(params->g); -- BN_free(params->j); -+ BN_clear_free(params->p); -+ BN_clear_free(params->q); -+ BN_clear_free(params->g); -+ BN_clear_free(params->j); - OPENSSL_free(params->seed); - ossl_ffc_params_init(params); - } -diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c -index 9588a75964..76b4aac6fc 100644 ---- a/crypto/rsa/rsa_lib.c -+++ b/crypto/rsa/rsa_lib.c -@@ -155,8 +155,8 @@ void RSA_free(RSA *r) - CRYPTO_THREAD_lock_free(r->lock); - CRYPTO_FREE_REF(&r->references); - -- BN_free(r->n); -- BN_free(r->e); -+ BN_clear_free(r->n); -+ BN_clear_free(r->e); - BN_clear_free(r->d); - BN_clear_free(r->p); - BN_clear_free(r->q); -diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index daa619b8af..5304baa6c9 100644 ---- a/providers/implementations/kdfs/hkdf.c -+++ b/providers/implementations/kdfs/hkdf.c -@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx) - void *provctx = ctx->provctx; - - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_free(ctx->prefix); - OPENSSL_free(ctx->label); - OPENSSL_clear_free(ctx->data, ctx->data_len); -diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index 5c3e7b95ce..349c3dd657 100644 ---- a/providers/implementations/kdfs/pbkdf2.c -+++ b/providers/implementations/kdfs/pbkdf2.c -@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx) - static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) - { - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_clear_free(ctx->pass, ctx->pass_len); - memset(ctx, 0, sizeof(*ctx)); - } --- -2.41.0 - diff --git a/0078-KDF-Add-FIPS-indicators.patch b/0078-KDF-Add-FIPS-indicators.patch deleted file mode 100644 index 17ff63e..0000000 --- a/0078-KDF-Add-FIPS-indicators.patch +++ /dev/null @@ -1,911 +0,0 @@ -From 2290280617183863eb15425b8925765966723725 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Thu, 11 Aug 2022 09:27:12 +0200 -Subject: KDF: Add FIPS indicators - -FIPS requires a number of restrictions on the parameters of the various -key derivation functions implemented in OpenSSL. The KDFs that use -digest algorithms usually should not allow SHAKE (due to FIPS 140-3 IG -C.C). Additionally, some application-specific KDFs have further -restrictions defined in SP 800-135r1. - -Generally, all KDFs shall use a key-derivation key length of at least -112 bits due to SP 800-131Ar2 section 8. Additionally any use of a KDF -to generate and output length of less than 112 bits will also set the -indicator to unapproved. - -Add explicit indicators to all KDFs usable in FIPS mode except for -PBKDF2 (which has its specific FIPS limits already implemented). The -indicator can be queried using EVP_KDF_CTX_get_params() after setting -the required parameters and keys for the KDF. - -Our FIPS provider implements SHA1, SHA2 (both -256 and -512, and the -truncated variants -224 and -384) and SHA3 (-256 and -512, and the -truncated versions -224 and -384), as well as SHAKE-128 and -256. - -The SHAKE functions are generally not allowed in KDFs. For the rest, the -support matrix is: - - KDF | SHA-1 | SHA-2 | SHA-2 truncated | SHA-3 | SHA-3 truncated -========================================================================== -KBKDF | x | x | x | x | x -HKDF | x | x | x | x | x -TLS1PRF | | SHA-{256,384,512} only | | -SSHKDF | x | x | x | | -SSKDF | x | x | x | x | x -X9.63KDF | | x | x | x | x -X9.42-ASN1 | x | x | x | x | x -TLS1.3PRF | | SHA-{256,384} only | | - -Signed-off-by: Clemens Lang -Resolves: rhbz#2160733 rhbz#2164763 -Related: rhbz#2114772 rhbz#2141695 ---- - include/crypto/evp.h | 7 ++ - include/openssl/kdf.h | 4 + - providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++- - providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++-- - providers/implementations/kdfs/sshkdf.c | 75 +++++++++++++++- - providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++- - providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++- - providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++- - util/perl/OpenSSL/paramnames.pm | 1 + - 9 files changed, 487 insertions(+), 22 deletions(-) - -diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index e70d8e9e84..76fb990de4 100644 ---- a/include/crypto/evp.h -+++ b/include/crypto/evp.h -@@ -219,6 +219,13 @@ struct evp_mac_st { - OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; - }; - -+#ifdef FIPS_MODULE -+/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving -+ * Additional Keys from a Cryptographic Key, "[t]he length of the -+ * key-derivation key [i.e., the input key] shall be at least 112 bits". */ -+# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8) -+#endif -+ - struct evp_kdf_st { - OSSL_PROVIDER *prov; - int name_id; -diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h -index 0983230a48..86171635ea 100644 ---- a/include/openssl/kdf.h -+++ b/include/openssl/kdf.h -@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, - # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 - # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 - -+# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1 -+# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 -+ - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 - #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 -diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index dfa7786bde..f01e40ff5a 100644 ---- a/providers/implementations/kdfs/hkdf.c -+++ b/providers/implementations/kdfs/hkdf.c -@@ -42,6 +42,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; - static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; - static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; - static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; -+static OSSL_FUNC_kdf_newctx_fn kdf_tls1_3_new; - static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive; - static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params; - static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; -@@ -85,6 +86,10 @@ typedef struct { - size_t data_len; - unsigned char *info; - size_t info_len; -+ int is_tls13; -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } KDF_HKDF; - - static void *kdf_hkdf_new(void *provctx) -@@ -170,6 +175,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, - return 0; - } - -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - switch (ctx->mode) { - case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: - default: -@@ -318,22 +318,85 @@ static int kdf_hkdf_get_ctx_params(void - { - KDF_HKDF *ctx = (KDF_HKDF *)vctx; - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ - - if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { - size_t sz = kdf_hkdf_size(ctx); - -+ any_valid = 1; - if (sz == 0) - return 0; - return OSSL_PARAM_set_size_t(p, sz); - } - if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) { -+ any_valid = 1; - if (ctx->info == NULL || ctx->info_len == 0) { - p->return_size = 0; - return 1; - } - return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len); - } -- return -2; -+#ifdef FIPS_MODULE -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) -+ != NULL) { -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ if (ctx->is_tls13) { -+ if (md != NULL -+ && !EVP_MD_is_a(md, "SHA2-256") -+ && !EVP_MD_is_a(md, "SHA2-384")) { -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic -+ * Module Validation Program, Section 2.4.B, (5): "The TLS 1.3 -+ * key derivation function documented in Section 7.1 of RFC -+ * 8446. This is considered an approved CVL because the -+ * underlying functions performed within the TLS 1.3 KDF map to -+ * NIST approved standards, namely: SP 800-133rev2 (Section 6.3 -+ * Option #3), SP 800-56Crev2, and SP 800-108." -+ * -+ * RFC 8446 appendix B.4 only lists SHA-256 and SHA-384. */ -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ } else { -+ if (md != NULL -+ && (EVP_MD_is_a(md, "SHAKE-128") || -+ EVP_MD_is_a(md, "SHAKE-256"))) { -+ /* HKDF is a SP 800-56Cr2 TwoStep KDF, for which all SHA-1, -+ * SHA-2 and SHA-3 are approved. SHAKE is not approved, because -+ * of FIPS 140-3 IG, section C.C: "The SHAKE128 and SHAKE256 -+ * extendable-output functions may only be used as the -+ * standalone algorithms." */ -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ } -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif /* defined(FIPS_MODULE) */ -+ -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -348,6 +421,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -@@ -677,6 +753,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, - return ret; - } - -+static void *kdf_tls1_3_new(void *provctx) -+{ -+ KDF_HKDF *hkdf = kdf_hkdf_new(provctx); -+ -+ if (hkdf != NULL) -+ hkdf->is_tls13 = 1; -+ -+ return hkdf; -+} -+ -+ - static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) - { -@@ -692,6 +779,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, - return 0; - } - -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - switch (ctx->mode) { - default: - return 0; -@@ -769,7 +861,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, - } - - const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { -- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, -+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_3_new }, - { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, -diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c -index a542f84dfa..6b6dfb94ac 100644 ---- a/providers/implementations/kdfs/kbkdf.c -+++ b/providers/implementations/kdfs/kbkdf.c -@@ -59,6 +59,9 @@ typedef struct { - kbkdf_mode mode; - EVP_MAC_CTX *ctx_init; - -+ /* HMAC digest algorithm, if any; used to compute FIPS indicator */ -+ PROV_DIGEST digest; -+ - /* Names are lowercased versions of those found in SP800-108. */ - int r; - unsigned char *ki; -@@ -73,6 +76,9 @@ typedef struct { - int use_l; - int is_kmac; - int use_separator; -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } KBKDF; - - /* Definitions needed for typechecking. */ -@@ -138,6 +144,7 @@ static void kbkdf_reset(void *vctx) - void *provctx = ctx->provctx; - - EVP_MAC_CTX_free(ctx->ctx_init); -+ ossl_prov_digest_reset(&ctx->digest); - OPENSSL_clear_free(ctx->context, ctx->context_len); - OPENSSL_clear_free(ctx->label, ctx->label_len); - OPENSSL_clear_free(ctx->ki, ctx->ki_len); -@@ -240,6 +247,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, - goto done; - } - -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init); - if (h == 0) - goto done; -@@ -297,6 +309,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - } - } - -+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) -+ return 0; -+ - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); - if (p != NULL - && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { -@@ -363,20 +378,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, - static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ - - p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE); -- if (p == NULL) -+ if (p != NULL) { -+ any_valid = 1; -+ -+ /* KBKDF can produce results as large as you like. */ -+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) -+ return 0; -+ } -+ -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ KBKDF *ctx = (KBKDF *)vctx; -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 -+ * extendable-output functions may only be used as the standalone -+ * algorithms." Note that the digest is only used when the MAC -+ * algorithm is HMAC. */ -+ if (ctx->ctx_init != NULL -+ && EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC)) { -+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); -+ if (md != NULL -+ && (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256"))) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ } -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif -+ -+ if (!any_valid) - return -2; - -- /* KBKDF can produce results as large as you like. */ -- return OSSL_PARAM_set_size_t(p, SIZE_MAX); -+ return 1; - } - - static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) - { -- static const OSSL_PARAM known_gettable_ctx_params[] = -- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END }; -+ static const OSSL_PARAM known_gettable_ctx_params[] = { -+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ -+ OSSL_PARAM_END -+ }; - return known_gettable_ctx_params; - } - -diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c -index c592ba72f1..4a52b38266 100644 ---- a/providers/implementations/kdfs/sshkdf.c -+++ b/providers/implementations/kdfs/sshkdf.c -@@ -48,6 +48,9 @@ typedef struct { - char type; /* X */ - unsigned char *session_id; - size_t session_id_len; -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } KDF_SSHKDF; - - static void *kdf_sshkdf_new(void *provctx) -@@ -126,6 +129,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); - return 0; - } -+ -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - return SSHKDF(md, ctx->key, ctx->key_len, - ctx->xcghash, ctx->xcghash_len, - ctx->session_id, ctx->session_id_len, -@@ -194,10 +203,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, - static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ - -- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) -- return OSSL_PARAM_set_size_t(p, SIZE_MAX); -- return -2; -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { -+ any_valid = 1; -+ -+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) -+ return 0; -+ } -+ -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ KDF_SSHKDF *ctx = vctx; -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 -+ * extendable-output functions may only be used as the standalone -+ * algorithms." -+ * -+ * Additionally, SP 800-135r1 section 5.2 specifies that the hash -+ * function used in SSHKDF "is one of the hash functions specified in -+ * FIPS 180-3.", which rules out SHA-3 and truncated variants of SHA-2. -+ * */ -+ if (ctx->digest.md != NULL -+ && !EVP_MD_is_a(ctx->digest.md, "SHA-1") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-224") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif -+ -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -205,6 +271,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c -index eb54972e1c..23865cd70f 100644 ---- a/providers/implementations/kdfs/sskdf.c -+++ b/providers/implementations/kdfs/sskdf.c -@@ -64,6 +64,10 @@ typedef struct { - size_t salt_len; - size_t out_len; /* optional KMAC parameter */ - int is_kmac; -+ int is_x963kdf; -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } KDF_SSKDF; - - #define SSKDF_MAX_INLEN (1<<30) -@@ -73,6 +77,7 @@ typedef struct { - static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; - - static OSSL_FUNC_kdf_newctx_fn sskdf_new; -+static OSSL_FUNC_kdf_newctx_fn x963kdf_new; - static OSSL_FUNC_kdf_dupctx_fn sskdf_dup; - static OSSL_FUNC_kdf_freectx_fn sskdf_free; - static OSSL_FUNC_kdf_reset_fn sskdf_reset; -@@ -296,6 +301,16 @@ static void *sskdf_new(void *provctx) - return ctx; - } - -+static void *x963kdf_new(void *provctx) -+{ -+ KDF_SSKDF *ctx = sskdf_new(provctx); -+ -+ if (ctx) -+ ctx->is_x963kdf = 1; -+ -+ return ctx; -+} -+ - static void sskdf_reset(void *vctx) - { - KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; -@@ -361,6 +376,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, - } - md = ossl_prov_digest_md(&ctx->digest); - -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - if (ctx->macctx != NULL) { - /* H(x) = KMAC or H(x) = HMAC */ - int ret; -@@ -442,6 +462,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, - return 0; - } - -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ -+ - return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, - ctx->info, ctx->info_len, 1, key, keylen); - } -@@ -514,10 +539,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { - KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ -+ -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { -+ any_valid = 1; -+ -+ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx))) -+ return 0; -+ } - -- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) -- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx)); -- return -2; -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 -+ * extendable-output functions may only be used as the standalone -+ * algorithms." */ -+ if (ctx->macctx == NULL -+ || (ctx->macctx != NULL && -+ EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), OSSL_MAC_NAME_HMAC))) { -+ if (ctx->digest.md != NULL -+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") || -+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ -+ /* Table H-3 in ANS X9.63-2001 says that 160-bit hash functions -+ * should only be used for 80-bit key agreement, but FIPS 140-3 -+ * requires a security strength of 112 bits, so SHA-1 cannot be -+ * used with X9.63. See the discussion in -+ * https://github.com/usnistgov/ACVP/issues/1403#issuecomment-1435300395. -+ */ -+ if (ctx->is_x963kdf -+ && ctx->digest.md != NULL -+ && EVP_MD_is_a(ctx->digest.md, "SHA-1")) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ } -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif -+ -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -525,6 +614,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -@@ -545,7 +637,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { - }; - - const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { -- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, -+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x963kdf_new }, - { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, -diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c -index a4d64b9352..f6782a6ca2 100644 ---- a/providers/implementations/kdfs/tls1_prf.c -+++ b/providers/implementations/kdfs/tls1_prf.c -@@ -93,6 +93,13 @@ typedef struct { - /* Buffer of concatenated seed data */ - unsigned char seed[TLS1_PRF_MAXBUF]; - size_t seedlen; -+ -+ /* MAC digest algorithm; used to compute FIPS indicator */ -+ PROV_DIGEST digest; -+ -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } TLS1_PRF; - - static void *kdf_tls1_prf_new(void *provctx) -@@ -129,6 +136,7 @@ static void kdf_tls1_prf_reset(void *vctx) - EVP_MAC_CTX_free(ctx->P_sha1); - OPENSSL_clear_free(ctx->sec, ctx->seclen); - OPENSSL_cleanse(ctx->seed, ctx->seedlen); -+ ossl_prov_digest_reset(&ctx->digest); - memset(ctx, 0, sizeof(*ctx)); - ctx->provctx = provctx; - } -@@ -157,6 +165,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ - - /* - * The seed buffer is prepended with a label. -@@ -191,6 +203,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - } - } - -+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) -+ return 0; -+ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) { - OPENSSL_clear_free(ctx->sec, ctx->seclen); - ctx->sec = NULL; -@@ -232,10 +247,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( - static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { - OSSL_PARAM *p; -+#ifdef FIPS_MODULE -+ TLS1_PRF *ctx = vctx; -+#endif /* defined(FIPS_MODULE) */ -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ -+ -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { -+ any_valid = 1; -+ -+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) -+ return 0; -+ } -+ -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->seclen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3) -+ * P_HASH uses either SHA-256, SHA-384 or SHA-512." */ -+ if (ctx->digest.md != NULL -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384") -+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif - -- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) -- return OSSL_PARAM_set_size_t(p, SIZE_MAX); -- return -2; -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( -@@ -243,6 +308,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c -index b1bc6f7e1b..8173fc2cc7 100644 ---- a/providers/implementations/kdfs/x942kdf.c -+++ b/providers/implementations/kdfs/x942kdf.c -@@ -13,11 +13,13 @@ - #include - #include - #include -+#include - #include - #include - #include "internal/packet.h" - #include "internal/der.h" - #include "internal/nelem.h" -+#include "crypto/evp.h" - #include "prov/provider_ctx.h" - #include "prov/providercommon.h" - #include "prov/implementations.h" -@@ -47,6 +50,9 @@ typedef struct { - const unsigned char *cek_oid; - size_t cek_oid_len; - int use_keybits; -+#ifdef FIPS_MODULE -+ int fips_indicator; -+#endif /* defined(FIPS_MODULE) */ - } KDF_X942; - - /* -@@ -460,6 +466,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); - return 0; - } -+#ifdef FIPS_MODULE -+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) -+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+#endif /* defined(FIPS_MODULE) */ - ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, - der, der_len, ctr, key, keylen); - OPENSSL_free(der); -@@ -563,10 +573,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { - KDF_X942 *ctx = (KDF_X942 *)vctx; - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ - -- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) -- return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)); -- return -2; -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { -+ any_valid = 1; -+ -+ if (!OSSL_PARAM_set_size_t(p, x942kdf_size(ctx))) -+ return 0; -+ } -+ -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ any_valid = 1; -+ -+ /* According to NIST Special Publication 800-131Ar2, Section 8: -+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of -+ * the key-derivation key [i.e., the input key] shall be at least 112 -+ * bits". */ -+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section D.B and NIST Special Publication -+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security -+ * strength < 112 bits is legacy use only, so all derived keys should -+ * be longer than that. If a derived key has ever been shorter than -+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we -+ * should also set the returned FIPS indicator to unapproved. */ -+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 -+ * extendable-output functions may only be used as the standalone -+ * algorithms." */ -+ if (ctx->digest.md != NULL -+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") || -+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) { -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif -+ -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -574,6 +632,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index 70f7c50fe4..6618122417 100644 ---- a/util/perl/OpenSSL/paramnames.pm -+++ b/util/perl/OpenSSL/paramnames.pm -@@ -183,6 +183,7 @@ my %params = ( - 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo", - 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo", - 'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits", -+ 'KDF_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", - 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy", - 'KDF_PARAM_HMACDRBG_NONCE' => "nonce", - 'KDF_PARAM_THREADS' => "threads", # uint32_t --- -2.39.2 - diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch deleted file mode 100644 index 68953fb..0000000 --- a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:46:40 +0200 -Subject: [PATCH 38/48] - 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch - -Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -Patch-id: 83 ---- - include/crypto/evp.h | 7 +++++++ - include/openssl/evp.h | 3 +++ - providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++ - 4 files changed, 28 insertions(+) - -diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index aa07153441..a13127bd59 100644 ---- a/include/crypto/evp.h -+++ b/include/crypto/evp.h -@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); - const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); - const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); - -+#ifdef FIPS_MODULE -+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key -+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for -+ * HMAC verification. */ -+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8) -+#endif -+ - struct evp_mac_st { - OSSL_PROVIDER *prov; - int name_id; -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 86f4e22c70..615857caf5 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - void *arg); - - /* MAC stuff */ -+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1 -+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 - - EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties); -diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c -index 52ebb08b8f..cf5c3ecbe7 100644 ---- a/providers/implementations/macs/hmac_prov.c -+++ b/providers/implementations/macs/hmac_prov.c -@@ -21,6 +21,8 @@ - #include - #include - -+#include "crypto/evp.h" -+ - #include "internal/ssl3_cbc.h" - - #include "prov/implementations.h" -@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), - OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, -@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) - && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) - return 0; - -+#ifdef FIPS_MODULE -+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) { -+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED; -+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms -+ * specifies key lengths < 112 bytes are disallowed for HMAC generation -+ * and legacy use for HMAC verification. */ -+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN) -+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ return OSSL_PARAM_set_int(p, fips_indicator); -+ } -+#endif /* defined(FIPS_MODULE) */ -+ - return 1; - } - --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch 2024-01-02 12:18:16.909596613 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:20:18.465886160 +0100 -@@ -137,12 +137,13 @@ my %params = ( - # If "engine",or "properties",are specified, they should always be paired - # with "cipher",or "digest". - -- 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string -- 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string -- 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string -- 'MAC_PARAM_SIZE' => "size", # size_t -- 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t -- 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t -+ 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string -+ 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string -+ 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string -+ 'MAC_PARAM_SIZE' => "size", # size_t -+ 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t -+ 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t -+ 'MAC_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", # size_t - - # KDF / PRF parameters - 'KDF_PARAM_SECRET' => "secret", # octet string diff --git a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch deleted file mode 100644 index bf94740..0000000 --- a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:47:55 +0200 -Subject: [PATCH 39/48] - 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch - -Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch -Patch-id: 84 ---- - providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++- - 1 file changed, 26 insertions(+), 1 deletion(-) - -diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index 349c3dd657..11820d1e69 100644 ---- a/providers/implementations/kdfs/pbkdf2.c -+++ b/providers/implementations/kdfs/pbkdf2.c -@@ -35,6 +35,21 @@ - #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF - #define KDF_PBKDF2_MIN_ITERATIONS 1000 - #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) -+/* The Implementation Guidance for FIPS 140-3 says in section D.N -+ * "Password-Based Key Derivation for Storage Applications" that "the vendor -+ * shall document in the module’s Security Policy the length of -+ * a password/passphrase used in key derivation and establish an upper bound -+ * for the probability of having this parameter guessed at random. This -+ * probability shall take into account not only the length of the -+ * password/passphrase, but also the difficulty of guessing it. The decision on -+ * the minimum length of a password used for key derivation is the vendor’s, -+ * but the vendor shall at a minimum informally justify the decision." -+ * -+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP -+ * testing uses passwords as short as 8 bytes, and requiring longer passwords -+ * combined with an implicit indicator (i.e., returning an error) would cause -+ * the module to fail ACVP testing. */ -+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8) - - static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; - static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup; -@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - ctx->lower_bound_checks = pkcs5 == 0; - } - -- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) -+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) { -+ if (ctx->lower_bound_checks != 0 -+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } - if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p)) - return 0; -+ } - - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { - if (ctx->lower_bound_checks != 0 -@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen, - } - - if (lower_bound_checks) { -+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } - if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { - ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); - return 0; --- -2.41.0 - diff --git a/0085-FIPS-RSA-disable-shake.patch b/0085-FIPS-RSA-disable-shake.patch deleted file mode 100644 index 9ae7a99..0000000 --- a/0085-FIPS-RSA-disable-shake.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:51:55 +0200 -Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch - -Patch-name: 0085-FIPS-RSA-disable-shake.patch -Patch-id: 85 ---- - crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++ - crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ - 2 files changed, 44 insertions(+) - -diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c -index b2f7f7dc4b..af2b0b026c 100644 ---- a/crypto/rsa/rsa_oaep.c -+++ b/crypto/rsa/rsa_oaep.c -@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, - return 0; - #endif - } -+ -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); -+ return 0; -+ } -+#endif - if (mgf1md == NULL) - mgf1md = md; - -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); -+ return 0; -+ } -+#endif -+ - mdlen = EVP_MD_get_size(md); - if (mdlen <= 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); -@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - #endif - } - -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); -+ return -1; -+ } -+#endif -+ - if (mgf1md == NULL) - mgf1md = md; - -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); -+ return -1; -+ } -+#endif -+ - mdlen = EVP_MD_get_size(md); - - if (tlen <= 0 || flen <= 0) -diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c -index bb46ec64c7..c0fdf232da 100644 ---- a/crypto/rsa/rsa_pss.c -+++ b/crypto/rsa/rsa_pss.c -@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - if (mgf1Hash == NULL) - mgf1Hash = Hash; - -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) -+ goto err; -+ -+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) -+ goto err; -+#endif -+ - hLen = EVP_MD_get_size(Hash); - if (hLen < 0) - goto err; -@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - if (mgf1Hash == NULL) - mgf1Hash = Hash; - -+#ifdef FIPS_MODULE -+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) -+ goto err; -+ -+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) -+ goto err; -+#endif -+ - hLen = EVP_MD_get_size(Hash); - if (hLen < 0) - goto err; --- -2.41.0 - diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch deleted file mode 100644 index 9cef315..0000000 --- a/0088-signature-Add-indicator-for-PSS-salt-length.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:58:07 +0200 -Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch - -Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch -Patch-id: 88 ---- - include/openssl/evp.h | 4 ++++ - providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++ - 3 files changed, 26 insertions(+) - -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 615857caf5..05f2d0f75a 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - -+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1 -+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 -+ - __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); - __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index cfaa4841cb..851671cfb1 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) - } - } - -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED; -+ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) { -+ if (prsactx->md == NULL) { -+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED; -+ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) { -+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ } else if (prsactx->pad_mode == RSA_NO_PADDING) { -+ if (prsactx->md == NULL) /* Should always be the case */ -+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ return OSSL_PARAM_set_int(p, fips_indicator); -+ } -+#endif -+ - return 1; - } - -@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif - OSSL_PARAM_END - }; - --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch 2024-01-02 12:23:57.106998142 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:26:29.687472015 +0100 -@@ -377,17 +377,18 @@ my %params = ( - 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", - - # Signature parameters -- 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id", -- 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', -- 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', -- 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', -- 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen", -- 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', -- 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES', -- 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE', -- 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type", -- 'SIGNATURE_PARAM_INSTANCE' => "instance", -- 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string", -+ 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id", -+ 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', -+ 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', -+ 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', -+ 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen", -+ 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', -+ 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES', -+ 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE', -+ 'SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", -+ 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type", -+ 'SIGNATURE_PARAM_INSTANCE' => "instance", -+ 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string", - - # Asym cipher parameters - 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', diff --git a/0091-FIPS-RSA-encapsulate.patch b/0091-FIPS-RSA-encapsulate.patch deleted file mode 100644 index 69c8546..0000000 --- a/0091-FIPS-RSA-encapsulate.patch +++ /dev/null @@ -1,47 +0,0 @@ -From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:01:48 +0200 -Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch - -Patch-name: 0091-FIPS-RSA-encapsulate.patch -Patch-id: 91 ---- - providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 365ae3d7d6..8a6f585d0b 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, - *secretlen = nlen; - return 1; - } -+ -+#ifdef FIPS_MODULE -+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); -+ return 0; -+ } -+#endif -+ - /* - * Step (2): Generate a random byte string z of nlen bytes where - * 1 < z < n - 1 -@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, - return 1; - } - -+#ifdef FIPS_MODULE -+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); -+ return 0; -+ } -+#endif -+ - /* Step (2): check the input ciphertext 'inlen' matches the nlen */ - if (inlen != nlen) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); --- -2.41.0 - diff --git a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch deleted file mode 100644 index fcd53e6..0000000 --- a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:10:11 +0200 -Subject: [PATCH 45/48] - 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch - -Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch -Patch-id: 110 ---- - include/openssl/evp.h | 4 +++ - .../implementations/ciphers/ciphercommon.c | 4 +++ - .../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++ - 4 files changed, 34 insertions(+) - -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 05f2d0f75a..f1a33ff6f2 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); - void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); - int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); - -+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED 1 -+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 -+ - __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); - __owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, -diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c -index fa383165d8..716add7339 100644 ---- a/providers/implementations/ciphers/ciphercommon.c -+++ b/providers/implementations/ciphers/ciphercommon.c -@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0), -+ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does -+ * not work in ciphercommon.c because it is compiled only once into -+ * libcommon.a */ -+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL), - OSSL_PARAM_END - }; - const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params( -diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c -index ed95c97ff4..db7910eb0e 100644 ---- a/providers/implementations/ciphers/ciphercommon_gcm.c -+++ b/providers/implementations/ciphers/ciphercommon_gcm.c -@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) - break; - } - } -+ -+ /* We would usually hide this under #ifdef FIPS_MODULE, but -+ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do -+ * not work here. */ -+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module -+ * Verification Program, Section C.H requires guarantees about the -+ * uniqueness of key/iv pairs, and proposes a few approaches to ensure -+ * this. This provides an indicator for option 2 "The IV may be -+ * generated internally at its entirety randomly." Note that one of the -+ * conditions of this option is that "The IV length shall be at least -+ * 96 bits (per SP 800-38D)." We do not specically check for this -+ * condition here, because gcm_iv_generate will fail in this case. */ -+ if (ctx->enc && !ctx->iv_gen_rand) -+ fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -+ return 0; -+ } -+ } -+ - return 1; - } - --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch 2024-01-02 12:29:45.119433637 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:33:09.146723045 +0100 -@@ -101,8 +101,9 @@ my %params = ( - 'CIPHER_PARAM_SPEED' => "speed", # uint - 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string - # For passing the AlgorithmIdentifier parameter in DER form -- 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string -- 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string -+ 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string -+ 'CIPHER_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", # int -+ 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string - - 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint - 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t diff --git a/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch b/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch deleted file mode 100644 index aec08c9..0000000 --- a/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:12:33 +0200 -Subject: [PATCH 46/48] - 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch - -Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch -Patch-id: 112 ---- - providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++-- - 1 file changed, 37 insertions(+), 3 deletions(-) - -diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index 11820d1e69..bae2238ab5 100644 ---- a/providers/implementations/kdfs/pbkdf2.c -+++ b/providers/implementations/kdfs/pbkdf2.c -@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, - - static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[]) - { -+#ifdef FIPS_MODULE -+ KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM *p; -+ int any_valid = 0; /* set to 1 when at least one parameter was valid */ -+ -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { -+ any_valid = 1; -+ -+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) -+ return 0; -+ } -+ -+#ifdef FIPS_MODULE -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) -+ != NULL) { -+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ /* The lower_bound_checks parameter enables checks required by FIPS. If -+ * those checks are disabled, the PBKDF2 implementation will also -+ * support non-approved parameters (e.g., salt lengths < 16 bytes, see -+ * NIST SP 800-132 section 5.1). */ -+ if (!ctx->lower_bound_checks) -+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; - -- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) -- return OSSL_PARAM_set_size_t(p, SIZE_MAX); -- return -2; -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ -+ any_valid = 1; -+ } -+#endif /* defined(FIPS_MODULE) */ -+ -+ if (!any_valid) -+ return -2; -+ -+ return 1; - } - - static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, -@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; --- -2.41.0 - diff --git a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch deleted file mode 100644 index 7a2e1f3..0000000 --- a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:13:46 +0200 -Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch - -Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -Patch-id: 113 ---- - include/openssl/core_names.h | 2 ++ - include/openssl/evp.h | 4 +++ - .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++ - providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++- - 4 files changed, 57 insertions(+), 1 deletion(-) - -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index f1a33ff6f2..dadbf46a5a 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); - OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); - # endif - -+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1 -+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 -+ - EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); - int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); -diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index d169bfd396..bd4dcb4e27 100644 ---- a/providers/implementations/asymciphers/rsa_enc.c -+++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) - return 0; - -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED; -+ -+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key -+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third -+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but -+ * explicit key confirmation is not implemented here and cannot be -+ * implemented without protocol changes, and the FIPS provider does not -+ * implement trusted third party validation, since it relies on its -+ * callers to do that. We must thus mark RSA-OAEP as unapproved until -+ * we have received clarification from NIST on how library modules such -+ * as OpenSSL should implement TTP validation. */ -+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif /* defined(FIPS_MODULE) */ -+ - return 1; - } - -@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), - #ifdef FIPS_MODULE - OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), -+ OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL), - #endif /* FIPS_MODULE */ - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - OSSL_PARAM_END -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 8a6f585d0b..f4b7415074 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, - static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params) - { - PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx; -+#ifdef FIPS_MODULE -+ OSSL_PARAM *p; -+#endif /* defined(FIPS_MODULE) */ -+ -+ if (ctx == NULL) -+ return 0; -+ -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate(params, OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR); -+ if (p != NULL) { -+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key -+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third -+ * party (section 6.4.2.3.1) for key agreement or key transport, but -+ * explicit key confirmation is not implemented here and cannot be -+ * implemented without protocol changes, and the FIPS provider does not -+ * implement trusted third party validation, since it relies on its -+ * callers to do that. We must thus mark RSASVE unapproved until we -+ * have received clarification from NIST on how library modules such as -+ * OpenSSL should implement TTP validation. */ -+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; -+ -+ if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } -+#endif /* defined(FIPS_MODULE) */ - -- return ctx != NULL; -+ return 1; - } - - static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch 2024-01-02 12:49:04.598756268 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:53:16.466464414 +0100 -@@ -406,6 +406,7 @@ my %params = ( - 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", - 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", - 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed", -+ 'ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", - - # Encoder / decoder parameters - -@@ -438,8 +439,9 @@ my %params = ( - 'SIGNATURE_PARAM_KAT' => "kat", - - # KEM parameters -- 'KEM_PARAM_OPERATION' => "operation", -- 'KEM_PARAM_IKME' => "ikme", -+ 'KEM_PARAM_OPERATION' => "operation", -+ 'KEM_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", -+ 'KEM_PARAM_IKME' => "ikme", - - # Capabilities - diff --git a/0117-ignore-unknown-sigalgorithms-groups.patch b/0117-ignore-unknown-sigalgorithms-groups.patch deleted file mode 100644 index dd40e11..0000000 --- a/0117-ignore-unknown-sigalgorithms-groups.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 242c746690dd1d0e500fa554c60536877d77776d Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 14 Dec 2023 17:08:56 +0100 -Subject: [PATCH 47/49] 0117-ignore-unknown-sigalgorithms-groups.patch - -Patch-name: 0117-ignore-unknown-sigalgorithms-groups.patch -Patch-id: 117 -Patch-status: | - # https://github.com/openssl/openssl/issues/23050 ---- - CHANGES.md | 13 +++++++ - doc/man3/SSL_CTX_set1_curves.pod | 6 ++- - doc/man3/SSL_CTX_set1_sigalgs.pod | 11 +++++- - ssl/t1_lib.c | 56 +++++++++++++++++++++------- - test/sslapitest.c | 61 +++++++++++++++++++++++++++++++ - 5 files changed, 132 insertions(+), 15 deletions(-) - -diff --git a/CHANGES.md b/CHANGES.md -index ca29762ac2..4e21d0ddf9 100644 ---- a/CHANGES.md -+++ b/CHANGES.md -@@ -27,6 +27,19 @@ OpenSSL 3.2 - - ### Changes between 3.2.0 and 3.2.1 [30 Jan 2024] - -+ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms -+ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and -+ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are -+ ignored and the configuration will still be used. -+ -+ Similarly unknown entries that start with `?` character in a TLS -+ Groups config option or set with SSL[_CTX]_set1_groups_list() are ignored -+ and the configuration will still be used. -+ -+ In both cases if the resulting list is empty, an error is returned. -+ -+ *Tomáš Mráz* -+ - * A file in PKCS12 format can contain certificates and keys and may come from - an untrusted source. The PKCS12 specification allows certain fields to be - NULL, but OpenSSL did not correctly check for this case. A fix has been -diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod -index c26ef00306..f0566e148e 100644 ---- a/doc/man3/SSL_CTX_set1_curves.pod -+++ b/doc/man3/SSL_CTX_set1_curves.pod -@@ -58,7 +58,8 @@ string B. The string is a colon separated list of group names, for example - are B, B, B, B, B, B, - B, B, B, B, - B, B and B. Support for other groups may be --added by external providers. -+added by external providers. If a group name is preceded with the C -+character, it will be ignored if an implementation is missing. - - SSL_set1_groups() and SSL_set1_groups_list() are similar except they set - supported groups for the SSL structure B. -@@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group - functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function - was added in OpenSSL 3.0.0. - -+Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and -+SSL_set1_groups_list() was added in OpenSSL 3.3. -+ - =head1 COPYRIGHT - - Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. -diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod -index eb31006346..5b7de7d956 100644 ---- a/doc/man3/SSL_CTX_set1_sigalgs.pod -+++ b/doc/man3/SSL_CTX_set1_sigalgs.pod -@@ -33,7 +33,9 @@ signature algorithms for B or B. The B parameter - must be a null terminated string consisting of a colon separated list of - elements, where each element is either a combination of a public key - algorithm and a digest separated by B<+>, or a TLS 1.3-style named --SignatureScheme such as rsa_pss_pss_sha256. -+SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded -+with the C character, it will be ignored if an implementation is missing. -+ - - SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), - SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set -@@ -106,6 +108,13 @@ using a string: - L, L, - L - -+=head1 HISTORY -+ -+Support for ignoring unknown signature algorithms in -+SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(), -+SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() -+was added in OpenSSL 3.3. -+ - =head1 COPYRIGHT - - Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 056aae3863..fe680449c5 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1052,9 +1052,15 @@ static int gid_cb(const char *elem, int len, void *arg) - size_t i; - uint16_t gid = 0; - char etmp[GROUP_NAME_BUFFER_LENGTH]; -+ int ignore_unknown = 0; - - if (elem == NULL) - return 0; -+ if (elem[0] == '?') { -+ ignore_unknown = 1; -+ ++elem; -+ --len; -+ } - if (garg->gidcnt == garg->gidmax) { - uint16_t *tmp = - OPENSSL_realloc(garg->gid_arr, -@@ -1070,13 +1076,14 @@ static int gid_cb(const char *elem, int len, void *arg) - - gid = tls1_group_name2id(garg->ctx, etmp); - if (gid == 0) { -- ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, -- "group '%s' cannot be set", etmp); -- return 0; -+ /* Unknown group - ignore, if ignore_unknown */ -+ return ignore_unknown; - } - for (i = 0; i < garg->gidcnt; i++) -- if (garg->gid_arr[i] == gid) -- return 0; -+ if (garg->gid_arr[i] == gid) { -+ /* Duplicate group - ignore */ -+ return 1; -+ } - garg->gid_arr[garg->gidcnt++] = gid; - return 1; - } -@@ -1097,6 +1104,11 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, - gcb.ctx = ctx; - if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb)) - goto end; -+ if (gcb.gidcnt == 0) { -+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, -+ "No valid groups in '%s'", str); -+ goto end; -+ } - if (pext == NULL) { - ret = 1; - goto end; -@@ -2905,8 +2917,15 @@ static int sig_cb(const char *elem, int len, void *arg) - const SIGALG_LOOKUP *s; - char etmp[TLS_MAX_SIGSTRING_LEN], *p; - int sig_alg = NID_undef, hash_alg = NID_undef; -+ int ignore_unknown = 0; -+ - if (elem == NULL) - return 0; -+ if (elem[0] == '?') { -+ ignore_unknown = 1; -+ ++elem; -+ --len; -+ } - if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT) - return 0; - if (len > (int)(sizeof(etmp) - 1)) -@@ -2931,8 +2950,10 @@ static int sig_cb(const char *elem, int len, void *arg) - break; - } - } -- if (i == OSSL_NELEM(sigalg_lookup_tbl)) -- return 0; -+ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { -+ /* Ignore unknown algorithms if ignore_unknown */ -+ return ignore_unknown; -+ } - } - } else { - *p = 0; -@@ -2940,8 +2961,10 @@ static int sig_cb(const char *elem, int len, void *arg) - return 0; - get_sigorhash(&sig_alg, &hash_alg, etmp); - get_sigorhash(&sig_alg, &hash_alg, p); -- if (sig_alg == NID_undef || hash_alg == NID_undef) -- return 0; -+ if (sig_alg == NID_undef || hash_alg == NID_undef) { -+ /* Ignore unknown algorithms if ignore_unknown */ -+ return ignore_unknown; -+ } - for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { - if (s->hash == hash_alg && s->sig == sig_alg) { -@@ -2949,15 +2972,17 @@ static int sig_cb(const char *elem, int len, void *arg) - break; - } - } -- if (i == OSSL_NELEM(sigalg_lookup_tbl)) -- return 0; -+ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { -+ /* Ignore unknown algorithms if ignore_unknown */ -+ return ignore_unknown; -+ } - } - -- /* Reject duplicates */ -+ /* Ignore duplicates */ - for (i = 0; i < sarg->sigalgcnt - 1; i++) { - if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { - sarg->sigalgcnt--; -- return 0; -+ return 1; - } - } - return 1; -@@ -2973,6 +2998,11 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) - } - if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) - return 0; -+ if (sig.sigalgcnt == 0) { -+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, -+ "No valid signature algorithms in '%s'", str); -+ return 0; -+ } - if (c == NULL) - return 1; - return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); -diff --git a/test/sslapitest.c b/test/sslapitest.c -index 1c14f93ed1..184a0f1055 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -39,6 +39,7 @@ - #include "testutil.h" - #include "testutil/output.h" - #include "internal/nelem.h" -+#include "internal/tlsgroups.h" - #include "internal/ktls.h" - #include "../ssl/ssl_local.h" - #include "../ssl/record/methods/recmethod_local.h" -@@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = { - {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, - # endif - {NULL, 0, "RSA+SHA256", 1, 1}, -+ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1}, - # ifndef OPENSSL_NO_EC - {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, - {NULL, 0, "ECDSA+SHA512", 1, 0}, -@@ -9276,6 +9278,64 @@ static int test_servername(int tst) - return testresult; - } - -+static int test_unknown_sigalgs_groups(void) -+{ -+ int ret = 0; -+ SSL_CTX *ctx = NULL; -+ -+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) -+ goto end; -+ -+ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx, -+ "RSA+SHA256:?nonexistent:?RSA+SHA512"), -+ 0)) -+ goto end; -+ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2) -+ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) -+ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) -+ goto end; -+ -+ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx, -+ "RSA+SHA256:?nonexistent:?RSA+SHA512"), -+ 0)) -+ goto end; -+ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2) -+ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) -+ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) -+ goto end; -+ -+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, -+ "nonexistent"), -+ 0)) -+ goto end; -+ -+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, -+ "?nonexistent1:?nonexistent2:?nonexistent3"), -+ 0)) -+ goto end; -+ -+#ifndef OPENSSL_NO_EC -+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, -+ "P-256:nonexistent"), -+ 0)) -+ goto end; -+ -+ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, -+ "P-384:?nonexistent:?P-521"), -+ 0)) -+ goto end; -+ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2) -+ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1) -+ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1)) -+ goto end; -+#endif -+ -+ ret = 1; -+ end: -+ SSL_CTX_free(ctx); -+ return ret; -+} -+ - #if !defined(OPENSSL_NO_EC) \ - && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) - /* -@@ -11519,6 +11579,7 @@ int setup_tests(void) - ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); - #endif - ADD_ALL_TESTS(test_servername, 10); -+ ADD_TEST(test_unknown_sigalgs_groups); - #if !defined(OPENSSL_NO_EC) \ - && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) - ADD_ALL_TESTS(test_sigalgs_available, 6); --- -2.44.0 - diff --git a/0121-FIPS-cms-defaults.patch b/0121-FIPS-cms-defaults.patch deleted file mode 100644 index 7598512..0000000 --- a/0121-FIPS-cms-defaults.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff -up openssl-3.0.7/apps/cms.c.fips_cms openssl-3.0.7/apps/cms.c ---- openssl-3.0.7/apps/cms.c.fips_cms 2023-05-18 14:03:56.360555106 +0200 -+++ openssl-3.0.7/apps/cms.c 2023-05-18 14:13:33.765183185 +0200 -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - static int save_certs(char *signerfile, STACK_OF(X509) *signers); - static int cms_cb(int ok, X509_STORE_CTX *ctx); -@@ -810,12 +811,16 @@ int cms_main(int argc, char **argv) - - if (operation == SMIME_ENCRYPT) { - if (!cipher) { -+ if (FIPS_mode()) { -+ cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); -+ } else { - #ifndef OPENSSL_NO_DES -- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -+ cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); - #else -- BIO_printf(bio_err, "No cipher selected\n"); -- goto end; -+ BIO_printf(bio_err, "No cipher selected\n"); -+ goto end; - #endif -+ } - } - - if (secret_key && !secret_keyid) { -diff -up openssl-3.0.7/crypto/cms/cms_env.c.fips_cms openssl-3.0.7/crypto/cms/cms_env.c ---- openssl-3.0.7/crypto/cms/cms_env.c.fips_cms 2023-05-22 10:06:50.276528155 +0200 -+++ openssl-3.0.7/crypto/cms/cms_env.c 2023-05-22 10:08:58.406073945 +0200 -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - #include "internal/sizes.h" - #include "crypto/asn1.h" - #include "crypto/evp.h" -@@ -321,6 +321,10 @@ static int cms_RecipientInfo_ktri_init(C - return 0; - if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) - return 0; -+ if (FIPS_mode()) { -+ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0) -+ return 0; -+ } - } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) - return 0; - return 1; -@@ -484,6 +489,11 @@ static int cms_RecipientInfo_ktri_encryp - - if (EVP_PKEY_encrypt_init(pctx) <= 0) - goto err; -+ -+ if (FIPS_mode()) { -+ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0) -+ goto err; -+ } - } - - if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) diff --git a/0122-TMP-KTLS-test-skip.patch b/0122-TMP-KTLS-test-skip.patch deleted file mode 100644 index f037ee3..0000000 --- a/0122-TMP-KTLS-test-skip.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up openssl-3.2.1/test/sslapitest.c.xxx openssl-3.2.1/test/sslapitest.c ---- openssl-3.2.1/test/sslapitest.c.xxx 2024-04-15 10:14:47.292448045 +0200 -+++ openssl-3.2.1/test/sslapitest.c 2024-04-15 10:15:23.428396994 +0200 -@@ -1020,9 +1020,10 @@ static int execute_test_large_message(co - /* sock must be connected */ - static int ktls_chk_platform(int sock) - { -- if (!ktls_enable(sock)) -+/* if (!ktls_enable(sock)) - return 0; -- return 1; -+ return 1; */ -+ return 0; - } - - static int ping_pong_query(SSL *clientssl, SSL *serverssl) diff --git a/0123-kdf-Preserve-backward-compatibility-with-older-provi.patch b/0123-kdf-Preserve-backward-compatibility-with-older-provi.patch deleted file mode 100644 index 85f97c6..0000000 --- a/0123-kdf-Preserve-backward-compatibility-with-older-provi.patch +++ /dev/null @@ -1,62 +0,0 @@ -From a4daab0c29bce044d385bdeada177a88c32cba4c Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 17 Jun 2024 16:48:26 +0200 -Subject: [PATCH] Fix regression of EVP_PKEY_CTX_add1_hkdf_info() with older - providers - -If there is no get_ctx_params() implemented in the key exchange -provider implementation the fallback will not work. Instead -check the gettable_ctx_params() to see if the fallback should be -performed. - -Fixes #24611 - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -(Merged from https://github.com/openssl/openssl/pull/24661) - -(cherry picked from commit 663dbc9c9c897392a9f9d18aa9a8400ca024dc5d) ---- - crypto/evp/pmeth_lib.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index 2caff2cd6d..d15e43be05 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -1026,6 +1026,7 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - int datalen) - { - OSSL_PARAM os_params[2]; -+ const OSSL_PARAM *gettables; - unsigned char *info = NULL; - size_t info_len = 0; - size_t info_alloc = 0; -@@ -1049,6 +1050,12 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - return 1; - } - -+ /* Check for older provider that doesn't support getting this parameter */ -+ gettables = EVP_PKEY_CTX_gettable_params(ctx); -+ if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL) -+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, -+ data, datalen); -+ - /* Get the original value length */ - os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); - os_params[1] = OSSL_PARAM_construct_end(); -@@ -1056,9 +1063,9 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - if (!EVP_PKEY_CTX_get_params(ctx, os_params)) - return 0; - -- /* Older provider that doesn't support getting this parameter */ -+ /* This should not happen but check to be sure. */ - if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED) -- return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen); -+ return 0; - - info_alloc = os_params[0].return_size + datalen; - if (info_alloc == 0) --- -2.45.1 - diff --git a/0124-PBMAC1-PKCS12-FIPS-support.patch b/0124-PBMAC1-PKCS12-FIPS-support.patch deleted file mode 100644 index 1aa529e..0000000 --- a/0124-PBMAC1-PKCS12-FIPS-support.patch +++ /dev/null @@ -1,1579 +0,0 @@ -From d959252c47af0eb0dd55bc032606901fedaf029b Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Fri, 7 Jun 2024 14:37:57 +0200 -Subject: [PATCH 1/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12 - ---- - apps/pkcs12.c | 63 ++++++-- - crypto/asn1/p5_pbev2.c | 7 + - crypto/evp/digest.c | 54 +++++++ - crypto/pkcs12/p12_mutl.c | 296 ++++++++++++++++++++++++++++++++---- - include/crypto/evp.h | 3 + - include/openssl/pkcs12.h.in | 3 + - include/openssl/x509.h.in | 15 +- - 7 files changed, 394 insertions(+), 47 deletions(-) - -diff --git a/apps/pkcs12.c b/apps/pkcs12.c -index 54323a9713393..cbe133742a8be 100644 ---- a/apps/pkcs12.c -+++ b/apps/pkcs12.c -@@ -70,7 +70,7 @@ typedef enum OPTION_choice { - OPT_NAME, OPT_CSP, OPT_CANAME, - OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, - OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, -- OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, -+ OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, OPT_PBMAC1_PBKDF2, OPT_PBMAC1_PBKDF2_MD, - #ifndef OPENSSL_NO_DES - OPT_LEGACY_ALG - #endif -@@ -147,6 +147,8 @@ const OPTIONS pkcs12_options[] = { - #endif - {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA256)"}, -+ {"pbmac1_pbkdf2", OPT_PBMAC1_PBKDF2, '-', "Use PBMAC1 with PBKDF2 instead of MAC"}, -+ {"pbmac1_pbkdf2_md", OPT_PBMAC1_PBKDF2_MD, 's', "Digest to use for PBMAC1 KDF (default SHA256)"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, - {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, - {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, -@@ -170,14 +172,14 @@ int pkcs12_main(int argc, char **argv) - int use_legacy = 0; - #endif - /* use library defaults for the iter, maciter, cert, and key PBE */ -- int iter = 0, maciter = 0; -+ int iter = 0, maciter = 0, pbmac1_pbkdf2 = 0; - int macsaltlen = PKCS12_SALT_LEN; - int cert_pbe = NID_undef; - int key_pbe = NID_undef; - int ret = 1, macver = 1, add_lmk = 0, private = 0; - int noprompt = 0; - char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; -- char *passin = NULL, *passout = NULL, *macalg = NULL; -+ char *passin = NULL, *passout = NULL, *macalg = NULL, *pbmac1_pbkdf2_md = NULL; - char *cpass = NULL, *mpass = NULL, *badpass = NULL; - const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog; - int noCApath = 0, noCAfile = 0, noCAstore = 0; -@@ -283,6 +285,12 @@ int pkcs12_main(int argc, char **argv) - case OPT_MACALG: - macalg = opt_arg(); - break; -+ case OPT_PBMAC1_PBKDF2: -+ pbmac1_pbkdf2 = 1; -+ break; -+ case OPT_PBMAC1_PBKDF2_MD: -+ pbmac1_pbkdf2_md = opt_arg(); -+ break; - case OPT_CERTPBE: - if (!set_pbe(&cert_pbe, opt_arg())) - goto opthelp; -@@ -700,10 +708,20 @@ int pkcs12_main(int argc, char **argv) - } - - if (maciter != -1) { -- if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) { -- BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); -- BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n"); -- goto export_end; -+ if (pbmac1_pbkdf2 == 1) { -+ if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, -+ macsaltlen, maciter, -+ macmd, pbmac1_pbkdf2_md)) { -+ BIO_printf(bio_err, "Error creating PBMAC1\n"); -+ goto export_end; -+ } -+ } else { -+ if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) { -+ BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); -+ BIO_printf(bio_err, -+ "Use -nomac or -pbmac1_pbkdf2 if PKCS12KDF support not available\n"); -+ goto export_end; -+ } - } - } - assert(private); -@@ -774,23 +792,60 @@ int pkcs12_main(int argc, char **argv) - X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); - BIO_puts(bio_err, "MAC: "); - i2a_ASN1_OBJECT(bio_err, macobj); -- BIO_printf(bio_err, ", Iteration %ld\n", -- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); -- BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", -- tmac != NULL ? ASN1_STRING_length(tmac) : 0L, -- tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); -+ if (OBJ_obj2nid(macobj) == NID_pbmac1) { -+ PBKDF2PARAM *pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalgid); -+ -+ if (pbkdf2_param == NULL) { -+ BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n"); -+ } else { -+ const ASN1_OBJECT *prfobj; -+ -+ BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n", -+ ASN1_INTEGER_get(pbkdf2_param->iter)); -+ BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n", -+ ASN1_INTEGER_get(pbkdf2_param->keylength), -+ ASN1_STRING_length(pbkdf2_param->salt->value.octet_string)); -+ X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf); -+ BIO_printf(bio_err, "PBKDF2 PRF: "); -+ i2a_ASN1_OBJECT(bio_err, prfobj); -+ BIO_printf(bio_err, "\n"); -+ } -+ PBKDF2PARAM_free(pbkdf2_param); -+ } else { -+ BIO_printf(bio_err, ", Iteration %ld\n", -+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); -+ BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", -+ tmac != NULL ? ASN1_STRING_length(tmac) : 0L, -+ tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); -+ } - } -+ - if (macver) { -- EVP_KDF *pkcs12kdf; -+ const X509_ALGOR *macalgid; -+ const ASN1_OBJECT *macobj; - -- pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", -- app_get0_propq()); -- if (pkcs12kdf == NULL) { -- BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); -- BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); -- goto end; -+ PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12); -+ -+ if (macalgid == NULL) { -+ BIO_printf(bio_err, "Warning: MAC is absent!\n"); -+ goto dump; -+ } -+ -+ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); -+ -+ if (OBJ_obj2nid(macobj) != NID_pbmac1) { -+ EVP_KDF *pkcs12kdf; -+ -+ pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", -+ app_get0_propq()); -+ if (pkcs12kdf == NULL) { -+ BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); -+ BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); -+ goto end; -+ } -+ EVP_KDF_free(pkcs12kdf); - } -- EVP_KDF_free(pkcs12kdf); -+ - /* If we enter empty password try no password first */ - if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { - /* If mac and crypto pass the same set it to NULL too */ -diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c -index 8575d05bf6d5a..c22cc6b77075d 100644 ---- a/crypto/asn1/p5_pbev2.c -+++ b/crypto/asn1/p5_pbev2.c -@@ -35,6 +35,13 @@ ASN1_SEQUENCE(PBKDF2PARAM) = { - - IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) - -+ASN1_SEQUENCE(PBMAC1PARAM) = { -+ ASN1_SIMPLE(PBMAC1PARAM, keyDerivationFunc, X509_ALGOR), -+ ASN1_SIMPLE(PBMAC1PARAM, messageAuthScheme, X509_ALGOR) -+} ASN1_SEQUENCE_END(PBMAC1PARAM) -+ -+IMPLEMENT_ASN1_FUNCTIONS(PBMAC1PARAM) -+ - /* - * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know - * this is horrible! Extended version to allow application supplied PRF NID -diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 18a64329b7a35..a74e2fa42c5bb 100644 ---- a/crypto/evp/digest.c -+++ b/crypto/evp/digest.c -@@ -20,6 +20,7 @@ - #include - #include - #include "internal/cryptlib.h" -+#include "internal/nelem.h" - #include "internal/provider.h" - #include "internal/core.h" - #include "crypto/evp.h" -@@ -1185,3 +1186,56 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - (void (*)(void *, void *))fn, arg, - evp_md_from_algorithm, evp_md_up_ref, evp_md_free); - } -+ -+typedef struct { -+ int md_nid; -+ int hmac_nid; -+} ossl_hmacmd_pair; -+ -+static const ossl_hmacmd_pair ossl_hmacmd_pairs[] = { -+ {NID_sha1, NID_hmacWithSHA1}, -+ {NID_md5, NID_hmacWithMD5}, -+ {NID_sha224, NID_hmacWithSHA224}, -+ {NID_sha256, NID_hmacWithSHA256}, -+ {NID_sha384, NID_hmacWithSHA384}, -+ {NID_sha512, NID_hmacWithSHA512}, -+ {NID_id_GostR3411_94, NID_id_HMACGostR3411_94}, -+ {NID_id_GostR3411_2012_256, NID_id_tc26_hmac_gost_3411_2012_256}, -+ {NID_id_GostR3411_2012_512, NID_id_tc26_hmac_gost_3411_2012_512}, -+ {NID_sha3_224, NID_hmac_sha3_224}, -+ {NID_sha3_256, NID_hmac_sha3_256}, -+ {NID_sha3_384, NID_hmac_sha3_384}, -+ {NID_sha3_512, NID_hmac_sha3_512}, -+ {NID_sha512_224, NID_hmacWithSHA512_224}, -+ {NID_sha512_256, NID_hmacWithSHA512_256} -+}; -+ -+int ossl_hmac2mdnid(int hmac_nid) -+{ -+ int md_nid = NID_undef; -+ size_t i; -+ -+ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) { -+ if (ossl_hmacmd_pairs[i].hmac_nid == hmac_nid) { -+ md_nid = ossl_hmacmd_pairs[i].md_nid; -+ break; -+ } -+ } -+ -+ return md_nid; -+} -+ -+int ossl_md2hmacnid(int md_nid) -+{ -+ int hmac_nid = NID_undef; -+ size_t i; -+ -+ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) { -+ if (ossl_hmacmd_pairs[i].md_nid == md_nid) { -+ hmac_nid = ossl_hmacmd_pairs[i].hmac_nid; -+ break; -+ } -+ } -+ -+ return hmac_nid; -+} -diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c -index 4091e61d9dd06..d410978a49e1e 100644 ---- a/crypto/pkcs12/p12_mutl.c -+++ b/crypto/pkcs12/p12_mutl.c -@@ -15,12 +15,19 @@ - - #include - #include "internal/cryptlib.h" -+#include "crypto/evp.h" - #include - #include - #include - #include - #include "p12_local.h" - -+static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen, -+ unsigned char *salt, int saltlen, -+ int id, int iter, int keylen, -+ unsigned char *out, -+ const EVP_MD *md_type); -+ - int PKCS12_mac_present(const PKCS12 *p12) - { - return p12->mac ? 1 : 0; -@@ -72,9 +79,76 @@ static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, - return 1; - } - --/* Generate a MAC */ -+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg) -+{ -+ PBMAC1PARAM *param = NULL; -+ PBKDF2PARAM *pbkdf2_param = NULL; -+ const ASN1_OBJECT *kdf_oid; -+ -+ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter); -+ if (param == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT); -+ return NULL; -+ } -+ -+ X509_ALGOR_get0(&kdf_oid, NULL, NULL, param->keyDerivationFunc); -+ if (OBJ_obj2nid(kdf_oid) != NID_id_pbkdf2) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT); -+ PBMAC1PARAM_free(param); -+ return NULL; -+ } -+ -+ pbkdf2_param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), -+ param->keyDerivationFunc->parameter); -+ PBMAC1PARAM_free(param); -+ -+ return pbkdf2_param; -+} -+ -+static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq, -+ const char *pass, int passlen, -+ const X509_ALGOR *macalg, unsigned char *key) -+{ -+ PBKDF2PARAM *pbkdf2_param = NULL; -+ const ASN1_OBJECT *kdf_hmac_oid; -+ int ret = -1; -+ int keylen = 0; -+ EVP_MD *kdf_md = NULL; -+ const ASN1_OCTET_STRING *pbkdf2_salt = NULL; -+ -+ pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalg); -+ if (pbkdf2_param == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED); -+ goto err; -+ } -+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength); -+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string; -+ X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf); -+ -+ kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(OBJ_obj2nid(kdf_hmac_oid))), propq); -+ if (kdf_md == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_FETCH_FAILED); -+ goto err; -+ } -+ -+ if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length, -+ ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ ret = keylen; -+ -+ err: -+ EVP_MD_free(kdf_md); -+ PBKDF2PARAM_free(pbkdf2_param); -+ -+ return ret; -+} -+ -+/* Generate a MAC, also used for verification */ - static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen, -+ int pbmac1_md_nid, int pbmac1_kdf_nid, - int (*pkcs12_key_gen)(const char *pass, int passlen, - unsigned char *salt, int slen, - int id, int iter, int n, -@@ -88,8 +162,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char key[EVP_MAX_MD_SIZE], *salt; - int saltlen, iter; - char md_name[80]; -- int md_size = 0; -- int md_nid; -+ int keylen = 0; -+ int md_nid = NID_undef; - const X509_ALGOR *macalg; - const ASN1_OBJECT *macoid; - -@@ -111,9 +185,13 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - iter = ASN1_INTEGER_get(p12->mac->iter); - X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); - X509_ALGOR_get0(&macoid, NULL, NULL, macalg); -- if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) -- return 0; -- -+ if (OBJ_obj2nid(macoid) == NID_pbmac1) { -+ if (OBJ_obj2txt(md_name, sizeof(md_name), OBJ_nid2obj(pbmac1_md_nid), 0) < 0) -+ return 0; -+ } else { -+ if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) -+ return 0; -+ } - (void)ERR_set_mark(); - md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name, - p12->authsafes->ctx.propq); -@@ -127,40 +205,61 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - } - (void)ERR_pop_to_mark(); - -- md_size = EVP_MD_get_size(md); -+ keylen = EVP_MD_get_size(md); - md_nid = EVP_MD_get_type(md); -- if (md_size < 0) -+ if (keylen < 0) - goto err; -- if ((md_nid == NID_id_GostR3411_94 -- || md_nid == NID_id_GostR3411_2012_256 -- || md_nid == NID_id_GostR3411_2012_512) -- && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { -- md_size = TK26_MAC_KEY_LEN; -+ -+ /* For PBMAC1 we use a special keygen callback if not provided (e.g. on verification) */ -+ if (pbmac1_md_nid != NID_undef && pkcs12_key_gen == NULL) { -+ keylen = PBMAC1_PBKDF2_HMAC(p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq, -+ pass, passlen, macalg, key); -+ if (keylen < 0) -+ goto err; -+ } else if ((md_nid == NID_id_GostR3411_94 -+ || md_nid == NID_id_GostR3411_2012_256 -+ || md_nid == NID_id_GostR3411_2012_512) -+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { -+ keylen = TK26_MAC_KEY_LEN; - if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, -- md_size, key, md)) { -+ keylen, key, md)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } else { -+ EVP_MD *hmac_md = (EVP_MD *)md; -+ int fetched = 0; -+ -+ if (pbmac1_kdf_nid != NID_undef) { -+ char hmac_md_name[128]; -+ -+ if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0) -+ goto err; -+ hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL); -+ fetched = 1; -+ } - if (pkcs12_key_gen != NULL) { -- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, -- iter, md_size, key, md)) { -+ int res = (*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, -+ iter, keylen, key, hmac_md); -+ -+ if (fetched) -+ EVP_MD_free(hmac_md); -+ if (res != 1) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } else { - /* Default to UTF-8 password */ - if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID, -- iter, md_size, key, md, -- p12->authsafes->ctx.libctx, -- p12->authsafes->ctx.propq)) { -+ iter, keylen, key, md, -+ p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } - } - if ((hmac = HMAC_CTX_new()) == NULL -- || !HMAC_Init_ex(hmac, key, md_size, md, NULL) -+ || !HMAC_Init_ex(hmac, key, keylen, md, NULL) - || !HMAC_Update(hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length) - || !HMAC_Final(hmac, mac, maclen)) { -@@ -178,7 +277,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) - { -- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); -+ return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NID_undef, NID_undef, NULL); - } - - /* Verify the mac */ -@@ -187,14 +286,40 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - const ASN1_OCTET_STRING *macoct; -+ const X509_ALGOR *macalg; -+ const ASN1_OBJECT *macoid; - - if (p12->mac == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT); - return 0; - } -- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { -- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); -- return 0; -+ -+ X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); -+ X509_ALGOR_get0(&macoid, NULL, NULL, macalg); -+ if (OBJ_obj2nid(macoid) == NID_pbmac1) { -+ PBMAC1PARAM *param = NULL; -+ const ASN1_OBJECT *hmac_oid; -+ int md_nid = NID_undef; -+ -+ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter); -+ if (param == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED); -+ return 0; -+ } -+ X509_ALGOR_get0(&hmac_oid, NULL, NULL, param->messageAuthScheme); -+ md_nid = ossl_hmac2mdnid(OBJ_obj2nid(hmac_oid)); -+ -+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, md_nid, NID_undef, NULL)) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); -+ PBMAC1PARAM_free(param); -+ return 0; -+ } -+ PBMAC1PARAM_free(param); -+ } else { -+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); -+ return 0; -+ } - } - X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); - if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) -@@ -205,7 +330,6 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) - } - - /* Set a mac */ -- - int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type) -@@ -226,7 +350,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - /* - * Note that output mac is forced to UTF-8... - */ -- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { -+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); - return 0; - } -@@ -238,9 +362,18 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - return 1; - } - --/* Set up a mac structure */ --int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, -- const EVP_MD *md_type) -+static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen, -+ unsigned char *salt, int saltlen, -+ int id, int iter, int keylen, -+ unsigned char *out, -+ const EVP_MD *md_type) -+{ -+ return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, -+ md_type, keylen, out); -+} -+ -+static int pkcs12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, -+ int nid) - { - X509_ALGOR *macalg; - -@@ -274,11 +407,112 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - memcpy(p12->mac->salt->data, salt, saltlen); - } - X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); -- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), -- V_ASN1_NULL, NULL)) { -+ if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(nid), V_ASN1_NULL, NULL)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB); - return 0; - } - - return 1; - } -+ -+/* Set up a mac structure */ -+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, -+ const EVP_MD *md_type) -+{ -+ return pkcs12_setup_mac(p12, iter, salt, saltlen, EVP_MD_get_type(md_type)); -+} -+ -+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, -+ unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *md_type, const char *prf_md_name) -+{ -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned int maclen; -+ ASN1_OCTET_STRING *macoct; -+ X509_ALGOR *alg = NULL; -+ int ret = 0; -+ int prf_md_nid = NID_undef, prf_nid = NID_undef, hmac_nid; -+ unsigned char *known_salt = NULL; -+ int keylen = 0; -+ PBMAC1PARAM *param = NULL; -+ X509_ALGOR *hmac_alg = NULL, *macalg = NULL; -+ -+ if (md_type == NULL) -+ /* No need to do a fetch as the md_type is used only to get a NID */ -+ md_type = EVP_sha256(); -+ -+ if (prf_md_name == NULL) -+ prf_md_nid = EVP_MD_get_type(md_type); -+ else -+ prf_md_nid = OBJ_txt2nid(prf_md_name); -+ -+ if (iter == 0) -+ iter = PKCS12_DEFAULT_ITER; -+ -+ keylen = EVP_MD_get_size(md_type); -+ -+ prf_nid = ossl_md2hmacnid(prf_md_nid); -+ hmac_nid = ossl_md2hmacnid(EVP_MD_get_type(md_type)); -+ -+ if (prf_nid == NID_undef || hmac_nid == NID_undef) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); -+ goto err; -+ } -+ -+ if (salt == NULL) { -+ known_salt = OPENSSL_malloc(saltlen); -+ if (known_salt == NULL) -+ goto err; -+ -+ if (RAND_bytes_ex(NULL, known_salt, saltlen, 0) <= 0) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_RAND_LIB); -+ goto err; -+ } -+ } -+ -+ param = PBMAC1PARAM_new(); -+ hmac_alg = X509_ALGOR_new(); -+ alg = PKCS5_pbkdf2_set(iter, salt ? salt : known_salt, saltlen, prf_nid, keylen); -+ if (param == NULL || hmac_alg == NULL || alg == NULL) -+ goto err; -+ -+ if (pkcs12_setup_mac(p12, iter, salt ? salt : known_salt, saltlen, -+ NID_pbmac1) == PKCS12_ERROR) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); -+ goto err; -+ } -+ -+ if (!X509_ALGOR_set0(hmac_alg, OBJ_nid2obj(hmac_nid), V_ASN1_NULL, NULL)) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); -+ goto err; -+ } -+ -+ X509_ALGOR_free(param->keyDerivationFunc); -+ X509_ALGOR_free(param->messageAuthScheme); -+ param->keyDerivationFunc = alg; -+ param->messageAuthScheme = hmac_alg; -+ -+ X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct); -+ if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter)) -+ goto err; -+ -+ /* -+ * Note that output mac is forced to UTF-8... -+ */ -+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, -+ EVP_MD_get_type(md_type), prf_md_nid, -+ pkcs12_pbmac1_pbkdf2_key_gen)) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); -+ goto err; -+ } -+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR); -+ goto err; -+ } -+ ret = 1; -+ -+ err: -+ PBMAC1PARAM_free(param); -+ OPENSSL_free(known_salt); -+ return ret; -+} -diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index 32c60f223c78c..72d9995e8f0f4 100644 ---- a/include/crypto/evp.h -+++ b/include/crypto/evp.h -@@ -964,4 +964,7 @@ int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, - size_t *outlenp, size_t expected_outlen, - const unsigned char *in, size_t inlen); - -+int ossl_md2hmacnid(int mdnid); -+int ossl_hmac2mdnid(int hmac_nid); -+ - #endif /* OSSL_CRYPTO_EVP_H */ -diff --git a/include/openssl/pkcs12.h.in b/include/openssl/pkcs12.h.in -index 35759d4deadc3..ab62207e49b55 100644 ---- a/include/openssl/pkcs12.h.in -+++ b/include/openssl/pkcs12.h.in -@@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); - int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type); -+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, -+ unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *md_type, const char *prf_md_name); - int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); - unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, -diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in -index 99bc4aab29133..b7f080a5360db 100644 ---- a/include/openssl/x509.h.in -+++ b/include/openssl/x509.h.in -@@ -279,7 +279,12 @@ typedef struct PBKDF2PARAM_st { - X509_ALGOR *prf; - } PBKDF2PARAM; - --#ifndef OPENSSL_NO_SCRYPT -+typedef struct { -+ X509_ALGOR *keyDerivationFunc; -+ X509_ALGOR *messageAuthScheme; -+} PBMAC1PARAM; -+ -+# ifndef OPENSSL_NO_SCRYPT - typedef struct SCRYPT_PARAMS_st { - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *costParameter; -@@ -287,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st { - ASN1_INTEGER *parallelizationParameter; - ASN1_INTEGER *keyLength; - } SCRYPT_PARAMS; --#endif -+# endif - - #ifdef __cplusplus - } -@@ -1023,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); - DECLARE_ASN1_FUNCTIONS(PBEPARAM) - DECLARE_ASN1_FUNCTIONS(PBE2PARAM) - DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) --#ifndef OPENSSL_NO_SCRYPT -+DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM) -+# ifndef OPENSSL_NO_SCRYPT - DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) --#endif -+# endif - - int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen); -@@ -1062,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen, - OSSL_LIB_CTX *libctx); - -+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); - /* PKCS#8 utilities */ - - DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) - -From 29d98a8287d217b2232344056934d3cd2c6f44a3 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Fri, 7 Jun 2024 14:38:40 +0200 -Subject: [PATCH 2/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12 - - documentation - ---- - doc/man1/openssl-pkcs12.pod.in | 11 +++++++ - doc/man3/PBMAC1_get1_pbkdf2_param.pod | 46 +++++++++++++++++++++++++++ - doc/man3/PKCS12_gen_mac.pod | 37 ++++++++++++++++----- - doc/man3/X509_dup.pod | 3 ++ - doc/man3/d2i_X509.pod | 2 ++ - util/missingcrypto.txt | 1 - - util/missingcrypto111.txt | 1 - - 7 files changed, 91 insertions(+), 10 deletions(-) - create mode 100644 doc/man3/PBMAC1_get1_pbkdf2_param.pod - -diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in -index 665b22bb644ac..020543cd5c895 100644 ---- a/doc/man1/openssl-pkcs12.pod.in -+++ b/doc/man1/openssl-pkcs12.pod.in -@@ -62,6 +62,8 @@ PKCS#12 output (export) options: - [B<-certpbe> I] - [B<-descert>] - [B<-macalg> I] -+[B<-pbmac1_pbkdf2>] -+[B<-pbmac1_pbkdf2_md> I] - [B<-iter> I] - [B<-noiter>] - [B<-nomaciter>] -@@ -345,6 +347,15 @@ then both, the private key and the certificates are encrypted using triple DES. - - Specify the MAC digest algorithm. If not included SHA256 will be used. - -+=item B<-pbmac1_pbkdf2> -+ -+Use PBMAC1 with PBKDF2 for MAC protection of the PKCS#12 file. -+ -+=item B<-pbmac1_pbkdf2_md> I -+ -+Specify the PBKDF2 KDF digest algorithm. If not specified, SHA256 will be used. -+Unless C<-pbmac1_pbkdf2> is specified, this parameter is ignored. -+ - =item B<-iter> I - - This option specifies the iteration count for the encryption key and MAC. The -diff --git a/doc/man3/PBMAC1_get1_pbkdf2_param.pod b/doc/man3/PBMAC1_get1_pbkdf2_param.pod -new file mode 100644 -index 0000000000000..415c3cd214a2e ---- /dev/null -+++ b/doc/man3/PBMAC1_get1_pbkdf2_param.pod -@@ -0,0 +1,46 @@ -+=pod -+ -+=head1 NAME -+ -+PBMAC1_get1_pbkdf2_param - Function to manipulate a PBMAC1 -+MAC structure -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); -+ -+=head1 DESCRIPTION -+ -+PBMAC1_get1_pbkdf2_param() retrieves a B structure from an -+I structure. -+ -+=head1 RETURN VALUES -+ -+PBMAC1_get1_pbkdf2_param() returns NULL in case when PBMAC1 uses an algorithm -+apart from B or when passed incorrect parameters and a pointer to -+B structure otherwise. -+ -+=head1 CONFORMING TO -+ -+IETF RFC 9579 (L) -+ -+=head1 SEE ALSO -+ -+L -+ -+=head1 HISTORY -+ -+The I function was added in OpenSSL 3.4. -+ -+=head1 COPYRIGHT -+ -+Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod -index a72df145fedd7..ebeee98f04e68 100644 ---- a/doc/man3/PKCS12_gen_mac.pod -+++ b/doc/man3/PKCS12_gen_mac.pod -@@ -3,7 +3,8 @@ - =head1 NAME - - PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, --PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure -+PKCS12_set_pbmac1_pbkdf2, PKCS12_verify_mac, PKCS12_get0_mac - -+Functions to create and manipulate a PKCS#12 MAC structure - - =head1 SYNOPSIS - -@@ -15,9 +16,19 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure - int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type); -+ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, -+ unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *md_type, -+ const char *prf_md_name); - int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); - -+ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, -+ const X509_ALGOR **pmacalg, -+ const ASN1_OCTET_STRING **psalt, -+ const ASN1_INTEGER **piter, -+ const PKCS12 *p12); -+ - =head1 DESCRIPTION - - PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the -@@ -31,10 +42,15 @@ PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied - parameters. - - PKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object. -+PKCS12_set_pbmac1_pbkdf2() sets the MAC and MAC parameters into the PKCS#12 -+object when B with PBKDF2 is used for protection of the PKCS#12 object. - - I is the passphrase to use in the HMAC. I is the salt value to use, --I is the iteration count and I is the message digest --function to use. -+I is the iteration count and I is the message digest function to -+use. I specifies the digest used for the PBKDF2 in PBMAC1 KDF. -+ -+PKCS12_get0_mac() retrieves any included MAC value, B object, -+I, and I count from the PKCS12 object. - - =head1 NOTES - -@@ -43,17 +59,18 @@ If I is NULL then a suitable salt will be generated and used. - If I is 1 then an iteration count will be omitted from the PKCS#12 - structure. - --PKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions --regarding the encoding of the given passphrase. See L --for more information. -+PKCS12_gen_mac(), PKCS12_verify_mac(), PKCS12_set_mac() and -+PKCS12_set_pbmac1_pbkdf2() make assumptions regarding the encoding of the -+given passphrase. See L for more information. - - =head1 RETURN VALUES - --All functions return 1 on success and 0 if an error occurred. -+All functions returning an integer return 1 on success and 0 if an error occurred. - - =head1 CONFORMING TO - - IETF RFC 7292 (L) -+IETF RFC 9579 (L) - - =head1 SEE ALSO - -@@ -62,9 +79,13 @@ L, - L, - L - -+=head1 HISTORY -+ -+The I function was added in OpenSSL 3.4. -+ - =head1 COPYRIGHT - --Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. -+Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. - - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy -diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod -index fc93494a76617..81ea2275d7414 100644 ---- a/doc/man3/X509_dup.pod -+++ b/doc/man3/X509_dup.pod -@@ -218,6 +218,9 @@ PBEPARAM_free, - PBEPARAM_new, - PBKDF2PARAM_free, - PBKDF2PARAM_new, -+PBMAC1PARAM_free, -+PBMAC1PARAM_it, -+PBMAC1PARAM_new, - PKCS12_BAGS_free, - PKCS12_BAGS_new, - PKCS12_MAC_DATA_free, -diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod -index 75b37e5544396..3615bcaafe7c0 100644 ---- a/doc/man3/d2i_X509.pod -+++ b/doc/man3/d2i_X509.pod -@@ -115,6 +115,7 @@ d2i_OTHERNAME, - d2i_PBE2PARAM, - d2i_PBEPARAM, - d2i_PBKDF2PARAM, -+d2i_PBMAC1PARAM, - d2i_PKCS12, - d2i_PKCS12_BAGS, - d2i_PKCS12_MAC_DATA, -@@ -300,6 +301,7 @@ i2d_OTHERNAME, - i2d_PBE2PARAM, - i2d_PBEPARAM, - i2d_PBKDF2PARAM, -+i2d_PBMAC1PARAM, - i2d_PKCS12, - i2d_PKCS12_BAGS, - i2d_PKCS12_MAC_DATA, -diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt -index b7d5091b31912..a56491d0f8b94 100644 ---- a/util/missingcrypto.txt -+++ b/util/missingcrypto.txt -@@ -749,7 +749,6 @@ PKCS12_MAC_DATA_it(3) - PKCS12_PBE_add(3) - PKCS12_SAFEBAGS_it(3) - PKCS12_SAFEBAG_it(3) --PKCS12_get0_mac(3) - PKCS12_get_attr(3) - PKCS12_it(3) - PKCS12_item_pack_safebag(3) -diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt -index 0386701ad1e32..f3402ada7e60f 100644 ---- a/util/missingcrypto111.txt -+++ b/util/missingcrypto111.txt -@@ -1027,7 +1027,6 @@ PKCS12_add_safe(3) - PKCS12_add_safes(3) - PKCS12_decrypt_skey(3) - PKCS12_gen_mac(3) --PKCS12_get0_mac(3) - PKCS12_get_attr(3) - PKCS12_get_attr_gen(3) - PKCS12_get_friendlyname(3) - -From 7257898633703d5841aefa7fb4f9d192430fdad8 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Thu, 6 Jun 2024 13:07:48 +0200 -Subject: [PATCH 3/4] Make update - ---- - doc/build.info | 6 ++++++ - util/libcrypto.num | 7 +++++++ - 2 files changed, 13 insertions(+) - -diff --git a/doc/build.info b/doc/build.info -index d47371e88aa9f..60a5d9b86bd5c 100644 ---- a/doc/build.info -+++ b/doc/build.info -@@ -1847,6 +1847,10 @@ DEPEND[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod - GENERATE[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod - DEPEND[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod - GENERATE[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod -+DEPEND[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod -+GENERATE[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod -+DEPEND[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod -+GENERATE[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod - DEPEND[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod - GENERATE[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod - DEPEND[man/man3/PEM_X509_INFO_read_bio_ex.3]=man3/PEM_X509_INFO_read_bio_ex.pod -@@ -3453,6 +3457,7 @@ html/man3/OSSL_trace_get_category_num.html \ - html/man3/OSSL_trace_set_channel.html \ - html/man3/OpenSSL_add_all_algorithms.html \ - html/man3/OpenSSL_version.html \ -+html/man3/PBMAC1_get1_pbkdf2_param.html \ - html/man3/PEM_X509_INFO_read_bio_ex.html \ - html/man3/PEM_bytes_read_bio.html \ - html/man3/PEM_read.html \ -@@ -4113,6 +4118,7 @@ man/man3/OSSL_trace_get_category_num.3 \ - man/man3/OSSL_trace_set_channel.3 \ - man/man3/OpenSSL_add_all_algorithms.3 \ - man/man3/OpenSSL_version.3 \ -+man/man3/PBMAC1_get1_pbkdf2_param.3 \ - man/man3/PEM_X509_INFO_read_bio_ex.3 \ - man/man3/PEM_bytes_read_bio.3 \ - man/man3/PEM_read.3 \ -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 7f958a4fa31db..ef11c0302e396 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5664,3 +5664,10 @@ OSSL_IETF_ATTR_SYNTAX_get_value_num ? 3_4_0 EXIST::FUNCTION: - OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -+PKCS12_set_pbmac1_pbkdf2 ? 3_4_0 EXIST::FUNCTION: -+PBMAC1_get1_pbkdf2_param ? 3_4_0 EXIST::FUNCTION: -+d2i_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION: -+i2d_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION: -+PBMAC1PARAM_free ? 3_4_0 EXIST::FUNCTION: -+PBMAC1PARAM_new ? 3_4_0 EXIST::FUNCTION: -+PBMAC1PARAM_it ? 3_4_0 EXIST::FUNCTION: - -From 97fbb9437163fb5114da40250b7ace83748a2e81 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Thu, 6 Jun 2024 17:01:45 +0200 -Subject: [PATCH 4/4] Test vectors from rfc9579 and creation tests - ---- - test/recipes/80-test_pkcs12.t | 55 +++++++++++++++++- - .../pbmac1_256_256.bad-iter.p12 | Bin 0 -> 2703 bytes - .../pbmac1_256_256.bad-salt.p12 | Bin 0 -> 2702 bytes - .../pbmac1_256_256.good.p12 | Bin 0 -> 2702 bytes - .../pbmac1_256_256.no-len.p12 | Bin 0 -> 2700 bytes - .../pbmac1_512_256.good.p12 | Bin 0 -> 2702 bytes - .../pbmac1_512_512.good.p12 | Bin 0 -> 2736 bytes - 7 files changed, 54 insertions(+), 1 deletion(-) - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 - -diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t -index 999129a03074d..c14ef94998cde 100644 ---- a/test/recipes/80-test_pkcs12.t -+++ b/test/recipes/80-test_pkcs12.t -@@ -9,7 +9,7 @@ - use strict; - use warnings; - --use OpenSSL::Test qw/:DEFAULT srctop_file with/; -+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir with/; - use OpenSSL::Test::Utils; - - use Encode; -@@ -54,7 +54,9 @@ if (eval { require Win32::API; 1; }) { - } - $ENV{OPENSSL_WIN32_UTF8}=1; - --plan tests => 31; -+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+ -+plan tests => $no_fips ? 46 : 52; - - # Test different PKCS#12 formats - ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); -@@ -170,6 +170,80 @@ ok(grep(/Trusted key usage (Oracle)/, @pkcs12info) == 0, - ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr6_empty"); - } - -+my %pbmac1_tests = ( -+ pbmac1_defaults => {args => [], lookup => "hmacWithSHA256"}, -+ pbmac1_nondefaults => {args => ["-pbmac1_pbkdf2_md", "sha512", "-macalg", "sha384"], lookup => "hmacWithSHA512"}, -+); -+ -+for my $instance (sort keys %pbmac1_tests) { -+ my $extra_args = $pbmac1_tests{$instance}{args}; -+ my $lookup = $pbmac1_tests{$instance}{lookup}; -+ # Test export of PEM file with both cert and key, with password. -+ { -+ my $pbmac1_id = $instance; -+ ok(run(app(["openssl", "pkcs12", "-export", "-pbmac1_pbkdf2", -+ "-inkey", srctop_file(@path, "cert-key-cert.pem"), -+ "-in", srctop_file(@path, "cert-key-cert.pem"), -+ "-passout", "pass:1234", -+ @$extra_args, -+ "-out", "$pbmac1_id.p12"], stderr => "${pbmac1_id}_err.txt")), -+ "test_export_pkcs12_${pbmac1_id}"); -+ open DATA, "${pbmac1_id}_err.txt"; -+ my @match = grep /:error:/, ; -+ close DATA; -+ ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_${pbmac1_id}_err.empty"); -+ -+ ok(run(app(["openssl", "pkcs12", "-in", "$pbmac1_id.p12", "-info", "-noout", -+ "-passin", "pass:1234"], stderr => "${pbmac1_id}_info.txt")), -+ "test_export_pkcs12_${pbmac1_id}_info"); -+ open DATA, "${pbmac1_id}_info.txt"; -+ my @match = grep /$lookup/, ; -+ close DATA; -+ ok(scalar @match > 0 ? 1 : 0, "test_export_pkcs12_${pbmac1_id}_info"); -+ } -+} -+ -+# Test pbmac1 pkcs12 good files, RFC 9579 -+for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") -+{ -+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); -+ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), -+ "test pbmac1 pkcs12 file $file"); -+} -+ -+unless ($no_fips) { -+ my $provpath = bldtop_dir("providers"); -+ my $provconf = srctop_file("test", "fips-and-base.cnf"); -+ my $provname = 'fips'; -+ my @prov = ("-provider-path", $provpath, -+ "-provider", $provname); -+ local $ENV{OPENSSL_CONF} = $provconf; -+ -+# Test pbmac1 pkcs12 good files, RFC 9579 -+ for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") -+ { -+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); -+ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-password", "pass:1234", "-noenc"])), -+ "test pbmac1 pkcs12 file $file"); -+ -+ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-info", "-noout", -+ "-passin", "pass:1234"], stderr => "${file}_info.txt")), -+ "test_export_pkcs12_${file}_info"); -+ } -+} -+ -+# Test pbmac1 pkcs12 bad files, RFC 9579 -+for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12") -+{ -+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); -+ with({ exit_checker => sub { return shift == 1; } }, -+ sub { -+ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), -+ "test pbmac1 pkcs12 bad file $file"); -+ } -+ ); -+} -+ - # Test some bad pkcs12 files - my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12"); - my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12"); -@@ -288,6 +288,13 @@ with({ exit_checker => sub { return shift == 1; } }, - "test bad pkcs12 file 3 (info)"); - }); - -+# Test that mac verification doesn't fail when mac is absent in the file -+{ -+ my $nomac = srctop_file("test", "recipes", "80-test_pkcs12_data", "nomac_parse.p12"); -+ ok(run(app(["openssl", "pkcs12", "-in", $nomac, "-passin", "pass:testpassword"])), -+ "test pkcs12 file without MAC"); -+} -+ - # Test with Oracle Trusted Key Usage specified in openssl.cnf - { - ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7, -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..9957d473c433bc9fb9572ecf51332a7f325fe36f -GIT binary patch -literal 2703 -zcmai$c{J1u8^_I<8ABNB4Pk6UgnstR*kkNVmbleK_MOQV5{B$bZuZ@TE(Q%DI~6Sy -za_>;K?Awg&gK)d&eNUbD{pbGioacPM-{+j?zt8ysc%~FEh#tT*L1Bzi@rLpHEFcC@ -z37&Bef@j+hBY7)1Ad8U9Q_fZY!PWdV!<$)A!L;D^99D!DhE -zeQE;1U^pGX41@pY8<-JF2ME9z9peo_uJjO)6ojpI>t?AXtBj{Jv>|^u>h6bVJpBw; -z+#a^-mWMrkMYg}Jfxic~-vQC^Kt6wiU3a5|Vneevb2UJ$z)2qnB(3bX+ki6$-vZY@ -z_jNXQZTo6cC8;EgG@yE-_xV79ZGQJ%I{69AF&s=P;{7m`BV^eD>hi8QDGbWW=k(N~ -z?rwAx=6c3#F>pv2L4VOaP$r$r8H)wPkN!jmp#f9wlbG_*(`oK#@rheWABcv-oOfog -zZYz%aTa??GYAh^>vo?%Ytn1k}?VQgy3?$BA43ITPmqN=#z7%|ZuMyYTsb!MrPNefm -zZqFRZBncUQLYTJFRO5#Vm}Abxr(6e>cmXMQ`{e6;(W1HbvJy+6ch6Ew4a%-^T)$S! -zZ-KnuFs_#(<>qmAQHUMRgA=lor{8J5+lgi3=XMhrn{rQ)Q8o{i>As;dbVXX%-pF_* -zZzgS@b5K1fKeg-SDJdp=IfDL64sDgQcs97g>-}r5xM&}z?CAJ5DfWlrG{Vclzf>dn -zo{V*Ewz$6%Lf?^0e0Q>3DIInhuW#>Yl@qx8n7!wUPXuV11Kb@ccR{%DDS;0qHY>mu -zu-vr2t#J+HN=T``{Vnn9R#VlV+Ii{wMEM1hhXQ^ve5Zr$o3Kq}n^%2LkRM1kp&yyN -zAIuV?4KWFhmGbLG$uK=egKjkyGTp!b68!4=amq-$qDri1b;qV9YFJH~WOizc9I_%J -z44_J>+hGh!f}QMW!}Tr^@1zS%n5t6Ov;=QmkAqZ|PFXjGT~H>*Zg3m@=;#5|xjVXa -z=7!*1ZMuW{7jRvPZEBWku= -z>pX3o*5O*R8WWG=%h|0czJp%Kpab&Azs(Zn5^hkb3c)52sAW^j`(JBf2EO(u;};5! -zJ78c=pipR;Q`}}oNj`E?>xmo1c;h+*jm-F -zvGHxT@3QKop@A(X%GI?VH>66GGkfm!BX8F_RG=h|*OTP)9Z`1b7<0OAi@nQHs^*85 -zy*k?D(T_YY`YGM_^c@Sl@gz6Yg;Gw|Vky;(_%~Rln$h^CvdyVE;n0ScW(%D_2ZaT( -z<3JvG*k_Ou-4q$NEa0%}?T(4#q1{(hydmIOYF_cub5Cw@>J!^KG*=9kyF|@s=|27Q -zk5EesrnuH`ef-b#>n}vJP!(M)-5U9(H%wuaT-Hq#?`FZSaO8=JSxam?LFa7UX-&BK -zIDm)7{outv0D=ZX@KD@$+xPo;!p{7cP0UOn@b^&eyD9T;z_IRE*SwPN?f9?2sdG23 -zR1)>R-S`UQdvhgZ6oQ8g4M@YO8nkG!jk}taE%TK@@R2z0qnt?s#hH5~A7!4`E7*MW!m9T778sjy_p@|)v(>Z)=gcJcZLp?ECAhRQ*>te0UgO>T -z2!WGkqg5>=c`{xYLI9e=7GvIPcLnpC&fKx}N>j5dT@r0A!A+m^|pCwV%3}UgTlK*(`F{ -zPE_J;HRlt|ru*VW!Bh<_#<*>;Jv5N5(AdP?(m~9_6tWxOYfDd`22P^04U&R2Zr$>- -z+S}&in23Z+TUPeaSFchSdhOE0HWRA57_5a4k<9K1n4QJ6@Ttyv(<|-^FIfAs){oKH -zqoB1uud(vU?4o(Mh)@Yne2`GvO5mxWbYq0!lNT2Fo9>2DjQiZ4nM|rNda1}rV7|GK^jbT#JYRA%BE6nLJBS9BEd(yLu>AqCaWH~S=o;Yl -zic31awmQ -z51!~>BfRljLJY^Qp!I#PjtaOIPDWYp+$&mbuVGcU)QqmMx@9N@lGwtF9@~Xn-;x*U -zRR}CmP}b3UWSLQx=yn#R!-^im4P0K}(>&NwVZrb@W~U1o6fNJ0i`^IUgM;lg5T9HE -zUp?nq!(DFHFFOZ^v`yg@3Tp0oG-OAq7r%L2@%9|U=R!)c$gbRS?~&Uuhq2aMJ4bF) -zf9njx1D3ZECBTEZrI0V={tmq_rW~!5r`TA@z92xfYOR#%H)xcyAYVzqvpW-~s7ggZ -zV|Wf(Fi+sk3X;)Gv!LJ@2C>OTp;CMfZI^QGP_q1}y?ib7d!@%IEYg|Tz27j)$Y$y3 -z`4@4b-II|shmwgiM~Bgiiypp>)Nf4n-UjRgh-0>@+qtPVBd)8s%)CyCu8_8O6#0mT -zf%CXFZHEb(A-2~HXCGkoY3Frim&%;~856h40r_N$o~%%u3OU(#^nHpCJf&869MoR0 -zqP7On(hy;EhPkfH46;KSkjHL35~I4ooaATVlj8K4mFeX(d6hS_vW^&Q1gR$l#1FOJ -zP3WkyRW%X8xE`;1+p8FC`VJL(1*uzfeD%;{Gp$p1BKOFmMcJo#Y&Mx?ruFQNH{1^7 -zOHZfkTqNCL8+mP1emzme1_TNP`D>}n-%12coa(BwP0IT9FXEZ1t{DyZoYPX;)PLp^dR -zK=cP-8M) -zf3265`=`i(z#yUj>vI3o>>xtn<-Ye+$zWwI^q_2ul78QG*>lf;C9Y5z5p$iWB-kVb -QZf;>CWNWRj_YbE31}omyrT_o{ - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..fef1e51f71c94240b8d5e375b3e5273a7cb54be5 -GIT binary patch -literal 2702 -zcmai$cQo4z8^xrY#+` -zsC%QWRa;5aj(vO2`=0i^??3mC=RD{8{XXYB|9#FEz%!(PL9_s#0Scp+OfXE?X9CfI -zO7Zl25Ip@BfTyPbc!Q@&82E%CpMi~4*-@x=x8h{^0@0?%=a;JrWBq6NzTQ|xqnPt3Pp-qLOF?ZhM@U*k% -z8S;f2Y&sjIWE-ljnY#hYDxCPff~cAMW*cxt}-Y;CpLL2`8~mKlp|`+ -zVO#NIfJLR9srurg7<1Ej)w-T-%g)6@!yv*e+5k~^q#IT){H5sgJN5YPZcURUPXdi! -zN@w;^Hc`;<6N_m(RV87hh%xp;Lh5x;sSl8PXF$HOA0?7+FDt$bdiyl3%%I$X{ra_f -zJ`2RXrjL55k{(`MOM+~0Zmgi4Jnc^Foo);RAE$@##I$FsjIw!{Ot0hRk*m@=_D065 -z1+(e<9K&kCg=sx6&WN!QE0MHc@~B@qO6EeUeBQnCiO2c5Fw!CwRHFuyuQ7&RbJ5UBeuS)evzOVc5rXBoRm=UlL}s>=o~+5 -z;7ZH>w)!=YdqryP?c=0xTP-zzY87Pe6XX|(UJCf7h@CFhVn7Q`eZPV#0iQikCX3UsTbnBm^N7vPuIPg2J^6)(qm*LH1MB1ct~iDqZEh!HCS -zivd(AZ9AM!NuZkzWw_oW?3*mbfUYTXPfzsK@j6Jm+%4-tw+qTf+YN7{9vo#rU3+n5 -zvyK9Hv}g`0NA_53jmR_9k;_gERIxH8D-D?j$#GKkq575igo26mtuVg~ -zGDsY2l^9*E^X2>0K>0{pzxF_tt9z$axmMf^J6RHZ(xN+Bw%mTH@ym<=bJ%nxmQOGw -z{(z1#kxZs$Pji|XCHu)qt|x7j;Efv~^oce)=aynrS{KfxKLOty_<)g}W>R~>&)Tkv -ziA(6PeVfxD4Gn5DQLe4`a+EAp&hEQAh`3$vRD~2jSx=TPbVk~#q0MP}E%vU&sF)vG -z_G@dA#y@aBA0+qQ)psuP#S=Y{Qe_;>C6X#x39m5>b>j&w<(t#cf0>fi)_eBn -zA7Pdj4Ds#91AI^Q8>Mhe6h${nk7nMP4O197pLr9>vstt&6n$!9))v=Uq0QBBRu^IZ -z5x_&^fAHcT06{|_cqsO}?f-qeVdwtKCPoGj_L8EU{nVCi;PV<2bp?&S?k(E@@7*8Hki{T6W!VwY`WM~uJLSs -zfWV1!I28*C?yOf&q;ef)*q>6*lozg4rs>VMY-wLJ>nPM6xF}#_)8C&%VxR4zHplY7 -z&g4k?J9OzW$4XKG6wbv6o}**G7S@V&J$r}HfH})RM4pJKJm`bM)Nz}^}vK#1cOG}#$PNuO9mV`BL-SV;8 -z+va7TjD|~FR`=1?ekIfO+og+cCf4@QSqmK^7(ElwJ4@*i)7_1xS3MV>GY{mfpP(>D -z!D|CP6O~iB4;MTl!^FMu!GayDL1zNe&5?$WpIhK>cpApg?{j{1Z%B9`i$^O~`h2A7 -zFc!~-gk(m4b+Ns~QBKNW4!}#U6&Nne}zu -zVCmmIHHD4zx=e0W6gNCRT}`>)yw~CT=@+pIzGn)jH|qxU^6pFqE}rL8c2$i|t`3;} -zBX(lwi}BcaxlEcdYWblN|3Ygq@s(CsWue4oWM(6sRxlMTTMX#7vHk(EaWaBU>KNel -zN=m!FwL4RvX%O~MxS$fx3(h=xfw95%Q|04?@q@*z(%-RiHWk~c_k}_;c{_;43BNbK -zs!;%!ypwQcYS1Vv>u8aCwo5lhvu5n)jNN<_=-haJgX|{epA>}Ly4r>qeI-%l9zuo<(Q$-*MMz^<%G57c79sjnEO|3c0spzPiV(mvV3II -z&_!&AmeVBF5YumlwGXuVwDYRE=kk2OITMfSA^8-GzML@ZWm1a&_`6g;cxt`SM^IynL8BdRfNvN6Nf{u&Gc@a$^0XWHf6t(iMbS}*>*0+*PKoy -z-6t~*ZW5lbje-sepPq_JHyvuU>)D(vp -zmZFk4%`!FtN#jzg-76#o5in2U9)&z)xzS*!j>cZUTI%tJeG=nm-4jj4+gh9GjP%JN -z0g)eorRS9U1#-U6^%--@hOGy5lJh|xqas0@H(eZv0{j7^ABRw8Kn;-oDH#C-1a59& -zBWP=_ulEmE!63o^>vI3o>>z>>mHu~CNML16)Ua%ulK#L<`7`gp9+tpJq5r+oPI{IQar@!yJZdr(R^P9KNApO`$IsP03$%+r(^{9AaFGT*QT>i -zZ2%YyrvVsY@c(=R(?e+hei*%DyaC9S76L*+SnIZKmRT@MdpbiK3r3>uzK_P!&Tz)< -zVXJR@*wI$y_{r$|d0+<|SQ^vi3O3lZH%iy7sWzsr`YbDO()$XMM$VgUz!`&Yg==2; -zHXFOTZJ$ISm4=cAl}~j)AIP)L@4n3-KZZGmfl0+Y?}u{*EjmHn-c_eXf!PHdo*I!4CEAmwhqTtgpPB+pJpd@SOz{WH{tOq_Y`R*vk>W?8<&T#N@?2}8m;8d -zr0sJIsRkCLcE30y#e^+~(|*aNe&r~c4XW~b_sT0S+Q%s;I=&sn_CSnU@nYyNFn -z5V)&Jb5J?F$6{l+K206I>`+e?D^s*om##;RkqL)tSLWjL$J4e>vjkfdM|$ds>K#^E -zPnxE+IF~HP#iDp~cdJSw&m(cJp(*V>rDZ@td1qXDM@ -z(rAms$V#m@-=})YN7}m8hbrg0c3PBb#7%J%C4nc+IwNIEZI>FpObalFOjY9e1cTxZ -z=ok~$*Qr@kT&9LeKC-B_#ElZXQ9Xn{!CL#=Vw7^r{JFFz;9LD4urgCjsxSCi+f=Zz -z@$EKmv+Jdx0jpl1M91FeiBsZjF83%I-N;xzBHI|`vEWWvXb81c~r16F6LKo1v&cw3g -zKpuS1ub&d#92vUI@9@>z9TUe*y|18fgWt2vtm=j5p6ue(C)PD+o+vDDiIUmcbN1&S -zAr|Hgac#%_d{6ZnB%_%q3N99IO}x_^Cb0E9=1nBeX5p?-KzE1OGjXTEwOnR7#${VDZKY5q!Os_tC#mew`X_5z*$ivrfxeSO(v_L)vQWe#WJPbddO%C0O -zO1z`ue2Uq0U%Vucs)ofFwGVZK1h5tv8M|9Jh_?NVt>*p_jJi>pESZZJOw2LQOZFmCzxA(LDjPvzQh()zx5f)qUYPbAR^Q2^xD8 -zxZ3YEUOAalJnt4BBJPO~6l`A!I1`X+3O9KC+#G+?-5`p7pX;M*ef&ciJVv3?>mya0 -zv1leJC?oQ#lg%ZLa&kIz=tbe-BUzW{PL4zSL=}H6^{bCpA+J<9wezMHx*0O3*Vc3b -zrG9tU5H{59G`?L?RR8#NCHXjIqk&E{kP4P50(4qg|A1IK7{VsB_3^qT -zrJdi}9I4OLiF@eifD-o$jy$^lF@biI -zvEH?c*SD5fMq*dcdcO8!{H{flQC2(miobT$GOJpsM^{}~5$u(1;Tfq+Q$Y8k_C&?qGV-ctXk5ff)ff&!p6 -zGKVOfui(iJlvYnOU&ql6VUrC*P`nQ9I(fE889wA*fd=}W;-eHMsjQs7W6Uz5MQVEf -zd7MbkWaP}DMB>cRVf5mnhi?<*n4!U2pKXxkgthukUTW>A>sMS>ewTQ6aQoYJx$wrp -zi@0`8hY6|yw$Bu2=WqFG=M|y*@|@o}V>iN}T(Ws@b_nh=IoWsYU5XDprB3K0sH1R2 -zWfh{KCQR=Pb6uGkVuLgyPTaV~$Fzeu$WOtiB^fa*)63`b2{*H|kLYU!D5r(Q_jTUQ -z=&16qD#8MBycVynG#2dDFkA(R2=q5e$<~_y - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..35ebe05d177f7d745251e2fce3ebb4f23e0ebd09 -GIT binary patch -literal 2700 -zcmai$cQ71^7RK$`T}$+Gm0-0cYF59jURE#BuVfLuv(bVGmgqv<=$){+SY-*KlY|r! -z#Jx+RMXxLRB6xZ8-X!nMdo%ZsGiT2CojK>f-+TxxO%f15iNMl;A=F|C`U%H$04hKk -zmih>UrQSnesYwVd$oZ!QDZ_#+ze{F70LAyF|I+~=Y<~=3I)ouY^yf&6;08feacsLT -zzI8!BAd~_@3xWRY8;}}If#88qJ0<7?+$cc+F%V<@-tBU8dPy%AaC6~U^!*PpSju_U -z_#<@99Zx&T>f8V+y#P=2kRwBLhD_lOlh#hzwiVgh#7&Q39ZL96Nl?#yyN_@|VcVe^ -zSHCXAZSLDA;|OKpgkhx%ozEw-j7x{_GKo(iP7y#t3Fn8=JU;VoK(9~rMR9OWA&Zwf -z>2RmJINvLFkBV8u0Q`&Ei2~tj-eep?`0P&xJ|x1J?IN}+>~fARMtJ&8@&~;B7|Xo{ -z`+d2o0JADvW7XwlVfyBY>Mb4X)`M$>`a$@4lpd_^OgpSX;7ifx_p0$dJ?chD9(W4h -zl&y;$ytw7Nd?m|$vy|gQ5y*@I|IY@ -zg8B4gmJyZU!nEF(mxS1ewMfb@dE^b2(uI&}@At30<70fCb7K-Z#h4xmlPh12{G}Ad -z^>ng#x836vAM&1P(z}Z_oJ9BytgfAtMPAV16Q+I}-$=k5Gq5j8TAaVQsgesWw7|m{ -zxYl~SuX+>UR+(CR_gm7}z1EsPH3~A1@iNN4`pCo+oLFJyPyehk$I9?Z`gz@mU7gr7xy@ -z-hubN2E|F$=n;dp!S)<^RMD}4EL<*cp(fcNHbKOls@_;kD40y&yU6BilOOAAz^ipx -zYBsgZX|k?bObSPHHyO?E8D=X1TZA(|un}Ggz(MUs3bpl~4q{~r+5HcOV0Y^stKlN&TgftoPH?g)8aJ~>Ef0dNg-go)u -zA7SQZH1QqZ2DzWp&>-CMZkc8nq0`SiPR&fTIz{-_HhllHi-N=^2L%en~D -zDFhZA|AQC*1Q0j`gau>1%YNU>3v%V(Y@($B0Kc2k-$lv41CHg8ikeNKkJH}*r@_Mz -zCokx8x8)Ve@Ai7=1PBWn9hQKSRLL86c}HDJ_Z -z_Tkz%l(qWkjaC{OC^9r=8=~v=VXW&2$(v6Z+@VhwOLXm^vFc`0y2-iw -z5d{ -z(LNXRbQDy=9M?}-yRl6*V4E(qn^@aRWyyaEqxDEc9jv5B%=R=I+juO$pdZZHI!B_< -zf;R`fC#z<1OP1Ut!$iEW!F-+TL6^J|Es^?9UzlNUd+0|~AG1xlH6%Qi!lLA=yr;-o -zw8irwA(>Gd&eqpiDu@~M;nxI4&!k;nI6I9T -zOZ@JkE?}V3ZFHxyxZ&x=ddj1gqfVbszX(@yKbO7muN&0KyFVSc%*w6cq8ycs3z+{S -zc5?WO;rK*_WSSvzwZwpDsjZmsS|hBgP;@skvyn<8m<*IEMrgM){sFRbG=NNN>0xzB -z%eudIIFX;L;g66pL8Ts7oj7#@V}tExDkks~C(Bu7zhk7WD)&<#@rPz|brK8{es6qT -zBMU5jFX}?qpjKYq*(&|~kZOTq)6mxmv->vCsqxXywyUsT(mfb|DK9v{lR?x~SZs)6 -zT}mz)4+B7U^o}`M5(!m_9OB`j*NLBFZa?EW&gZU#Igj8XtWMT?02Tp@)nQT@LKGPp -zPjzorzVTmW7>ip+>iXGF@VFJvL|Yy_DB0+$qgOFki>bD_qb~*!*~1E++lJoSlMxt@ -z4JwmW&{ThHo>h_L&JNe4M^0jfZ!B}Eog66Ap}3rKGx_vN*6zi}9rO7^fp)44pIn1p -zJ!jp-+-TFSxC#Yz&SGSX>K=GD=SHiPzIjsp_A1rq;_Xs_L+Q1FGxsrOL-n_|PHe^j -zmRb5IbZc&2pOGz|ji4TxEgJ?oD69adHUN -zu|-(XQYB|ju%ueL**1o11f60KCdTF1shw{Nm*R#W6{;iO%Rfn_lgQ2;_=Z}8wMon^ -zy@(g=n~9n~6-}ByJB?Xc@$_pUeWPjg(PJ8BIA^T6o1a!U?zVx+F6a^I4efllEfd*1 -zd=1m7;W$m!M-P}_>;f%59lXZ%DlP_GF>=QZ%cPj~=Y(Mti79>)?^AuDsrCF*fUcr- -z`@I{j?NR8=0}|KH*m)=p=FL2+B1xz~P|3Rx1K51d#aI-Wu!VoL~RKU#aPxSA{M*ucpt;un1#F -zN{O=! -wg4}<_IuKt(mEQv;B2YmcIU?0AuRAzb@!TtLl{HLKz*I9j88QQc{^zZK0K6{N*8l(j - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..e8d4899691bfec94614bf1614c0e9d45b902cf24 -GIT binary patch -literal 2702 -zcmai$XHXM}7KKSjLJPg9krp5dtO*HCK!hMlfKXgfI#LZaQi2reL5lP$MT%7EC6I^; -zC`DLA7DP4z(iA~@4~T#+JMWFY_iKOLxpU6BGxy&&2Tf*=0|J=QWOguwO*UFLdXE#p -z0(eAb+Xa!?w$Nm@H8dII@GF8mB7;nhEn^^n>3He>N&slHp90K@)wmrh*}zO_5eS=Iv@YNlGYB9H;<3c(p-6ScN9EXskqoP5qi{0w -z47G^^7Gd+bc<}~Fgv7UOY||$9Vx7GWFqBwZz(2@Li=v*KZ6RzFhbL%5y>@HX*g|fK -zCFqY*(F=sh(a;N)GHI#~25yMcT_{*a)IDT;VNko2^?scCxtKjyLprQ(YXAh}L#%n( -zTQrhNI76$_g!lGcpUJy)#$0n;G6ZQ#gO>#8w>!LU{(S-z=WV6_Pg -zU*q$mxw1C5Ex$SI=B3N?jdOchd{4fgVv=pT4ZoVk9Z8}FNHUvYc4BhvoTUsI8L^sL -zopiZ;y2XdHfUO!V-Ar5BROQO(-K1jGZ7ZwQ!@L!*8;l#mKUQ?Yzp@bGbDg|ELDX}Q&X!Y4%3b*7*VHf%9yZv!SWi>t>qm6DRrsYEr;&BPo!3}4V@ -zk?AMeU*?oAW{xGA$SE*L7`tfRwiT#@v9gqOtDkqwN;#{ly0J}Nt?hZV1xAlN*4&`O -zo9da~^}MoxyT7Vk-92 -z`Y3n;E-oE~9xR#>@)u0sn#CVfstkUtzoh@2+a05kV*_uuuYEzSeI1hbS)7*QO!P~C -zUpz75Z=$s3)O#=QnbMzDER&L`hq$60tR+pC63&E_?TS#3G2b&kyp{F7S&&35;>&M5 -zoi(MtRe^Tbu7XhXI68w9sOH1As}p-duSoG*Qkw>vkUeG2mDftlHA~m$ge}onp(n8m -zjgL*GaTIZ6RA)2QALINZPma#jy)Ibw&1Y%$yleTJY&G+3C7q8dc)f9RLJ&!BHfys` -zaK2_A6@J2!er@{0=ws8BH6wK-N)Zh+u50iiFvMOD3ykZI*xk+il9(tg0csxxoP57w -znjV%tW3PLyr -zEqvBZD*alJHx#UUSUudi^LW71U$8h1Dw(>yN;V%GV;T|#h&eWq{{|fGcn3K57F4v8+{vgq3Oh~ZrmcEST-O8z4%K1s}M;tPIc -zvuMYpV5W+0Rp}Q}bxD!pJEs=sD=OV!n^Ee3qTtk`$Aw(zo%z>QnV?T|U!r)o;7w81 -zU8CuN( -zJMm~CzxWw161M$eue=Jp=M_L1i0#Y2MGA8K()rh?vW>%30k;T}1? -z73pvY=|4vmbzqOSv-E$-F!*{oNrwn~$f41DUk0TThvqA(==BjI2KmgHnSx1=#&OijuHpX8vmIu1PgNf;+T-W%LX3WP -z&{M@dfCZ%)WLtc}A*y(c^jYJ2tcE(uY+ewf71epylo^X+N#8rQb|Ue`>HI&+qd)mi -zId1=z#p>EI>l<)+iMA|za=3;zliQfPg_;_ezGxi5rM!wx@zl36fR6R;pK9|{zggX* -zI6Wwgv1upQj4OReh2&+=-Pn==w3ffs-CqWjKex5G188Rqb`XY6^RUk$`=4$`8sPh}=d -zv}X!M)}HY<>H3J5M?xOCT|9W&eD}BTmWQhLCqxa48DSh-kzZRxQ+j6ECqPlX{Qmc^GC9chTwY@c+_gztryy>w&dM=$U8i>Kpbf+D} -z?Vt}#Da&gwKZZJZ)>~u*r}KQ-=}o7F^3P&hdJSmW%72t?l7+Ayu%T4Lc{nj}7&S;y -zz22p-cu4Wo2I^8oDFG?Hj(rdN$71iy?jf1LKBnw%CeB1cCTX{@H=Qu31p;5@G-X&J -z1vYRNT{O^EkvCH4zO*k_)-C*YZk?&YXgTvRv&{EHw)K<0LYMb)dxsMdr7y};se-ZX -zj`eRLC6ZHm$aFaJ&TF0w;}^q&d-N7Xu0&R=9n)a$X>W)J+jk6IL8~=YwI;Vo$o%nPP#DS -zOsjaY(w>~gaR7Bor+MVily= -VW!Nl&SdEOYi{CK0av2B!{0(@<()a)X - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..64e14341a10d04e7e98cf83dbb2b6409ae1fd72f -GIT binary patch -literal 2736 -zcmai$c{J3I8pdbF48|5&vqjlrhOaf*e~6LnON7GM*TRf3A}0Gbexk{eEm_A}b`r8> -zuMmwr#kJMgD&qQ`dr#f}?jP@Y&+|O*Iq!d;^8f?}G6YNm5Ex*zaLE`{%mFi)4xCSb -z??VZ2DnNj50R*V?pNKY}0JS)^Odw#;=|cTUz`%{)0>%tn11|lMOaMQWo?KOURPZ9w -z69S?|M>=i!$5!lE!;5%1$L!@f+eA>5>rmGyl-<5gfLWQhjpo01c7G3*uvx%W?sgue{9RT|s4#R>C6J%Edk<=-uq-d@r!ROUg)X-ILGkK7})ZpGl# -z6-*+R=UWkb{1Uk*#E0!_e;YnW&+pQ^eq4sI$Ww|Hv(}0#a -zKlQ^+B%Z=t5EUDbniPw$^O<*tICAC6KObyy_!1pUMJP=_w3MQ_L}_KLa~I$j`nTT} -zHKwJ_EiYl2+#BDc^{A=46L)q=)y5g6&!p^&Vq?l?HW_g0&*yWG8)~BcGLmG2_zkpD -zuJoXL67oBKU=FvPnif~prLZ59aGj)q&F+Tb8c-j#f&RP0OKAu!zYnC!R&k()qJN1D -zH)n{YHF**!la_j>+`ZaK*3+)|hY9ao;2E{SU;60toCXNT@qDh`ml?gc_3=eV{?51F -z=U0+nWJ9&68P5wsaB~Oh{Ml7-lZyT?nz7-@3_Pa$cFyfOH{VqUHj`A%$91}J$gqD1T>EH^|xG)1&ISL#*ZFlj`&Q|`X@`eO}%)v57KM?!MyKQ -zXc{9i<$mE}VxakYPTQpB%tY3V*Dl{DW5lfc_V}%EtVn1p7nY~{N*8NuoyQ_$)ws86do%hBVb(F1bVEvsA9>F&O -zRQs=KLrclFky%8f;cM0HkAnqrG!8bmFh0|w6SSh^JAOInR!2Krmr4GHh^F&q&BF29 -z*|eckw27|l!`5RThgUd3i2XeIHB||T+HmQF1 -zPDP#z=8kjer&j+4rM{T~`6CS-p+%{%^hoip*Obdm#BNa17XnqR4f#}AZEEru&#GzO -zS(|OatP(Y7WaOUxEG~h6fN5pGvEXc-|1Te>L%`F|$k|~yrON}$Q~GV(GItZZR5rtq -zx@@Va4Xu+B1WTkJN6(5zi^HOIP318BM~CGBgDH4 -zLaK$Ks@QD9D>chzYe`t>NjjE`cuObjo}66SL50g8p9$Sm^^tns -z;0_RAQNMZd4}f48C;@i&)b>3cPg=(RvWbZS3^@&DPfg_i15SP5i)Nv}TDSi%aONt8 -z`B0c7FBPnYhe9LB8cKkUDN;BJQl}W&QaCv2Pc-)0f6CFEbAOdK&Ob3`Zm!y`U3A_z -zODU+hSBxYWL41$n&+28lD!q0TwRAFBNsli%CnzuIPE_J$DjM&>bE7k^auH?~miFK) -zIqaBwg7QmEwp)ZSN6kj5jefLN-FgZBcH76~>AGKHJauJBXEOUCn_uh{(n3he>JRLQ -zR|B-g%xs4l(>}LpgECD!Tqrr!Vx|{2qiD6Sg)V5%4}U+mVekZjH08N`i}}Fy*3^0# -zKz&<(b0knfLr)75aA8X|3pbq_oeCq8e7yiN*S+Qd)>ig&jMwh9R+b7e+Im__SSes+ -zMDA};&vN=jlrY*Ehga$F@lBOSQ_Yyhk>Pz>=S5R8vmJc)scR -z=#Y@?kRW+Jndd2|TkldK}))zdux@RmaSl_TDG0?o5 -zMMh%2IT4G9~=#_+fE&WM@d6`gnk`K -z4ZAPu-T)R`7#!}|D~Z^i8YP*nzuQ&$t^)ex^SI)5bkOl@$Ch5et(hmU_H$6{=rd(= -zH*9Taf@8>5lz@Cc`s0rbN|)&x9;{@sX6g>J>@7D0-tggLsaChE -zzWcuCVOajxbVG+ly{x;j!jR)mBkL?no4>)=YitX8aX)SOTr(yPVoxrI*RR#up7#Q5 -z!0saXlgee#J^Ms>kaU^#^Pe+9Tw>CWyg)zG{L3(N9jlQ$s~q?b%j!`e#kFy^z8iAp -zQ|IfPf8O6EM%?ua$)DxW{I#W1QaAd&_M^8%JCiVwCzS=o!;k(}DaOl#W09 -zSk4>aZ7zFHy<|Igb>#!~?A4PQWj>6QxLJ@Kj1CZPTN_dw)mu~-BUvZrsoc9C#w#ld -zT>K4KIHxQZl%o^f%#yHeHs^H6%z -z8T%F9D?MlaAu9x|^*?Qn@wCnT>2{|Isuci|f7PzcNM|bXivb;s8AAv{)-jC$Rb~R?lGFsEHIm`3Psh-q4iM{;+CGg!1m8_f06hv5BRSmBm$E2pIft -D?Q7k< - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/nomac_parse.p12 b/test/recipes/80-test_pkcs12_data/nomac_parse.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..d1a025e8bd7ba388106c9b0b69917bcf0d75c981 -GIT binary patch -literal 1191 -zcmV;Y1X%kpf&`-i0Ru3C1e^v5Duzgg_YDCD0ic2ejRb-Oi7q@ -zm`Z3Oq*FzpEwAUgTK!>P0tmf$!rKkJRCN*BGpSYjYzgM!Gc-6XRWeVUUAAN|1nJIT -z`n?9lMQ%vyvf8&JttHg_Q>ZosE -zp_Y3ncv1g>L6*c(uu;OihCtB}=sr@F0RrQbczHighw} -zCHVS#fOk?yDXd&IOQpas5z?eq&{!NIgiVN}QU%q0atzm2pm+t@wbLmMrBxz+v-ftM -zEmW?FTMT-Ji?<-sRocHjA=27rWx(rhRzf%h!jjjWhJ2rs;eAO5ls!`EK8qty##9%P -zs)&B83B+B&hJKktvV71Bq%nV+4=gW69hpiJ+D7;njk2wm)7C(f)UzuwVTiJyokgjc -z*yD)Xpu?U|OyC>0I`OSjoWc|oAoTIiUB_f+!^WWqg&Q3vxFi}l -zW$JtEHd}hpcl63D&2=RD367hZq<-C;kzlr#V6J}dqwIz3h=rqkxlqW<{<*3iXO+Yi -z6h_uyWZ8KSD0kkq-YFa%co5Qbe)OAm47ey6)lo8^c3T{!Z8r;&_vDPpnSkDv&*(f) -z0tQx-e;R~JWoMWB0$+PY(-MY!`asK`F3}w%sy*g)Gn#BPkcvk3t$&6DS&3T&6nnQ< -z=nKV)-MvN}FRLcX>3fL=q4aN3C!Iu^#V4(6mx{i_exS!lUV#^G_zqY&y;m;;7VuV8 -zlz+2g1U42cY)DPdjA)rW3)#aZYn%>Ot4ZRw+p6chfWw3F&^CR083G3^i{TvQh%PuL -zI@YS2C2~)e2v!x{5Ll_p1*s@h%^Sc(2?v;@cT&{(#>rWyew_n93d3zt{Ey+9jn7kc -zQ$n&dI(Sw&tA;g=OoTyro}FfEooxJ((fpLliunP1?Q0E(o^QB$Dd7u$4)13nakv(f -zn#_CEaVG5=Qi)oGa8dq|Y@C+9c~*zzJB+EQ`rxJ1dthRxy0$m)y?e)2Q(8lN;ZcFg -zyDMf8IvKYsj=I0O##^~wrSsWEF+>f(#9*eG#!CPO)cQ46{8u*V))|)ggdre% -Date: Wed, 7 Aug 2024 17:17:18 +0200 -Subject: [PATCH 1/3] Support of en/decapsulation in the pkeyutl command - ---- - apps/pkeyutl.c | 83 +++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 69 insertions(+), 14 deletions(-) - -diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c -index b5390c64c2a81..a14ad88217823 100644 ---- a/apps/pkeyutl.c -+++ b/apps/pkeyutl.c -@@ -24,7 +24,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, - const int impl, int rawin, EVP_PKEY **ppkey, -- EVP_MD_CTX *mctx, const char *digestname, -+ EVP_MD_CTX *mctx, const char *digestname, const char *kemop, - OSSL_LIB_CTX *libctx, const char *propq); - - static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, -@@ -32,7 +32,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - - static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, -- const unsigned char *in, size_t inlen); -+ const unsigned char *in, size_t inlen, -+ unsigned char *secret, size_t *psecretlen); - - static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, -@@ -47,6 +48,7 @@ typedef enum OPTION_choice { - OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, - OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, -+ OPT_DECAP, OPT_ENCAP, OPT_SECOUT, OPT_KEMOP, - OPT_CONFIG, - OPT_RAWIN, OPT_DIGEST - } OPTION_CHOICE; -@@ -64,6 +66,8 @@ const OPTIONS pkeyutl_options[] = { - {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, - {"derive", OPT_DERIVE, '-', "Derive shared secret"}, -+ {"decap", OPT_DECAP, '-', "Decapsulate shared secret"}, -+ {"encap", OPT_ENCAP, '-', "Encapsulate shared secret"}, - OPT_CONFIG_OPTION, - - OPT_SECTION("Input"), -@@ -81,12 +85,13 @@ const OPTIONS pkeyutl_options[] = { - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, -+ {"secret", OPT_SECOUT, '>', "File to store secret on encapsulation"}, - {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, - {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, - {"verifyrecover", OPT_VERIFYRECOVER, '-', - "Verify with public key, recover original data"}, - -- OPT_SECTION("Signing/Derivation"), -+ OPT_SECTION("Signing/Derivation/Encapsulation"), - {"digest", OPT_DIGEST, 's', - "Specify the digest algorithm when signing the raw input data"}, - {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, -@@ -94,6 +99,7 @@ const OPTIONS pkeyutl_options[] = { - "Public key option that is read as a passphrase argument opt:passphrase"}, - {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, - {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, -+ {"kemop", OPT_KEMOP, 's', "KEM operation specific to the key algorithm"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, -@@ -103,23 +109,23 @@ const OPTIONS pkeyutl_options[] = { - int pkeyutl_main(int argc, char **argv) - { - CONF *conf = NULL; -- BIO *in = NULL, *out = NULL; -+ BIO *in = NULL, *out = NULL, *secout = NULL; - ENGINE *e = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; -- char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL; -+ char *infile = NULL, *outfile = NULL, *secoutfile = NULL, *sigfile = NULL, *passinarg = NULL; - char hexdump = 0, asn1parse = 0, rev = 0, *prog; -- unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; -+ unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL; - OPTION_CHOICE o; - int buf_inlen = 0, siglen = -1; - int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF; - int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; - int engine_impl = 0; - int ret = 1, rv = -1; -- size_t buf_outlen; -+ size_t buf_outlen = 0, secretlen = 0; - const char *inkey = NULL; - const char *peerkey = NULL; -- const char *kdfalg = NULL, *digestname = NULL; -+ const char *kdfalg = NULL, *digestname = NULL, *kemop = NULL; - int kdflen = 0; - STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; - STACK_OF(OPENSSL_STRING) *pkeyopts_passin = NULL; -@@ -147,6 +153,9 @@ int pkeyutl_main(int argc, char **argv) - case OPT_OUT: - outfile = opt_arg(); - break; -+ case OPT_SECOUT: -+ secoutfile = opt_arg(); -+ break; - case OPT_SIGFILE: - sigfile = opt_arg(); - break; -@@ -216,6 +225,15 @@ int pkeyutl_main(int argc, char **argv) - case OPT_DERIVE: - pkey_op = EVP_PKEY_OP_DERIVE; - break; -+ case OPT_DECAP: -+ pkey_op = EVP_PKEY_OP_DECAPSULATE; -+ break; -+ case OPT_ENCAP: -+ pkey_op = EVP_PKEY_OP_ENCAPSULATE; -+ break; -+ case OPT_KEMOP: -+ kemop = opt_arg(); -+ break; - case OPT_KDF: - pkey_op = EVP_PKEY_OP_DERIVE; - key_type = KEY_NONE; -@@ -303,7 +321,7 @@ int pkeyutl_main(int argc, char **argv) - } - ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, - passinarg, pkey_op, e, engine_impl, rawin, &pkey, -- mctx, digestname, libctx, app_get0_propq()); -+ mctx, digestname, kemop, libctx, app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, "%s: Error initializing context\n", prog); - goto end; -@@ -387,7 +405,7 @@ int pkeyutl_main(int argc, char **argv) - goto end; - } - -- if (pkey_op != EVP_PKEY_OP_DERIVE) { -+ if (pkey_op != EVP_PKEY_OP_DERIVE && pkey_op != EVP_PKEY_OP_ENCAPSULATE) { - in = bio_open_default(infile, 'r', FORMAT_BINARY); - if (infile != NULL) { - struct stat st; -@@ -402,6 +420,16 @@ int pkeyutl_main(int argc, char **argv) - if (out == NULL) - goto end; - -+ if (pkey_op == EVP_PKEY_OP_ENCAPSULATE) { -+ if (secoutfile == NULL) { -+ BIO_printf(bio_err, "Encapsulation requires '-secret' argument\n"); -+ goto end; -+ } -+ secout = bio_open_default(secoutfile, 'w', FORMAT_BINARY); -+ if (secout == NULL) -+ goto end; -+ } -+ - if (sigfile != NULL) { - BIO *sigbio = BIO_new_file(sigfile, "rb"); - -@@ -473,13 +501,15 @@ int pkeyutl_main(int argc, char **argv) - rv = 1; - } else { - rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen); -+ buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen); - } - if (rv > 0 && buf_outlen != 0) { - buf_out = app_malloc(buf_outlen, "buffer output"); -+ if (secretlen > 0) -+ secret = app_malloc(secretlen, "secret output"); - rv = do_keyop(ctx, pkey_op, - buf_out, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen); -+ buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen); - } - } - if (rv <= 0) { -@@ -500,6 +530,8 @@ int pkeyutl_main(int argc, char **argv) - } else { - BIO_write(out, buf_out, buf_outlen); - } -+ if (secretlen > 0) -+ BIO_write(secout, secret, secretlen); - - end: - if (ret != 0) -@@ -510,9 +542,11 @@ int pkeyutl_main(int argc, char **argv) - release_engine(e); - BIO_free(in); - BIO_free_all(out); -+ BIO_free_all(secout); - OPENSSL_free(buf_in); - OPENSSL_free(buf_out); - OPENSSL_free(sig); -+ OPENSSL_free(secret); - sk_OPENSSL_STRING_free(pkeyopts); - sk_OPENSSL_STRING_free(pkeyopts_passin); - NCONF_free(conf); -@@ -524,7 +558,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - char *passinarg, int pkey_op, ENGINE *e, - const int engine_impl, int rawin, - EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname, -- OSSL_LIB_CTX *libctx, const char *propq) -+ const char *kemop, OSSL_LIB_CTX *libctx, const char *propq) - { - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; -@@ -642,6 +676,18 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - case EVP_PKEY_OP_DERIVE: - rv = EVP_PKEY_derive_init(ctx); - break; -+ -+ case EVP_PKEY_OP_ENCAPSULATE: -+ rv = EVP_PKEY_encapsulate_init(ctx, NULL); -+ if (rv > 0 && kemop != NULL) -+ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop); -+ break; -+ -+ case EVP_PKEY_OP_DECAPSULATE: -+ rv = EVP_PKEY_decapsulate_init(ctx, NULL); -+ if (rv > 0 && kemop != NULL) -+ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop); -+ break; - } - } - -@@ -679,7 +725,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - - static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, -- const unsigned char *in, size_t inlen) -+ const unsigned char *in, size_t inlen, -+ unsigned char *secret, size_t *pseclen) - { - int rv = 0; - switch (pkey_op) { -@@ -703,6 +750,14 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - rv = EVP_PKEY_derive(ctx, out, poutlen); - break; - -+ case EVP_PKEY_OP_ENCAPSULATE: -+ rv = EVP_PKEY_encapsulate(ctx, out, poutlen, secret, pseclen); -+ break; -+ -+ case EVP_PKEY_OP_DECAPSULATE: -+ rv = EVP_PKEY_decapsulate(ctx, out, poutlen, in, inlen); -+ break; -+ - } - return rv; - } - -From 1598da873df55887c2d878549f74b7aaed6d5fde Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Wed, 7 Aug 2024 17:50:51 +0200 -Subject: [PATCH 2/3] Encap/decap in pkeyutl - documentation - ---- - doc/man1/openssl-pkeyutl.pod.in | 33 +++++++++++++++++++++++++++++++++ - 1 file changed, 33 insertions(+) - -diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in -index 50c2030aa353c..9de50dd6cee8f 100644 ---- a/doc/man1/openssl-pkeyutl.pod.in -+++ b/doc/man1/openssl-pkeyutl.pod.in -@@ -13,6 +13,7 @@ B B - [B<-rawin>] - [B<-digest> I] - [B<-out> I] -+[B<-secret> I] - [B<-sigfile> I] - [B<-inkey> I|I] - [B<-keyform> B|B|B|B] -@@ -28,8 +29,11 @@ B B - [B<-encrypt>] - [B<-decrypt>] - [B<-derive>] -+[B<-encap>] -+[B<-decap>] - [B<-kdf> I] - [B<-kdflen> I] -+[B<-kemop> I] - [B<-pkeyopt> I:I] - [B<-pkeyopt_passin> I[:I]] - [B<-hexdump>] -@@ -79,6 +83,10 @@ then the B<-rawin> option must be also specified. - Specifies the output filename to write to or standard output by - default. - -+=item B<-secret> I -+ -+Specifies the output filename to write the secret to on I<-encap>. -+ - =item B<-sigfile> I - - Signature file, required for B<-verify> operations only -@@ -147,6 +155,31 @@ Decrypt the input data using a private key. - - Derive a shared secret using the peer key. - -+=item B<-encap> -+ -+Encapsulate a generated secret using a private key. -+The encapsulated result (binary data) is written to standard output by default, -+or else to the file specified with I<-out>. -+The I<-secret> option must also be provided to specify the output file for the -+secret value generated in the encapsulation process. -+ -+=item B<-decap> -+ -+Decapsulate the secret using a private key. -+The result (binary data) is written to standard output by default, or else to -+the file specified with I<-out>. -+ -+=item B<-kemop> I -+ -+This option is used for I<-encap>/I<-decap> commands and specifies the KEM -+operation specific for the key algorithm when there is no default KEM -+operation. -+If the algorithm has the default KEM operation, this option can be omitted. -+ -+See L and algorithm-specific KEM documentation e.g. -+L, L, L, and -+L. -+ - =item B<-kdf> I - - Use key derivation function I. The supported algorithms are - -From 1fe7d5b3d96e2ce1e822a4e6e042959af55b0145 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Thu, 8 Aug 2024 13:45:19 +0200 -Subject: [PATCH 3/3] Encap/decap in pkeyutl - tests - ---- - test/decap_out.bin | 3 +++ - test/encap_out.bin | 4 ++++ - test/encap_secret.bin | 3 +++ - test/recipes/20-test_pkeyutl.t | 34 ++++++++++++++++++++++++++++++++-- - 4 files changed, 42 insertions(+), 2 deletions(-) - create mode 100644 test/decap_out.bin - create mode 100644 test/encap_out.bin - create mode 100644 test/encap_secret.bin - -diff --git a/test/decap_out.bin b/test/decap_out.bin -new file mode 100644 -index 0000000000000..b94441ed1c002 ---- /dev/null -+++ b/test/decap_out.bin -@@ -0,0 +1,3 @@ -+6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ] :\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË ÊýJÝ)ïþÜì {ªHm‚\P ú+¸PÞ¸%èÄ/jÏ™%ç؆È<_æ~– -+K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê ×È-g,AYœ‹4 -+lÚtÚN­)~\HU4y០}qJŸ€ ”t# ¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£® -\ No newline at end of file -diff --git a/test/encap_out.bin b/test/encap_out.bin -new file mode 100644 -index 0000000000000..024fc40550f15 ---- /dev/null -+++ b/test/encap_out.bin -@@ -0,0 +1,4 @@ -+¼:÷Ùy‚ĉ5°ã ÿÙ[Û2ê<¾ê?«î±qÕª1·µŒ¸ºæÝ>YÎM寬3PÝ -+ìÛO’2rÈÙŠíùAd" Gç„m‡2mÏÄ7x•Ñhú7-ÿ@:?NµÇrSê‹œKÁ¡žè`«t¥ÉŸªÓxié头' Mhøñ‘˜3rÞÚƒ–Sd¦ðO±£ãHT„F§þ -+®‹kZ'xšFÛKùx”q"ÐÒúl@04E‰†ÌûŽ;c¾iA}U÷ÆŒ P6ýk0–‰ó%DôòLÄ.U– aO¨(LIý®QÇç¢ÏA -+Œ[´uÔžØ4s$¨†Ò%tÕB -\ No newline at end of file -diff --git a/test/encap_secret.bin b/test/encap_secret.bin -new file mode 100644 -index 0000000000000..b94441ed1c002 ---- /dev/null -+++ b/test/encap_secret.bin -@@ -0,0 +1,3 @@ -+6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ] :\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË ÊýJÝ)ïþÜì {ªHm‚\P ú+¸PÞ¸%èÄ/jÏ™%ç؆È<_æ~– -+K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê ×È-g,AYœ‹4 -+lÚtÚN­)~\HU4y០}qJŸ€ ”t# ¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£® -\ No newline at end of file -diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t -index 76e4f0a869459..e9472a21352e2 100644 ---- a/test/recipes/20-test_pkeyutl.t -+++ b/test/recipes/20-test_pkeyutl.t -@@ -13,11 +13,11 @@ use File::Spec; - use File::Basename; - use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; - use OpenSSL::Test::Utils; --use File::Compare qw/compare_text/; -+use File::Compare qw/compare_text compare/; - - setup("test_pkeyutl"); - --plan tests => 14; -+plan tests => 19; - - # For the tests below we use the cert itself as the TBS file - -@@ -200,3 +200,33 @@ SKIP: { - "-rawin"); - }; - } -+ -+#Encap/decap tests -+# openssl pkeyutl -encap -pubin -inkey rsa_pub.pem -secret secret.bin -out encap_out.bin -+# openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin -+# decap_out is equal to secret -+SKIP: { -+ skip "RSA is not supported by this OpenSSL build", 3 -+ if disabled("rsa"); -+ -+ # Self-compat -+ ok(run(app(([ 'openssl', 'pkeyutl', '-encap', '-pubin', '-kemop', 'RSASVE', -+ '-inkey', srctop_file('test', 'testrsa2048pub.pem'), -+ '-out', 'encap_out.bin', '-secret', 'secret.bin']))), -+ "RSA pubkey encapsulation"); -+ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', -+ '-inkey', srctop_file('test', 'testrsa2048.pem'), -+ '-in', 'encap_out.bin', '-out', 'decap_out.bin']))), -+ "RSA pubkey decapsulation"); -+ is(compare("secret.bin", "decap_out.bin"), 0, "Secret is correctly decapsulated"); -+ -+ # Pregenerated -+ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', -+ '-inkey', srctop_file('test', 'testrsa2048.pem'), -+ '-in', srctop_file('test', 'encap_out.bin'), '-out', 'decap_out_etl.bin']))), -+ "RSA pubkey decapsulation - pregenerated"); -+ -+ is(compare(srctop_file('test', 'encap_secret.bin'), "decap_out_etl.bin"), 0, -+ "Secret is correctly decapsulated - pregenerated"); -+} -+ diff --git a/0127-speedup-SSL_add_cert_subjects_to_stack.patch b/0127-speedup-SSL_add_cert_subjects_to_stack.patch deleted file mode 100644 index a6bd503..0000000 --- a/0127-speedup-SSL_add_cert_subjects_to_stack.patch +++ /dev/null @@ -1,201 +0,0 @@ -From e2e469593a15681983d16e36d856bf8fb7de8589 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 31 Jul 2024 12:45:11 +0200 -Subject: [PATCH] Speed up SSL_add_{file,dir}_cert_subjects_to_stack -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The X509_NAME comparison function converts its arguments to DER using -i2d_X509_NAME before comparing the results using memcmp(). For every -invocation of the comparison function (of which there are many when -loading many certificates), it allocates two buffers of the appropriate -size for the DER encoding. - -Switching to static buffers (possibly of X509_NAME_MAX size as defined -in crypto/x509/x_name.c) would not work with multithreaded use, e.g., -when two threads sort two separate STACK_OF(X509_NAME)s at the same -time. A suitable re-usable buffer could have been added to the -STACK_OF(X509_NAME) if sk_X509_NAME_compfunc did have a void* argument, -or a pointer to the STACK_OF(X509_NAME) – but it does not. - -Instead, copy the solution chosen in SSL_load_client_CA_file() by -filling an LHASH_OF(X509_NAME) with all existing names in the stack and -using that to deduplicate, rather than relying on sk_X509_NAME_find(), -which ends up being very slow. - -Adjust SSL_add_dir_cert_subjects_to_stack() to keep a local -LHASH_OF(X509_NAME)s over the complete directory it is processing. - -In a small benchmark that calls SSL_add_dir_cert_subjects_to_stack() -twice, once on a directory with one entry, and once with a directory -with 1000 certificates, and repeats this in a loop 10 times, this change -yields a speed-up of 5.32: - -| Benchmark 1: ./bench 10 dir-1 dir-1000 -| Time (mean ± σ): 6.685 s ± 0.017 s [User: 6.402 s, System: 0.231 s] -| Range (min … max): 6.658 s … 6.711 s 10 runs -| -| Benchmark 2: LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 -| Time (mean ± σ): 1.256 s ± 0.013 s [User: 1.034 s, System: 0.212 s] -| Range (min … max): 1.244 s … 1.286 s 10 runs -| -| Summary -| LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 ran -| 5.32 ± 0.06 times faster than ./bench 10 dir-1 dir-1000 - -In the worst case scenario where many entries are added to a stack that -is then repeatedly used to add more certificates, and with a larger test -size, the speedup is still very significant. With 15000 certificates, -a single pass to load them, followed by attempting to load a subset of -1000 of these 15000 certificates, followed by a single certificate, the -new approach is ~85 times faster: - -| Benchmark 1: ./bench 1 dir-15000 dir-1000 dir-1 -| Time (mean ± σ): 176.295 s ± 4.147 s [User: 174.593 s, System: 0.448 s] -| Range (min … max): 173.774 s … 185.594 s 10 runs -| -| Benchmark 2: LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 -| Time (mean ± σ): 2.087 s ± 0.034 s [User: 1.679 s, System: 0.393 s] -| Range (min … max): 2.057 s … 2.167 s 10 runs -| -| Summary -| LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 ran -| 84.48 ± 2.42 times faster than ./bench 1 dir-15000 dir-1000 dir-1 - -Signed-off-by: Clemens Lang ---- - ssl/ssl_cert.c | 74 ++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 65 insertions(+), 9 deletions(-) - -diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index 0ff407bf55edc..5e5ffe39d0655 100644 ---- a/ssl/ssl_cert.c -+++ b/ssl/ssl_cert.c -@@ -813,16 +813,14 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) - return SSL_load_client_CA_file_ex(file, NULL, NULL); - } - --int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -- const char *file) -+static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -+ const char *file, -+ LHASH_OF(X509_NAME) *name_hash) - { - BIO *in; - X509 *x = NULL; - X509_NAME *xn = NULL; - int ret = 1; -- int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); -- -- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); - - in = BIO_new(BIO_s_file()); - -@@ -842,12 +840,15 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - xn = X509_NAME_dup(xn); - if (xn == NULL) - goto err; -- if (sk_X509_NAME_find(stack, xn) >= 0) { -+ if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) { - /* Duplicate. */ - X509_NAME_free(xn); - } else if (!sk_X509_NAME_push(stack, xn)) { - X509_NAME_free(xn); - goto err; -+ } else { -+ /* Successful insert, add to hash table */ -+ lh_X509_NAME_insert(name_hash, xn); - } - } - -@@ -859,7 +860,42 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - done: - BIO_free(in); - X509_free(x); -- (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); -+ return ret; -+} -+ -+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -+ const char *file) -+{ -+ X509_NAME *xn = NULL; -+ int ret = 1; -+ int idx = 0; -+ int num = 0; -+ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); -+ -+ if (name_hash == NULL) { -+ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); -+ goto err; -+ } -+ -+ /* -+ * Pre-populate the lhash with the existing entries of the stack, since -+ * using the LHASH_OF is much faster for duplicate checking. That's because -+ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation -+ * for every single invocation of the comparison function. -+ */ -+ num = sk_X509_NAME_num(stack); -+ for (idx = 0; idx < num; idx++) { -+ xn = sk_X509_NAME_value(stack, idx); -+ lh_X509_NAME_insert(name_hash, xn); -+ } -+ -+ ret = add_file_cert_subjects_to_stack(stack, file, name_hash); -+ goto done; -+ -+ err: -+ ret = 0; -+ done: -+ lh_X509_NAME_free(name_hash); - return ret; - } - -@@ -869,8 +905,27 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - OPENSSL_DIR_CTX *d = NULL; - const char *filename; - int ret = 0; -+ X509_NAME *xn = NULL; -+ int idx = 0; -+ int num = 0; -+ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); -+ -+ if (name_hash == NULL) { -+ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); -+ goto err; -+ } - -- /* Note that a side effect is that the CAs will be sorted by name */ -+ /* -+ * Pre-populate the lhash with the existing entries of the stack, since -+ * using the LHASH_OF is much faster for duplicate checking. That's because -+ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation -+ * for every single invocation of the comparison function. -+ */ -+ num = sk_X509_NAME_num(stack); -+ for (idx = 0; idx < num; idx++) { -+ xn = sk_X509_NAME_value(stack, idx); -+ lh_X509_NAME_insert(name_hash, xn); -+ } - - while ((filename = OPENSSL_DIR_read(&d, dir))) { - char buf[1024]; -@@ -899,7 +954,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - #endif - if (r <= 0 || r >= (int)sizeof(buf)) - goto err; -- if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) -+ if (!add_file_cert_subjects_to_stack(stack, buf, name_hash)) - goto err; - } - -@@ -915,6 +970,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - err: - if (d) - OPENSSL_DIR_end(&d); -+ lh_X509_NAME_free(name_hash); - - return ret; - } diff --git a/0128-SAST-findings.patch b/0128-SAST-findings.patch deleted file mode 100644 index 77cb8e9..0000000 --- a/0128-SAST-findings.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx openssl-3.2.2/crypto/rsa/rsa_oaep.c ---- openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx 2024-08-14 14:22:48.733407808 +0200 -+++ openssl-3.2.2/crypto/rsa/rsa_oaep.c 2024-08-14 14:23:32.994483135 +0200 -@@ -233,7 +233,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(un - - mdlen = EVP_MD_get_size(md); - -- if (tlen <= 0 || flen <= 0) -+ if (tlen <= 0 || flen <= 0 || mdlen <= 0) - return -1; - /* - * |num| is the length of the modulus; |flen| is the length of the -diff -up openssl-3.2.2/crypto/x509/pcy_tree.c.xxx openssl-3.2.2/crypto/x509/pcy_tree.c ---- openssl-3.2.2/crypto/x509/pcy_tree.c.xxx 2024-08-14 14:14:13.144850097 +0200 -+++ openssl-3.2.2/crypto/x509/pcy_tree.c 2024-08-14 14:14:53.213826481 +0200 -@@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - - *ptree = NULL; - -+ if (n < 0) -+ return X509_PCY_TREE_INTERNAL; - /* Can't do anything with just a trust anchor */ - if (n == 0) - return X509_PCY_TREE_EMPTY; diff --git a/0129-Fix-SSL_select_next_proto.patch b/0129-Fix-SSL_select_next_proto.patch deleted file mode 100644 index 6458067..0000000 --- a/0129-Fix-SSL_select_next_proto.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 99fb785a5f85315b95288921a321a935ea29a51e Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:14:33 +0100 -Subject: [PATCH 01/10] Fix SSL_select_next_proto - -Ensure that the provided client list is non-NULL and starts with a valid -entry. When called from the ALPN callback the client list should already -have been validated by OpenSSL so this should not cause a problem. When -called from the NPN callback the client list is locally configured and -will not have already been validated. Therefore SSL_select_next_proto -should not assume that it is correctly formatted. - -We implement stricter checking of the client protocol list. We also do the -same for the server list while we are about it. - -CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++------------------- - 1 file changed, 40 insertions(+), 23 deletions(-) - -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 016135fe18..cf52b317cf 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -3518,37 +3518,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - unsigned int server_len, - const unsigned char *client, unsigned int client_len) - { -- unsigned int i, j; -- const unsigned char *result; -- int status = OPENSSL_NPN_UNSUPPORTED; -+ PACKET cpkt, csubpkt, spkt, ssubpkt; -+ -+ if (!PACKET_buf_init(&cpkt, client, client_len) -+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) -+ || PACKET_remaining(&csubpkt) == 0) { -+ *out = NULL; -+ *outlen = 0; -+ return OPENSSL_NPN_NO_OVERLAP; -+ } -+ -+ /* -+ * Set the default opportunistic protocol. Will be overwritten if we find -+ * a match. -+ */ -+ *out = (unsigned char *)PACKET_data(&csubpkt); -+ *outlen = (unsigned char)PACKET_remaining(&csubpkt); - - /* - * For each protocol in server preference order, see if we support it. - */ -- for (i = 0; i < server_len;) { -- for (j = 0; j < client_len;) { -- if (server[i] == client[j] && -- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { -- /* We found a match */ -- result = &server[i]; -- status = OPENSSL_NPN_NEGOTIATED; -- goto found; -+ if (PACKET_buf_init(&spkt, server, server_len)) { -+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { -+ if (PACKET_remaining(&ssubpkt) == 0) -+ continue; /* Invalid - ignore it */ -+ if (PACKET_buf_init(&cpkt, client, client_len)) { -+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { -+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), -+ PACKET_remaining(&ssubpkt))) { -+ /* We found a match */ -+ *out = (unsigned char *)PACKET_data(&ssubpkt); -+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); -+ return OPENSSL_NPN_NEGOTIATED; -+ } -+ } -+ /* Ignore spurious trailing bytes in the client list */ -+ } else { -+ /* This should never happen */ -+ return OPENSSL_NPN_NO_OVERLAP; - } -- j += client[j]; -- j++; - } -- i += server[i]; -- i++; -+ /* Ignore spurious trailing bytes in the server list */ - } - -- /* There's no overlap between our protocols and the server's list. */ -- result = client; -- status = OPENSSL_NPN_NO_OVERLAP; -- -- found: -- *out = (unsigned char *)result + 1; -- *outlen = result[0]; -- return status; -+ /* -+ * There's no overlap between our protocols and the server's list. We use -+ * the default opportunistic protocol selected earlier -+ */ -+ return OPENSSL_NPN_NO_OVERLAP; - } - - #ifndef OPENSSL_NO_NEXTPROTONEG --- -2.46.0 - diff --git a/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch b/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch deleted file mode 100644 index 29d22c6..0000000 --- a/0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 015255851371757d54c2560643eb3b3a88123cf1 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:18:27 +0100 -Subject: [PATCH 02/10] More correctly handle a selected_len of 0 when - processing NPN - -In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but -the selected_len is 0 we should fail. Previously this would fail with an -internal_error alert because calling OPENSSL_malloc(selected_len) will -return NULL when selected_len is 0. We make this error detection more -explicit and return a handshake failure alert. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - ssl/statem/extensions_clnt.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c -index 381a6c9d7b..1ab3c13d57 100644 ---- a/ssl/statem/extensions_clnt.c -+++ b/ssl/statem/extensions_clnt.c -@@ -1560,8 +1560,8 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), - &selected, &selected_len, - PACKET_data(pkt), PACKET_remaining(pkt), -- sctx->ext.npn_select_cb_arg) != -- SSL_TLSEXT_ERR_OK) { -+ sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK -+ || selected_len == 0) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); - return 0; - } --- -2.46.0 - diff --git a/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch b/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch deleted file mode 100644 index 028732f..0000000 --- a/0131-Use-correctly-formatted-ALPN-data-in-tserver.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6cc511826f09e513b4ec066d9b95acaf4f86d991 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:22:13 +0100 -Subject: [PATCH 03/10] Use correctly formatted ALPN data in tserver - -The QUIC test server was using incorrectly formatted ALPN data. With the -previous implementation of SSL_select_next_proto this went unnoticed. With -the new stricter implemenation it was failing. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - ssl/quic/quic_tserver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c -index 86187d06ff..15694e723f 100644 ---- a/ssl/quic/quic_tserver.c -+++ b/ssl/quic/quic_tserver.c -@@ -58,7 +58,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out, - - if (srv->args.alpn == NULL) { - alpn = alpndeflt; -- alpnlen = sizeof(alpn); -+ alpnlen = sizeof(alpndeflt); - } else { - alpn = srv->args.alpn; - alpnlen = srv->args.alpnlen; --- -2.46.0 - diff --git a/0132-Clarify-the-SSL_select_next_proto-documentation.patch b/0132-Clarify-the-SSL_select_next_proto-documentation.patch deleted file mode 100644 index 34e6261..0000000 --- a/0132-Clarify-the-SSL_select_next_proto-documentation.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 8e81c57adbbf703dfb63955f65599765fdacc741 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:46:38 +0100 -Subject: [PATCH 04/10] Clarify the SSL_select_next_proto() documentation - -We clarify the input preconditions and the expected behaviour in the event -of no overlap. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++-------- - 1 file changed, 18 insertions(+), 8 deletions(-) - -diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod -index 05fee2fbec..79e1a252f6 100644 ---- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod -+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod -@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated - SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to - set the list of protocols available to be negotiated. The B must be in - protocol-list format, described below. The length of B is specified in --B. -+B. Setting B to 0 clears any existing list of ALPN -+protocols and no ALPN extension will be sent to the server. - - SSL_CTX_set_alpn_select_cb() sets the application callback B used by a - server to select which protocol to use for the incoming connection. When B -@@ -73,9 +74,16 @@ B and B, B must be in the protocol-list format - described below. The first item in the B, B list that - matches an item in the B, B list is selected, and returned - in B, B. The B value will point into either B or --B, so it should be copied immediately. If no match is found, the first --item in B, B is returned in B, B. This --function can also be used in the NPN callback. -+B, so it should be copied immediately. The client list must include at -+least one valid (nonempty) protocol entry in the list. -+ -+The SSL_select_next_proto() helper function can be useful from either the ALPN -+callback or the NPN callback (described below). If no match is found, the first -+item in B, B is returned in B, B and -+B is returned. This can be useful when implementating -+the NPN callback. In the ALPN case, the value returned in B and B -+must be ignored if B has been returned from -+SSL_select_next_proto(). - - SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a - client needs to select a protocol from the server's provided list, and a -@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B). - The length of the protocol name must be written into B. The - server's advertised protocols are provided in B and B. The - callback can assume that B is syntactically valid. The client must --select a protocol. It is fatal to the connection if this callback returns --a value other than B. The B parameter is the pointer --set via SSL_CTX_set_next_proto_select_cb(). -+select a protocol (although it may be an empty, zero length protocol). It is -+fatal to the connection if this callback returns a value other than -+B or if the zero length protocol is selected. The B -+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). - - SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called - when a TLS server needs a list of supported protocols for Next Protocol -@@ -154,7 +163,8 @@ A match was found and is returned in B, B. - =item OPENSSL_NPN_NO_OVERLAP - - No match was found. The first item in B, B is returned in --B, B. -+B, B (or B and 0 in the case where the first entry in -+B is invalid). - - =back - --- -2.46.0 - diff --git a/0133-Add-a-test-for-SSL_select_next_proto.patch b/0133-Add-a-test-for-SSL_select_next_proto.patch deleted file mode 100644 index ccf1577..0000000 --- a/0133-Add-a-test-for-SSL_select_next_proto.patch +++ /dev/null @@ -1,172 +0,0 @@ -From add5c52a25c549cec4a730cdf96e2252f0a1862d Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 16:35:16 +0100 -Subject: [PATCH 05/10] Add a test for SSL_select_next_proto - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - test/sslapitest.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 137 insertions(+) - -diff --git a/test/sslapitest.c b/test/sslapitest.c -index ce163322cd..15cb9060cb 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -11741,6 +11741,142 @@ static int test_multi_resume(int idx) - return testresult; - } - -+static struct next_proto_st { -+ int serverlen; -+ unsigned char server[40]; -+ int clientlen; -+ unsigned char client[40]; -+ int expected_ret; -+ size_t selectedlen; -+ unsigned char selected[40]; -+} next_proto_tests[] = { -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, -+ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, -+ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, -+ OPENSSL_NPN_NEGOTIATED, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 4, { 3, 'b', 'c', 'd' }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 0, { 0 }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ -1, { 0 }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ 0, { 0 }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 0, { 0 } -+ }, -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ -1, { 0 }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 0, { 0 } -+ }, -+ { -+ 3, { 3, 'a', 'b', 'c' }, -+ 4, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 3, { 'a', 'b', 'c' } -+ }, -+ { -+ 4, { 3, 'a', 'b', 'c' }, -+ 3, { 3, 'a', 'b', 'c' }, -+ OPENSSL_NPN_NO_OVERLAP, -+ 0, { 0 } -+ } -+}; -+ -+static int test_select_next_proto(int idx) -+{ -+ struct next_proto_st *np = &next_proto_tests[idx]; -+ int ret = 0; -+ unsigned char *out, *client, *server; -+ unsigned char outlen; -+ unsigned int clientlen, serverlen; -+ -+ if (np->clientlen == -1) { -+ client = NULL; -+ clientlen = 0; -+ } else { -+ client = np->client; -+ clientlen = (unsigned int)np->clientlen; -+ } -+ if (np->serverlen == -1) { -+ server = NULL; -+ serverlen = 0; -+ } else { -+ server = np->server; -+ serverlen = (unsigned int)np->serverlen; -+ } -+ -+ if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, -+ client, clientlen), -+ np->expected_ret)) -+ goto err; -+ -+ if (np->selectedlen == 0) { -+ if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0)) -+ goto err; -+ } else { -+ if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) -+ goto err; -+ } -+ -+ ret = 1; -+ err: -+ return ret; -+} -+ - OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") - - int setup_tests(void) -@@ -12053,6 +12189,7 @@ int setup_tests(void) - ADD_ALL_TESTS(test_handshake_retry, 16); - ADD_TEST(test_data_retry); - ADD_ALL_TESTS(test_multi_resume, 5); -+ ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); - return 1; - - err: --- -2.46.0 - diff --git a/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch b/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch deleted file mode 100644 index ae383c8..0000000 --- a/0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch +++ /dev/null @@ -1,1169 +0,0 @@ -From 7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 4 Jun 2024 15:47:32 +0100 -Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests - -Allow ourselves to configure an empty NPN/ALPN protocol list and test what -happens if we do. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - test/helpers/handshake.c | 6 + - test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++--------------- - test/ssl-tests/08-npn.cnf.in | 35 +++ - test/ssl-tests/09-alpn.cnf | 66 +++- - test/ssl-tests/09-alpn.cnf.in | 33 ++ - 5 files changed, 449 insertions(+), 244 deletions(-) - -diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c -index e0422469e4..6b1629b942 100644 ---- a/test/helpers/handshake.c -+++ b/test/helpers/handshake.c -@@ -348,6 +348,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) - - len = strlen(protos); - -+ if (len == 0) { -+ *out = NULL; -+ *outlen = 0; -+ return 1; -+ } -+ - /* Should never have reuse. */ - if (!TEST_ptr_null(*out) - /* Test values are small, so we omit length limit checks. */ -diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf -index f38b3f6975..1931d02de4 100644 ---- a/test/ssl-tests/08-npn.cnf -+++ b/test/ssl-tests/08-npn.cnf -@@ -1,6 +1,6 @@ - # Generated with generate_ssl_tests.pl - --num_tests = 20 -+num_tests = 22 - - test-0 = 0-npn-simple - test-1 = 1-npn-client-finds-match -@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref - test-3 = 3-npn-client-first-pref-on-mismatch - test-4 = 4-npn-no-server-support - test-5 = 5-npn-no-client-support --test-6 = 6-npn-with-sni-no-context-switch --test-7 = 7-npn-with-sni-context-switch --test-8 = 8-npn-selected-sni-server-supports-npn --test-9 = 9-npn-selected-sni-server-does-not-support-npn --test-10 = 10-alpn-preferred-over-npn --test-11 = 11-sni-npn-preferred-over-alpn --test-12 = 12-npn-simple-resumption --test-13 = 13-npn-server-switch-resumption --test-14 = 14-npn-client-switch-resumption --test-15 = 15-npn-client-first-pref-on-mismatch-resumption --test-16 = 16-npn-no-server-support-resumption --test-17 = 17-npn-no-client-support-resumption --test-18 = 18-alpn-preferred-over-npn-resumption --test-19 = 19-npn-used-if-alpn-not-supported-resumption -+test-6 = 6-npn-empty-client-list -+test-7 = 7-npn-empty-server-list -+test-8 = 8-npn-with-sni-no-context-switch -+test-9 = 9-npn-with-sni-context-switch -+test-10 = 10-npn-selected-sni-server-supports-npn -+test-11 = 11-npn-selected-sni-server-does-not-support-npn -+test-12 = 12-alpn-preferred-over-npn -+test-13 = 13-sni-npn-preferred-over-alpn -+test-14 = 14-npn-simple-resumption -+test-15 = 15-npn-server-switch-resumption -+test-16 = 16-npn-client-switch-resumption -+test-17 = 17-npn-client-first-pref-on-mismatch-resumption -+test-18 = 18-npn-no-server-support-resumption -+test-19 = 19-npn-no-client-support-resumption -+test-20 = 20-alpn-preferred-over-npn-resumption -+test-21 = 21-npn-used-if-alpn-not-supported-resumption - # =========================================================== - - [0-npn-simple] -@@ -206,253 +208,318 @@ NPNProtocols = foo - - # =========================================================== - --[6-npn-with-sni-no-context-switch] --ssl_conf = 6-npn-with-sni-no-context-switch-ssl -+[6-npn-empty-client-list] -+ssl_conf = 6-npn-empty-client-list-ssl - --[6-npn-with-sni-no-context-switch-ssl] --server = 6-npn-with-sni-no-context-switch-server --client = 6-npn-with-sni-no-context-switch-client --server2 = 6-npn-with-sni-no-context-switch-server2 -+[6-npn-empty-client-list-ssl] -+server = 6-npn-empty-client-list-server -+client = 6-npn-empty-client-list-client - --[6-npn-with-sni-no-context-switch-server] -+[6-npn-empty-client-list-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[6-npn-with-sni-no-context-switch-server2] -+[6-npn-empty-client-list-client] -+CipherString = DEFAULT -+MaxProtocol = TLSv1.2 -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-6] -+ExpectedClientAlert = HandshakeFailure -+ExpectedResult = ClientFail -+server = 6-npn-empty-client-list-server-extra -+client = 6-npn-empty-client-list-client-extra -+ -+[6-npn-empty-client-list-server-extra] -+NPNProtocols = foo -+ -+[6-npn-empty-client-list-client-extra] -+NPNProtocols = -+ -+ -+# =========================================================== -+ -+[7-npn-empty-server-list] -+ssl_conf = 7-npn-empty-server-list-ssl -+ -+[7-npn-empty-server-list-ssl] -+server = 7-npn-empty-server-list-server -+client = 7-npn-empty-server-list-client -+ -+[7-npn-empty-server-list-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[6-npn-with-sni-no-context-switch-client] -+[7-npn-empty-server-list-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-6] -+[test-7] -+ExpectedNPNProtocol = foo -+server = 7-npn-empty-server-list-server-extra -+client = 7-npn-empty-server-list-client-extra -+ -+[7-npn-empty-server-list-server-extra] -+NPNProtocols = -+ -+[7-npn-empty-server-list-client-extra] -+NPNProtocols = foo -+ -+ -+# =========================================================== -+ -+[8-npn-with-sni-no-context-switch] -+ssl_conf = 8-npn-with-sni-no-context-switch-ssl -+ -+[8-npn-with-sni-no-context-switch-ssl] -+server = 8-npn-with-sni-no-context-switch-server -+client = 8-npn-with-sni-no-context-switch-client -+server2 = 8-npn-with-sni-no-context-switch-server2 -+ -+[8-npn-with-sni-no-context-switch-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[8-npn-with-sni-no-context-switch-server2] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[8-npn-with-sni-no-context-switch-client] -+CipherString = DEFAULT -+MaxProtocol = TLSv1.2 -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-8] - ExpectedNPNProtocol = foo - ExpectedServerName = server1 --server = 6-npn-with-sni-no-context-switch-server-extra --server2 = 6-npn-with-sni-no-context-switch-server2-extra --client = 6-npn-with-sni-no-context-switch-client-extra -+server = 8-npn-with-sni-no-context-switch-server-extra -+server2 = 8-npn-with-sni-no-context-switch-server2-extra -+client = 8-npn-with-sni-no-context-switch-client-extra - --[6-npn-with-sni-no-context-switch-server-extra] -+[8-npn-with-sni-no-context-switch-server-extra] - NPNProtocols = foo - ServerNameCallback = IgnoreMismatch - --[6-npn-with-sni-no-context-switch-server2-extra] -+[8-npn-with-sni-no-context-switch-server2-extra] - NPNProtocols = bar - --[6-npn-with-sni-no-context-switch-client-extra] -+[8-npn-with-sni-no-context-switch-client-extra] - NPNProtocols = foo,bar - ServerName = server1 - - - # =========================================================== - --[7-npn-with-sni-context-switch] --ssl_conf = 7-npn-with-sni-context-switch-ssl -+[9-npn-with-sni-context-switch] -+ssl_conf = 9-npn-with-sni-context-switch-ssl - --[7-npn-with-sni-context-switch-ssl] --server = 7-npn-with-sni-context-switch-server --client = 7-npn-with-sni-context-switch-client --server2 = 7-npn-with-sni-context-switch-server2 -+[9-npn-with-sni-context-switch-ssl] -+server = 9-npn-with-sni-context-switch-server -+client = 9-npn-with-sni-context-switch-client -+server2 = 9-npn-with-sni-context-switch-server2 - --[7-npn-with-sni-context-switch-server] -+[9-npn-with-sni-context-switch-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[7-npn-with-sni-context-switch-server2] -+[9-npn-with-sni-context-switch-server2] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[7-npn-with-sni-context-switch-client] -+[9-npn-with-sni-context-switch-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-7] -+[test-9] - ExpectedNPNProtocol = bar - ExpectedServerName = server2 --server = 7-npn-with-sni-context-switch-server-extra --server2 = 7-npn-with-sni-context-switch-server2-extra --client = 7-npn-with-sni-context-switch-client-extra -+server = 9-npn-with-sni-context-switch-server-extra -+server2 = 9-npn-with-sni-context-switch-server2-extra -+client = 9-npn-with-sni-context-switch-client-extra - --[7-npn-with-sni-context-switch-server-extra] -+[9-npn-with-sni-context-switch-server-extra] - NPNProtocols = foo - ServerNameCallback = IgnoreMismatch - --[7-npn-with-sni-context-switch-server2-extra] -+[9-npn-with-sni-context-switch-server2-extra] - NPNProtocols = bar - --[7-npn-with-sni-context-switch-client-extra] -+[9-npn-with-sni-context-switch-client-extra] - NPNProtocols = foo,bar - ServerName = server2 - - - # =========================================================== - --[8-npn-selected-sni-server-supports-npn] --ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl -+[10-npn-selected-sni-server-supports-npn] -+ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl - --[8-npn-selected-sni-server-supports-npn-ssl] --server = 8-npn-selected-sni-server-supports-npn-server --client = 8-npn-selected-sni-server-supports-npn-client --server2 = 8-npn-selected-sni-server-supports-npn-server2 -+[10-npn-selected-sni-server-supports-npn-ssl] -+server = 10-npn-selected-sni-server-supports-npn-server -+client = 10-npn-selected-sni-server-supports-npn-client -+server2 = 10-npn-selected-sni-server-supports-npn-server2 - --[8-npn-selected-sni-server-supports-npn-server] -+[10-npn-selected-sni-server-supports-npn-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[8-npn-selected-sni-server-supports-npn-server2] -+[10-npn-selected-sni-server-supports-npn-server2] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[8-npn-selected-sni-server-supports-npn-client] -+[10-npn-selected-sni-server-supports-npn-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-8] -+[test-10] - ExpectedNPNProtocol = bar - ExpectedServerName = server2 --server = 8-npn-selected-sni-server-supports-npn-server-extra --server2 = 8-npn-selected-sni-server-supports-npn-server2-extra --client = 8-npn-selected-sni-server-supports-npn-client-extra -+server = 10-npn-selected-sni-server-supports-npn-server-extra -+server2 = 10-npn-selected-sni-server-supports-npn-server2-extra -+client = 10-npn-selected-sni-server-supports-npn-client-extra - --[8-npn-selected-sni-server-supports-npn-server-extra] -+[10-npn-selected-sni-server-supports-npn-server-extra] - ServerNameCallback = IgnoreMismatch - --[8-npn-selected-sni-server-supports-npn-server2-extra] -+[10-npn-selected-sni-server-supports-npn-server2-extra] - NPNProtocols = bar - --[8-npn-selected-sni-server-supports-npn-client-extra] -+[10-npn-selected-sni-server-supports-npn-client-extra] - NPNProtocols = foo,bar - ServerName = server2 - - - # =========================================================== - --[9-npn-selected-sni-server-does-not-support-npn] --ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl -+[11-npn-selected-sni-server-does-not-support-npn] -+ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl - --[9-npn-selected-sni-server-does-not-support-npn-ssl] --server = 9-npn-selected-sni-server-does-not-support-npn-server --client = 9-npn-selected-sni-server-does-not-support-npn-client --server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 -+[11-npn-selected-sni-server-does-not-support-npn-ssl] -+server = 11-npn-selected-sni-server-does-not-support-npn-server -+client = 11-npn-selected-sni-server-does-not-support-npn-client -+server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 - --[9-npn-selected-sni-server-does-not-support-npn-server] -+[11-npn-selected-sni-server-does-not-support-npn-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[9-npn-selected-sni-server-does-not-support-npn-server2] -+[11-npn-selected-sni-server-does-not-support-npn-server2] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[9-npn-selected-sni-server-does-not-support-npn-client] -+[11-npn-selected-sni-server-does-not-support-npn-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-9] -+[test-11] - ExpectedServerName = server2 --server = 9-npn-selected-sni-server-does-not-support-npn-server-extra --client = 9-npn-selected-sni-server-does-not-support-npn-client-extra -+server = 11-npn-selected-sni-server-does-not-support-npn-server-extra -+client = 11-npn-selected-sni-server-does-not-support-npn-client-extra - --[9-npn-selected-sni-server-does-not-support-npn-server-extra] -+[11-npn-selected-sni-server-does-not-support-npn-server-extra] - NPNProtocols = bar - ServerNameCallback = IgnoreMismatch - --[9-npn-selected-sni-server-does-not-support-npn-client-extra] -+[11-npn-selected-sni-server-does-not-support-npn-client-extra] - NPNProtocols = foo,bar - ServerName = server2 - - - # =========================================================== - --[10-alpn-preferred-over-npn] --ssl_conf = 10-alpn-preferred-over-npn-ssl -+[12-alpn-preferred-over-npn] -+ssl_conf = 12-alpn-preferred-over-npn-ssl - --[10-alpn-preferred-over-npn-ssl] --server = 10-alpn-preferred-over-npn-server --client = 10-alpn-preferred-over-npn-client -+[12-alpn-preferred-over-npn-ssl] -+server = 12-alpn-preferred-over-npn-server -+client = 12-alpn-preferred-over-npn-client - --[10-alpn-preferred-over-npn-server] -+[12-alpn-preferred-over-npn-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[10-alpn-preferred-over-npn-client] -+[12-alpn-preferred-over-npn-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-10] -+[test-12] - ExpectedALPNProtocol = foo --server = 10-alpn-preferred-over-npn-server-extra --client = 10-alpn-preferred-over-npn-client-extra -+server = 12-alpn-preferred-over-npn-server-extra -+client = 12-alpn-preferred-over-npn-client-extra - --[10-alpn-preferred-over-npn-server-extra] -+[12-alpn-preferred-over-npn-server-extra] - ALPNProtocols = foo - NPNProtocols = bar - --[10-alpn-preferred-over-npn-client-extra] -+[12-alpn-preferred-over-npn-client-extra] - ALPNProtocols = foo - NPNProtocols = bar - - - # =========================================================== - --[11-sni-npn-preferred-over-alpn] --ssl_conf = 11-sni-npn-preferred-over-alpn-ssl -+[13-sni-npn-preferred-over-alpn] -+ssl_conf = 13-sni-npn-preferred-over-alpn-ssl - --[11-sni-npn-preferred-over-alpn-ssl] --server = 11-sni-npn-preferred-over-alpn-server --client = 11-sni-npn-preferred-over-alpn-client --server2 = 11-sni-npn-preferred-over-alpn-server2 -+[13-sni-npn-preferred-over-alpn-ssl] -+server = 13-sni-npn-preferred-over-alpn-server -+client = 13-sni-npn-preferred-over-alpn-client -+server2 = 13-sni-npn-preferred-over-alpn-server2 - --[11-sni-npn-preferred-over-alpn-server] -+[13-sni-npn-preferred-over-alpn-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[11-sni-npn-preferred-over-alpn-server2] -+[13-sni-npn-preferred-over-alpn-server2] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[11-sni-npn-preferred-over-alpn-client] -+[13-sni-npn-preferred-over-alpn-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-11] -+[test-13] - ExpectedNPNProtocol = bar - ExpectedServerName = server2 --server = 11-sni-npn-preferred-over-alpn-server-extra --server2 = 11-sni-npn-preferred-over-alpn-server2-extra --client = 11-sni-npn-preferred-over-alpn-client-extra -+server = 13-sni-npn-preferred-over-alpn-server-extra -+server2 = 13-sni-npn-preferred-over-alpn-server2-extra -+client = 13-sni-npn-preferred-over-alpn-client-extra - --[11-sni-npn-preferred-over-alpn-server-extra] -+[13-sni-npn-preferred-over-alpn-server-extra] - ALPNProtocols = foo - ServerNameCallback = IgnoreMismatch - --[11-sni-npn-preferred-over-alpn-server2-extra] -+[13-sni-npn-preferred-over-alpn-server2-extra] - NPNProtocols = bar - --[11-sni-npn-preferred-over-alpn-client-extra] -+[13-sni-npn-preferred-over-alpn-client-extra] - ALPNProtocols = foo - NPNProtocols = bar - ServerName = server2 -@@ -460,356 +527,356 @@ ServerName = server2 - - # =========================================================== - --[12-npn-simple-resumption] --ssl_conf = 12-npn-simple-resumption-ssl -+[14-npn-simple-resumption] -+ssl_conf = 14-npn-simple-resumption-ssl - --[12-npn-simple-resumption-ssl] --server = 12-npn-simple-resumption-server --client = 12-npn-simple-resumption-client --resume-server = 12-npn-simple-resumption-server --resume-client = 12-npn-simple-resumption-client -+[14-npn-simple-resumption-ssl] -+server = 14-npn-simple-resumption-server -+client = 14-npn-simple-resumption-client -+resume-server = 14-npn-simple-resumption-server -+resume-client = 14-npn-simple-resumption-client - --[12-npn-simple-resumption-server] -+[14-npn-simple-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[12-npn-simple-resumption-client] -+[14-npn-simple-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-12] -+[test-14] - ExpectedNPNProtocol = foo - HandshakeMode = Resume - ResumptionExpected = Yes --server = 12-npn-simple-resumption-server-extra --resume-server = 12-npn-simple-resumption-server-extra --client = 12-npn-simple-resumption-client-extra --resume-client = 12-npn-simple-resumption-client-extra -+server = 14-npn-simple-resumption-server-extra -+resume-server = 14-npn-simple-resumption-server-extra -+client = 14-npn-simple-resumption-client-extra -+resume-client = 14-npn-simple-resumption-client-extra - --[12-npn-simple-resumption-server-extra] -+[14-npn-simple-resumption-server-extra] - NPNProtocols = foo - --[12-npn-simple-resumption-client-extra] -+[14-npn-simple-resumption-client-extra] - NPNProtocols = foo - - - # =========================================================== - --[13-npn-server-switch-resumption] --ssl_conf = 13-npn-server-switch-resumption-ssl -+[15-npn-server-switch-resumption] -+ssl_conf = 15-npn-server-switch-resumption-ssl - --[13-npn-server-switch-resumption-ssl] --server = 13-npn-server-switch-resumption-server --client = 13-npn-server-switch-resumption-client --resume-server = 13-npn-server-switch-resumption-resume-server --resume-client = 13-npn-server-switch-resumption-client -+[15-npn-server-switch-resumption-ssl] -+server = 15-npn-server-switch-resumption-server -+client = 15-npn-server-switch-resumption-client -+resume-server = 15-npn-server-switch-resumption-resume-server -+resume-client = 15-npn-server-switch-resumption-client - --[13-npn-server-switch-resumption-server] -+[15-npn-server-switch-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[13-npn-server-switch-resumption-resume-server] -+[15-npn-server-switch-resumption-resume-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[13-npn-server-switch-resumption-client] -+[15-npn-server-switch-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-13] -+[test-15] - ExpectedNPNProtocol = baz - HandshakeMode = Resume - ResumptionExpected = Yes --server = 13-npn-server-switch-resumption-server-extra --resume-server = 13-npn-server-switch-resumption-resume-server-extra --client = 13-npn-server-switch-resumption-client-extra --resume-client = 13-npn-server-switch-resumption-client-extra -+server = 15-npn-server-switch-resumption-server-extra -+resume-server = 15-npn-server-switch-resumption-resume-server-extra -+client = 15-npn-server-switch-resumption-client-extra -+resume-client = 15-npn-server-switch-resumption-client-extra - --[13-npn-server-switch-resumption-server-extra] -+[15-npn-server-switch-resumption-server-extra] - NPNProtocols = bar,foo - --[13-npn-server-switch-resumption-resume-server-extra] -+[15-npn-server-switch-resumption-resume-server-extra] - NPNProtocols = baz,foo - --[13-npn-server-switch-resumption-client-extra] -+[15-npn-server-switch-resumption-client-extra] - NPNProtocols = foo,bar,baz - - - # =========================================================== - --[14-npn-client-switch-resumption] --ssl_conf = 14-npn-client-switch-resumption-ssl -+[16-npn-client-switch-resumption] -+ssl_conf = 16-npn-client-switch-resumption-ssl - --[14-npn-client-switch-resumption-ssl] --server = 14-npn-client-switch-resumption-server --client = 14-npn-client-switch-resumption-client --resume-server = 14-npn-client-switch-resumption-server --resume-client = 14-npn-client-switch-resumption-resume-client -+[16-npn-client-switch-resumption-ssl] -+server = 16-npn-client-switch-resumption-server -+client = 16-npn-client-switch-resumption-client -+resume-server = 16-npn-client-switch-resumption-server -+resume-client = 16-npn-client-switch-resumption-resume-client - --[14-npn-client-switch-resumption-server] -+[16-npn-client-switch-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[14-npn-client-switch-resumption-client] -+[16-npn-client-switch-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[14-npn-client-switch-resumption-resume-client] -+[16-npn-client-switch-resumption-resume-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-14] -+[test-16] - ExpectedNPNProtocol = bar - HandshakeMode = Resume - ResumptionExpected = Yes --server = 14-npn-client-switch-resumption-server-extra --resume-server = 14-npn-client-switch-resumption-server-extra --client = 14-npn-client-switch-resumption-client-extra --resume-client = 14-npn-client-switch-resumption-resume-client-extra -+server = 16-npn-client-switch-resumption-server-extra -+resume-server = 16-npn-client-switch-resumption-server-extra -+client = 16-npn-client-switch-resumption-client-extra -+resume-client = 16-npn-client-switch-resumption-resume-client-extra - --[14-npn-client-switch-resumption-server-extra] -+[16-npn-client-switch-resumption-server-extra] - NPNProtocols = foo,bar,baz - --[14-npn-client-switch-resumption-client-extra] -+[16-npn-client-switch-resumption-client-extra] - NPNProtocols = foo,baz - --[14-npn-client-switch-resumption-resume-client-extra] -+[16-npn-client-switch-resumption-resume-client-extra] - NPNProtocols = bar,baz - - - # =========================================================== - --[15-npn-client-first-pref-on-mismatch-resumption] --ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl -+[17-npn-client-first-pref-on-mismatch-resumption] -+ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl - --[15-npn-client-first-pref-on-mismatch-resumption-ssl] --server = 15-npn-client-first-pref-on-mismatch-resumption-server --client = 15-npn-client-first-pref-on-mismatch-resumption-client --resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server --resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client -+[17-npn-client-first-pref-on-mismatch-resumption-ssl] -+server = 17-npn-client-first-pref-on-mismatch-resumption-server -+client = 17-npn-client-first-pref-on-mismatch-resumption-client -+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server -+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client - --[15-npn-client-first-pref-on-mismatch-resumption-server] -+[17-npn-client-first-pref-on-mismatch-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[15-npn-client-first-pref-on-mismatch-resumption-resume-server] -+[17-npn-client-first-pref-on-mismatch-resumption-resume-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[15-npn-client-first-pref-on-mismatch-resumption-client] -+[17-npn-client-first-pref-on-mismatch-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-15] -+[test-17] - ExpectedNPNProtocol = foo - HandshakeMode = Resume - ResumptionExpected = Yes --server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra --resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra --client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra --resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra -+server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra -+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra -+client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra -+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra - --[15-npn-client-first-pref-on-mismatch-resumption-server-extra] -+[17-npn-client-first-pref-on-mismatch-resumption-server-extra] - NPNProtocols = bar - --[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] -+[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] - NPNProtocols = baz - --[15-npn-client-first-pref-on-mismatch-resumption-client-extra] -+[17-npn-client-first-pref-on-mismatch-resumption-client-extra] - NPNProtocols = foo,bar - - - # =========================================================== - --[16-npn-no-server-support-resumption] --ssl_conf = 16-npn-no-server-support-resumption-ssl -+[18-npn-no-server-support-resumption] -+ssl_conf = 18-npn-no-server-support-resumption-ssl - --[16-npn-no-server-support-resumption-ssl] --server = 16-npn-no-server-support-resumption-server --client = 16-npn-no-server-support-resumption-client --resume-server = 16-npn-no-server-support-resumption-resume-server --resume-client = 16-npn-no-server-support-resumption-client -+[18-npn-no-server-support-resumption-ssl] -+server = 18-npn-no-server-support-resumption-server -+client = 18-npn-no-server-support-resumption-client -+resume-server = 18-npn-no-server-support-resumption-resume-server -+resume-client = 18-npn-no-server-support-resumption-client - --[16-npn-no-server-support-resumption-server] -+[18-npn-no-server-support-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[16-npn-no-server-support-resumption-resume-server] -+[18-npn-no-server-support-resumption-resume-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[16-npn-no-server-support-resumption-client] -+[18-npn-no-server-support-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-16] -+[test-18] - HandshakeMode = Resume - ResumptionExpected = Yes --server = 16-npn-no-server-support-resumption-server-extra --client = 16-npn-no-server-support-resumption-client-extra --resume-client = 16-npn-no-server-support-resumption-client-extra -+server = 18-npn-no-server-support-resumption-server-extra -+client = 18-npn-no-server-support-resumption-client-extra -+resume-client = 18-npn-no-server-support-resumption-client-extra - --[16-npn-no-server-support-resumption-server-extra] -+[18-npn-no-server-support-resumption-server-extra] - NPNProtocols = foo - --[16-npn-no-server-support-resumption-client-extra] -+[18-npn-no-server-support-resumption-client-extra] - NPNProtocols = foo - - - # =========================================================== - --[17-npn-no-client-support-resumption] --ssl_conf = 17-npn-no-client-support-resumption-ssl -+[19-npn-no-client-support-resumption] -+ssl_conf = 19-npn-no-client-support-resumption-ssl - --[17-npn-no-client-support-resumption-ssl] --server = 17-npn-no-client-support-resumption-server --client = 17-npn-no-client-support-resumption-client --resume-server = 17-npn-no-client-support-resumption-server --resume-client = 17-npn-no-client-support-resumption-resume-client -+[19-npn-no-client-support-resumption-ssl] -+server = 19-npn-no-client-support-resumption-server -+client = 19-npn-no-client-support-resumption-client -+resume-server = 19-npn-no-client-support-resumption-server -+resume-client = 19-npn-no-client-support-resumption-resume-client - --[17-npn-no-client-support-resumption-server] -+[19-npn-no-client-support-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[17-npn-no-client-support-resumption-client] -+[19-npn-no-client-support-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[17-npn-no-client-support-resumption-resume-client] -+[19-npn-no-client-support-resumption-resume-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-17] -+[test-19] - HandshakeMode = Resume - ResumptionExpected = Yes --server = 17-npn-no-client-support-resumption-server-extra --resume-server = 17-npn-no-client-support-resumption-server-extra --client = 17-npn-no-client-support-resumption-client-extra -+server = 19-npn-no-client-support-resumption-server-extra -+resume-server = 19-npn-no-client-support-resumption-server-extra -+client = 19-npn-no-client-support-resumption-client-extra - --[17-npn-no-client-support-resumption-server-extra] -+[19-npn-no-client-support-resumption-server-extra] - NPNProtocols = foo - --[17-npn-no-client-support-resumption-client-extra] -+[19-npn-no-client-support-resumption-client-extra] - NPNProtocols = foo - - - # =========================================================== - --[18-alpn-preferred-over-npn-resumption] --ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl -+[20-alpn-preferred-over-npn-resumption] -+ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl - --[18-alpn-preferred-over-npn-resumption-ssl] --server = 18-alpn-preferred-over-npn-resumption-server --client = 18-alpn-preferred-over-npn-resumption-client --resume-server = 18-alpn-preferred-over-npn-resumption-resume-server --resume-client = 18-alpn-preferred-over-npn-resumption-client -+[20-alpn-preferred-over-npn-resumption-ssl] -+server = 20-alpn-preferred-over-npn-resumption-server -+client = 20-alpn-preferred-over-npn-resumption-client -+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server -+resume-client = 20-alpn-preferred-over-npn-resumption-client - --[18-alpn-preferred-over-npn-resumption-server] -+[20-alpn-preferred-over-npn-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[18-alpn-preferred-over-npn-resumption-resume-server] -+[20-alpn-preferred-over-npn-resumption-resume-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[18-alpn-preferred-over-npn-resumption-client] -+[20-alpn-preferred-over-npn-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-18] -+[test-20] - ExpectedALPNProtocol = foo - HandshakeMode = Resume - ResumptionExpected = Yes --server = 18-alpn-preferred-over-npn-resumption-server-extra --resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra --client = 18-alpn-preferred-over-npn-resumption-client-extra --resume-client = 18-alpn-preferred-over-npn-resumption-client-extra -+server = 20-alpn-preferred-over-npn-resumption-server-extra -+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra -+client = 20-alpn-preferred-over-npn-resumption-client-extra -+resume-client = 20-alpn-preferred-over-npn-resumption-client-extra - --[18-alpn-preferred-over-npn-resumption-server-extra] -+[20-alpn-preferred-over-npn-resumption-server-extra] - NPNProtocols = bar - --[18-alpn-preferred-over-npn-resumption-resume-server-extra] -+[20-alpn-preferred-over-npn-resumption-resume-server-extra] - ALPNProtocols = foo - NPNProtocols = baz - --[18-alpn-preferred-over-npn-resumption-client-extra] -+[20-alpn-preferred-over-npn-resumption-client-extra] - ALPNProtocols = foo - NPNProtocols = bar,baz - - - # =========================================================== - --[19-npn-used-if-alpn-not-supported-resumption] --ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl -+[21-npn-used-if-alpn-not-supported-resumption] -+ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl - --[19-npn-used-if-alpn-not-supported-resumption-ssl] --server = 19-npn-used-if-alpn-not-supported-resumption-server --client = 19-npn-used-if-alpn-not-supported-resumption-client --resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server --resume-client = 19-npn-used-if-alpn-not-supported-resumption-client -+[21-npn-used-if-alpn-not-supported-resumption-ssl] -+server = 21-npn-used-if-alpn-not-supported-resumption-server -+client = 21-npn-used-if-alpn-not-supported-resumption-client -+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server -+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client - --[19-npn-used-if-alpn-not-supported-resumption-server] -+[21-npn-used-if-alpn-not-supported-resumption-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[19-npn-used-if-alpn-not-supported-resumption-resume-server] -+[21-npn-used-if-alpn-not-supported-resumption-resume-server] - Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem - CipherString = DEFAULT - PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - --[19-npn-used-if-alpn-not-supported-resumption-client] -+[21-npn-used-if-alpn-not-supported-resumption-client] - CipherString = DEFAULT - MaxProtocol = TLSv1.2 - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - --[test-19] -+[test-21] - ExpectedNPNProtocol = baz - HandshakeMode = Resume - ResumptionExpected = Yes --server = 19-npn-used-if-alpn-not-supported-resumption-server-extra --resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra --client = 19-npn-used-if-alpn-not-supported-resumption-client-extra --resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra -+server = 21-npn-used-if-alpn-not-supported-resumption-server-extra -+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra -+client = 21-npn-used-if-alpn-not-supported-resumption-client-extra -+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra - --[19-npn-used-if-alpn-not-supported-resumption-server-extra] -+[21-npn-used-if-alpn-not-supported-resumption-server-extra] - ALPNProtocols = foo - NPNProtocols = bar - --[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] -+[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] - NPNProtocols = baz - --[19-npn-used-if-alpn-not-supported-resumption-client-extra] -+[21-npn-used-if-alpn-not-supported-resumption-client-extra] - ALPNProtocols = foo - NPNProtocols = bar,baz - -diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in -index 30783e45eb..1dc2704bdb 100644 ---- a/test/ssl-tests/08-npn.cnf.in -+++ b/test/ssl-tests/08-npn.cnf.in -@@ -110,6 +110,41 @@ our @tests = ( - "ExpectedNPNProtocol" => undef, - }, - }, -+ { -+ name => "npn-empty-client-list", -+ server => { -+ extra => { -+ "NPNProtocols" => "foo", -+ }, -+ }, -+ client => { -+ extra => { -+ "NPNProtocols" => "", -+ }, -+ "MaxProtocol" => "TLSv1.2" -+ }, -+ test => { -+ "ExpectedResult" => "ClientFail", -+ "ExpectedClientAlert" => "HandshakeFailure" -+ }, -+ }, -+ { -+ name => "npn-empty-server-list", -+ server => { -+ extra => { -+ "NPNProtocols" => "", -+ }, -+ }, -+ client => { -+ extra => { -+ "NPNProtocols" => "foo", -+ }, -+ "MaxProtocol" => "TLSv1.2" -+ }, -+ test => { -+ "ExpectedNPNProtocol" => "foo" -+ }, -+ }, - { - name => "npn-with-sni-no-context-switch", - server => { -diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf -index e7e6cb9534..dd668739ab 100644 ---- a/test/ssl-tests/09-alpn.cnf -+++ b/test/ssl-tests/09-alpn.cnf -@@ -1,6 +1,6 @@ - # Generated with generate_ssl_tests.pl - --num_tests = 16 -+num_tests = 18 - - test-0 = 0-alpn-simple - test-1 = 1-alpn-server-finds-match -@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption - test-13 = 13-alpn-alert-on-mismatch-resumption - test-14 = 14-alpn-no-server-support-resumption - test-15 = 15-alpn-no-client-support-resumption -+test-16 = 16-alpn-empty-client-list -+test-17 = 17-alpn-empty-server-list - # =========================================================== - - [0-alpn-simple] -@@ -617,3 +619,65 @@ ALPNProtocols = foo - ALPNProtocols = foo - - -+# =========================================================== -+ -+[16-alpn-empty-client-list] -+ssl_conf = 16-alpn-empty-client-list-ssl -+ -+[16-alpn-empty-client-list-ssl] -+server = 16-alpn-empty-client-list-server -+client = 16-alpn-empty-client-list-client -+ -+[16-alpn-empty-client-list-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[16-alpn-empty-client-list-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-16] -+server = 16-alpn-empty-client-list-server-extra -+client = 16-alpn-empty-client-list-client-extra -+ -+[16-alpn-empty-client-list-server-extra] -+ALPNProtocols = foo -+ -+[16-alpn-empty-client-list-client-extra] -+ALPNProtocols = -+ -+ -+# =========================================================== -+ -+[17-alpn-empty-server-list] -+ssl_conf = 17-alpn-empty-server-list-ssl -+ -+[17-alpn-empty-server-list-ssl] -+server = 17-alpn-empty-server-list-server -+client = 17-alpn-empty-server-list-client -+ -+[17-alpn-empty-server-list-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[17-alpn-empty-server-list-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-17] -+ExpectedResult = ServerFail -+ExpectedServerAlert = NoApplicationProtocol -+server = 17-alpn-empty-server-list-server-extra -+client = 17-alpn-empty-server-list-client-extra -+ -+[17-alpn-empty-server-list-server-extra] -+ALPNProtocols = -+ -+[17-alpn-empty-server-list-client-extra] -+ALPNProtocols = foo -+ -+ -diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in -index 81330756c6..322b7096a6 100644 ---- a/test/ssl-tests/09-alpn.cnf.in -+++ b/test/ssl-tests/09-alpn.cnf.in -@@ -322,4 +322,37 @@ our @tests = ( - "ExpectedALPNProtocol" => undef, - }, - }, -+ { -+ name => "alpn-empty-client-list", -+ server => { -+ extra => { -+ "ALPNProtocols" => "foo", -+ }, -+ }, -+ client => { -+ extra => { -+ "ALPNProtocols" => "", -+ }, -+ }, -+ test => { -+ "ExpectedALPNProtocol" => undef, -+ }, -+ }, -+ { -+ name => "alpn-empty-server-list", -+ server => { -+ extra => { -+ "ALPNProtocols" => "", -+ }, -+ }, -+ client => { -+ extra => { -+ "ALPNProtocols" => "foo", -+ }, -+ }, -+ test => { -+ "ExpectedResult" => "ServerFail", -+ "ExpectedServerAlert" => "NoApplicationProtocol", -+ }, -+ }, - ); --- -2.46.0 - diff --git a/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch b/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch deleted file mode 100644 index 97c28ee..0000000 --- a/0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 53f5677f358c4a4f69830d944ea40e71950673b8 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 10:41:55 +0100 -Subject: [PATCH 07/10] Correct return values for - tls_construct_stoc_next_proto_neg - -Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, -rather than EXT_RETURN_SENT. This actually makes no difference at all to -the current control flow since this return value is ignored in this case -anyway. But lets make it correct anyway. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - ssl/statem/extensions_srvr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 800654450e..66ed7dacf2 100644 ---- a/ssl/statem/extensions_srvr.c -+++ b/ssl/statem/extensions_srvr.c -@@ -1501,9 +1501,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, - return EXT_RETURN_FAIL; - } - s->s3.npn_seen = 1; -+ return EXT_RETURN_SENT; - } - -- return EXT_RETURN_SENT; -+ return EXT_RETURN_NOT_SENT; - } - #endif - --- -2.46.0 - diff --git a/0136-Add-ALPN-validation-in-the-client.patch b/0136-Add-ALPN-validation-in-the-client.patch deleted file mode 100644 index 1406860..0000000 --- a/0136-Add-ALPN-validation-in-the-client.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 195e15421df113d7283aab2ccff8b8fb06df5465 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 11:51:54 +0100 -Subject: [PATCH 08/10] Add ALPN validation in the client - -The ALPN protocol selected by the server must be one that we originally -advertised. We should verify that it is. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c -index 1ab3c13d57..ff9c009ee5 100644 ---- a/ssl/statem/extensions_clnt.c -+++ b/ssl/statem/extensions_clnt.c -@@ -1590,6 +1590,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) - { - size_t len; -+ PACKET confpkt, protpkt; -+ int valid = 0; - - /* We must have requested it. */ - if (!s->s3.alpn_sent) { -@@ -1608,6 +1610,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - return 0; - } -+ -+ /* It must be a protocol that we sent */ -+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { -+ if (PACKET_remaining(&protpkt) != len) -+ continue; -+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { -+ /* Valid protocol found */ -+ valid = 1; -+ break; -+ } -+ } -+ -+ if (!valid) { -+ /* The protocol sent from the server does not match one we advertised */ -+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); -+ return 0; -+ } -+ - OPENSSL_free(s->s3.alpn_selected); - s->s3.alpn_selected = OPENSSL_malloc(len); - if (s->s3.alpn_selected == NULL) { --- -2.46.0 - diff --git a/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch b/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch deleted file mode 100644 index 135fa25..0000000 --- a/0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch +++ /dev/null @@ -1,267 +0,0 @@ -From 7c95191434415d1c9b7fe9b130df13cce630b6b5 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 10:09:41 +0100 -Subject: [PATCH 09/10] Add explicit testing of ALN and NPN in sslapitest - -We already had some tests elsewhere - but this extends that testing with -additional tests. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - test/sslapitest.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 229 insertions(+) - -diff --git a/test/sslapitest.c b/test/sslapitest.c -index 15cb9060cb..7a55a2b721 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -11877,6 +11877,231 @@ static int test_select_next_proto(int idx) - return ret; - } - -+static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; -+static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; -+ -+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) -+static int npn_advert_cb(SSL *ssl, const unsigned char **out, -+ unsigned int *outlen, void *arg) -+{ -+ int *idx = (int *)arg; -+ -+ switch (*idx) { -+ default: -+ case 0: -+ *out = fooprot; -+ *outlen = sizeof(fooprot); -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 1: -+ *outlen = 0; -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 2: -+ return SSL_TLSEXT_ERR_NOACK; -+ } -+} -+ -+static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, -+ const unsigned char *in, unsigned int inlen, void *arg) -+{ -+ int *idx = (int *)arg; -+ -+ switch (*idx) { -+ case 0: -+ case 1: -+ *out = (unsigned char *)(fooprot + 1); -+ *outlen = *fooprot; -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 3: -+ *out = (unsigned char *)(barprot + 1); -+ *outlen = *barprot; -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 4: -+ *outlen = 0; -+ return SSL_TLSEXT_ERR_OK; -+ -+ default: -+ case 2: -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+} -+ -+/* -+ * Test the NPN callbacks -+ * Test 0: advert = foo, select = foo -+ * Test 1: advert = , select = foo -+ * Test 2: no advert -+ * Test 3: advert = foo, select = bar -+ * Test 4: advert = foo, select = (should fail) -+ */ -+static int test_npn(int idx) -+{ -+ SSL_CTX *sctx = NULL, *cctx = NULL; -+ SSL *serverssl = NULL, *clientssl = NULL; -+ int testresult = 0; -+ -+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), -+ TLS_client_method(), 0, TLS1_2_VERSION, -+ &sctx, &cctx, cert, privkey))) -+ goto end; -+ -+ SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); -+ SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); -+ -+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, -+ NULL))) -+ goto end; -+ -+ if (idx == 4) { -+ /* We don't allow empty selection of NPN, so this should fail */ -+ if (!TEST_false(create_ssl_connection(serverssl, clientssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ } else { -+ const unsigned char *prot; -+ unsigned int protlen; -+ -+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ -+ SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); -+ switch (idx) { -+ case 0: -+ case 1: -+ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) -+ goto end; -+ break; -+ case 2: -+ if (!TEST_uint_eq(protlen, 0)) -+ goto end; -+ break; -+ case 3: -+ if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot)) -+ goto end; -+ break; -+ default: -+ TEST_error("Should not get here"); -+ goto end; -+ } -+ } -+ -+ testresult = 1; -+ end: -+ SSL_free(serverssl); -+ SSL_free(clientssl); -+ SSL_CTX_free(sctx); -+ SSL_CTX_free(cctx); -+ -+ return testresult; -+} -+#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ -+ -+static int alpn_select_cb2(SSL *ssl, const unsigned char **out, -+ unsigned char *outlen, const unsigned char *in, -+ unsigned int inlen, void *arg) -+{ -+ int *idx = (int *)arg; -+ -+ switch (*idx) { -+ case 0: -+ *out = (unsigned char *)(fooprot + 1); -+ *outlen = *fooprot; -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 2: -+ *out = (unsigned char *)(barprot + 1); -+ *outlen = *barprot; -+ return SSL_TLSEXT_ERR_OK; -+ -+ case 3: -+ *outlen = 0; -+ return SSL_TLSEXT_ERR_OK; -+ -+ default: -+ case 1: -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ return 0; -+} -+ -+/* -+ * Test the ALPN callbacks -+ * Test 0: client = foo, select = foo -+ * Test 1: client = , select = none -+ * Test 2: client = foo, select = bar (should fail) -+ * Test 3: client = foo, select = (should fail) -+ */ -+static int test_alpn(int idx) -+{ -+ SSL_CTX *sctx = NULL, *cctx = NULL; -+ SSL *serverssl = NULL, *clientssl = NULL; -+ int testresult = 0; -+ const unsigned char *prots = fooprot; -+ unsigned int protslen = sizeof(fooprot); -+ -+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), -+ TLS_client_method(), 0, 0, -+ &sctx, &cctx, cert, privkey))) -+ goto end; -+ -+ SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); -+ -+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, -+ NULL))) -+ goto end; -+ -+ if (idx == 1) { -+ prots = NULL; -+ protslen = 0; -+ } -+ -+ /* SSL_set_alpn_protos returns 0 for success! */ -+ if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen))) -+ goto end; -+ -+ if (idx == 2 || idx == 3) { -+ /* We don't allow empty selection of NPN, so this should fail */ -+ if (!TEST_false(create_ssl_connection(serverssl, clientssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ } else { -+ const unsigned char *prot; -+ unsigned int protlen; -+ -+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ -+ SSL_get0_alpn_selected(clientssl, &prot, &protlen); -+ switch (idx) { -+ case 0: -+ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) -+ goto end; -+ break; -+ case 1: -+ if (!TEST_uint_eq(protlen, 0)) -+ goto end; -+ break; -+ default: -+ TEST_error("Should not get here"); -+ goto end; -+ } -+ } -+ -+ testresult = 1; -+ end: -+ SSL_free(serverssl); -+ SSL_free(clientssl); -+ SSL_CTX_free(sctx); -+ SSL_CTX_free(cctx); -+ -+ return testresult; -+} -+ - OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") - - int setup_tests(void) -@@ -12190,6 +12415,10 @@ int setup_tests(void) - ADD_TEST(test_data_retry); - ADD_ALL_TESTS(test_multi_resume, 5); - ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); -+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) -+ ADD_ALL_TESTS(test_npn, 5); -+#endif -+ ADD_ALL_TESTS(test_alpn, 4); - return 1; - - err: --- -2.46.0 - diff --git a/0138-Add-a-test-for-an-empty-NextProto-message.patch b/0138-Add-a-test-for-an-empty-NextProto-message.patch deleted file mode 100644 index 923ec66..0000000 --- a/0138-Add-a-test-for-an-empty-NextProto-message.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 301b870546d1c7b2d8f0d66e04a2596142f0399f Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 14:29:26 +0100 -Subject: [PATCH 10/10] Add a test for an empty NextProto message - -It is valid according to the spec for a NextProto message to have no -protocols listed in it. The OpenSSL implementation however does not allow -us to create such a message. In order to check that we work as expected -when communicating with a client that does generate such messages we have -to use a TLSProxy test. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24717) ---- - test/recipes/70-test_npn.t | 73 +++++++++++++++++++++++++++++++++ - util/perl/TLSProxy/Message.pm | 9 ++++ - util/perl/TLSProxy/NextProto.pm | 54 ++++++++++++++++++++++++ - util/perl/TLSProxy/Proxy.pm | 1 + - 4 files changed, 137 insertions(+) - create mode 100644 test/recipes/70-test_npn.t - create mode 100644 util/perl/TLSProxy/NextProto.pm - -diff --git a/test/recipes/70-test_npn.t b/test/recipes/70-test_npn.t -new file mode 100644 -index 0000000000..f82e71af6a ---- /dev/null -+++ b/test/recipes/70-test_npn.t -@@ -0,0 +1,73 @@ -+#! /usr/bin/env perl -+# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use strict; -+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; -+use OpenSSL::Test::Utils; -+ -+use TLSProxy::Proxy; -+ -+my $test_name = "test_npn"; -+setup($test_name); -+ -+plan skip_all => "TLSProxy isn't usable on $^O" -+ if $^O =~ /^(VMS)$/; -+ -+plan skip_all => "$test_name needs the dynamic engine feature enabled" -+ if disabled("engine") || disabled("dynamic-engine"); -+ -+plan skip_all => "$test_name needs the sock feature enabled" -+ if disabled("sock"); -+ -+plan skip_all => "$test_name needs NPN enabled" -+ if disabled("nextprotoneg"); -+ -+plan skip_all => "$test_name needs TLSv1.2 enabled" -+ if disabled("tls1_2"); -+ -+my $proxy = TLSProxy::Proxy->new( -+ undef, -+ cmdstr(app(["openssl"]), display => 1), -+ srctop_file("apps", "server.pem"), -+ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) -+); -+ -+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -+plan tests => 1; -+ -+my $npnseen = 0; -+ -+# Test 1: Check sending an empty NextProto message from the client works. This is -+# valid as per the spec, but OpenSSL does not allow you to send it. -+# Therefore we must be prepared to receive such a message but we cannot -+# generate it except via TLSProxy -+$proxy->clear(); -+$proxy->filter(\&npn_filter); -+$proxy->clientflags("-nextprotoneg foo -no_tls1_3"); -+$proxy->serverflags("-nextprotoneg foo"); -+$proxy->start(); -+ok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); -+ -+sub npn_filter -+{ -+ my $proxy = shift; -+ my $message; -+ -+ # The NextProto message always appears in flight 2 -+ return if $proxy->flight != 2; -+ -+ foreach my $message (@{$proxy->message_list}) { -+ if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { -+ # Our TLSproxy NextProto message support doesn't support parsing of -+ # the message. If we repack it just creates an empty NextProto -+ # message - which is exactly the scenario we want to test here. -+ $message->repack(); -+ $npnseen = 1; -+ } -+ } -+} -diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm -index ce22187569..fb41b2ffc8 100644 ---- a/util/perl/TLSProxy/Message.pm -+++ b/util/perl/TLSProxy/Message.pm -@@ -384,6 +384,15 @@ sub create_message - [@message_frag_lens] - ); - $message->parse(); -+ } elsif ($mt == MT_NEXT_PROTO) { -+ $message = TLSProxy::NextProto->new( -+ $server, -+ $data, -+ [@message_rec_list], -+ $startoffset, -+ [@message_frag_lens] -+ ); -+ $message->parse(); - } else { - #Unknown message type - $message = TLSProxy::Message->new( -diff --git a/util/perl/TLSProxy/NextProto.pm b/util/perl/TLSProxy/NextProto.pm -new file mode 100644 -index 0000000000..0e18347546 ---- /dev/null -+++ b/util/perl/TLSProxy/NextProto.pm -@@ -0,0 +1,54 @@ -+# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use strict; -+ -+package TLSProxy::NextProto; -+ -+use vars '@ISA'; -+push @ISA, 'TLSProxy::Message'; -+ -+sub new -+{ -+ my $class = shift; -+ my ($server, -+ $data, -+ $records, -+ $startoffset, -+ $message_frag_lens) = @_; -+ -+ my $self = $class->SUPER::new( -+ $server, -+ TLSProxy::Message::MT_NEXT_PROTO, -+ $data, -+ $records, -+ $startoffset, -+ $message_frag_lens); -+ -+ return $self; -+} -+ -+sub parse -+{ -+ # We don't support parsing at the moment -+} -+ -+# This is supposed to reconstruct the on-the-wire message data following changes. -+# For now though since we don't support parsing we just create an empty NextProto -+# message - this capability is used in test_npn -+sub set_message_contents -+{ -+ my $self = shift; -+ my $data; -+ -+ $data = pack("C32", 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00); -+ $self->data($data); -+} -+1; -diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm -index 3de10eccb9..b707722b6b 100644 ---- a/util/perl/TLSProxy/Proxy.pm -+++ b/util/perl/TLSProxy/Proxy.pm -@@ -23,6 +23,7 @@ use TLSProxy::CertificateRequest; - use TLSProxy::CertificateVerify; - use TLSProxy::ServerKeyExchange; - use TLSProxy::NewSessionTicket; -+use TLSProxy::NextProto; - - my $have_IPv6; - my $IP_factory; --- -2.46.0 - diff --git a/0139-CVE-2024-6119.patch b/0139-CVE-2024-6119.patch deleted file mode 100644 index a39106a..0000000 --- a/0139-CVE-2024-6119.patch +++ /dev/null @@ -1,233 +0,0 @@ -diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c -index 1a18174995..a09414c972 100644 ---- a/crypto/x509/v3_utl.c -+++ b/crypto/x509/v3_utl.c -@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, - ASN1_STRING *cstr; - - gen = sk_GENERAL_NAME_value(gens, i); -- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { -- if (OBJ_obj2nid(gen->d.otherName->type_id) == -- NID_id_on_SmtpUTF8Mailbox) { -- san_present = 1; -- -- /* -- * If it is not a UTF8String then that is unexpected and we -- * treat it as no match -- */ -- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { -- cstr = gen->d.otherName->value->value.utf8string; -- -- /* Positive on success, negative on error! */ -- if ((rv = do_check_string(cstr, 0, equal, flags, -- chk, chklen, peername)) != 0) -- break; -- } -- } else -+ switch (gen->type) { -+ default: -+ continue; -+ case GEN_OTHERNAME: -+ switch (OBJ_obj2nid(gen->d.otherName->type_id)) { -+ default: - continue; -- } else { -- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) -+ case NID_id_on_SmtpUTF8Mailbox: -+ /*- -+ * https://datatracker.ietf.org/doc/html/rfc8398#section-3 -+ * -+ * Due to name constraint compatibility reasons described -+ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT -+ * be used unless the local-part of the email address -+ * contains non-ASCII characters. When the local-part is -+ * ASCII, rfc822Name subjectAltName MUST be used instead -+ * of SmtpUTF8Mailbox. This is compatible with legacy -+ * software that supports only rfc822Name (and not -+ * SmtpUTF8Mailbox). [...] -+ * -+ * SmtpUTF8Mailbox is encoded as UTF8String. -+ * -+ * If it is not a UTF8String then that is unexpected, and -+ * we ignore the invalid SAN (neither set san_present nor -+ * consider it a candidate for equality). This does mean -+ * that the subject CN may be considered, as would be the -+ * case when the malformed SmtpUtf8Mailbox SAN is instead -+ * simply absent. -+ * -+ * When CN-ID matching is not desirable, applications can -+ * choose to turn it off, doing so is at this time a best -+ * practice. -+ */ -+ if (check_type != GEN_EMAIL -+ || gen->d.otherName->value->type != V_ASN1_UTF8STRING) -+ continue; -+ alt_type = 0; -+ cstr = gen->d.otherName->value->value.utf8string; -+ break; -+ } -+ break; -+ case GEN_EMAIL: -+ if (check_type != GEN_EMAIL) - continue; -- } -- san_present = 1; -- if (check_type == GEN_EMAIL) - cstr = gen->d.rfc822Name; -- else if (check_type == GEN_DNS) -+ break; -+ case GEN_DNS: -+ if (check_type != GEN_DNS) -+ continue; - cstr = gen->d.dNSName; -- else -+ break; -+ case GEN_IPADD: -+ if (check_type != GEN_IPADD) -+ continue; - cstr = gen->d.iPAddress; -+ break; -+ } -+ san_present = 1; - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, alt_type, equal, flags, - chk, chklen, peername)) != 0) -diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t -index 522982ddfb..e18735d89a 100644 ---- a/test/recipes/25-test_eai_data.t -+++ b/test/recipes/25-test_eai_data.t -@@ -21,16 +21,18 @@ setup("test_eai_data"); - #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem - #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem - --plan tests => 12; -+plan tests => 16; - - require_ok(srctop_file('test','recipes','tconversion.pl')); - my $folder = "test/recipes/25-test_eai_data"; - - my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); - my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); -+my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); - - my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); - my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); -+my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); - - my $out; - my $outcnt = 0; -@@ -56,10 +58,18 @@ SKIP: { - - ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); - ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); - - ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); - ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); - -+# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. -+ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+ - #Check that we get the expected failure return code - with({ exit_checker => sub { return shift == 2; } }, - sub { -diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem -new file mode 100644 -index 0000000000..e8a2c6f55d ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc-cert.pem -@@ -0,0 +1,21 @@ -+-----BEGIN CERTIFICATE----- -+MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 -+MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU -+RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+ -+6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry -+BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8 -+vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx -+Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT -+7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9 -+3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj -+te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG -+AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU -+RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA -+ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA -+T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb -+iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU -+UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1 -+El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9 -+0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI -+oDQ9fKfUOAmUFth2/R/eGA== -+-----END CERTIFICATE----- -diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem -new file mode 100644 -index 0000000000..a74c96bf31 ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem -@@ -0,0 +1,16 @@ -+-----BEGIN CERTIFICATE----- -+MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS -+b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD -+DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj -+61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0 -+qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK -+MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS -+dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj -+3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7 -+pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI -+lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT -+Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl -+KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW -+7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS -+vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8 -+-----END CERTIFICATE----- -diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh -new file mode 100755 -index 0000000000..7a8dbc719f ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc.sh -@@ -0,0 +1,41 @@ -+#! /usr/bin/env bash -+ -+# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and -+# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS -+# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should -+# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox` -+# should likewise lead to ASAN issues with email name checks. -+ -+rm -f root-key.pem root-cert.pem -+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \ -+ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem -+ -+exts=$( -+ printf "%s\n%s\n%s\n%s = " \ -+ "subjectKeyIdentifier = hash" \ -+ "authorityKeyIdentifier = keyid" \ -+ "basicConstraints = CA:false" \ -+ "subjectAltName" -+ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name" -+ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com" -+ printf "%s, " "email:joe@example.com" -+ printf "%s\n" "DNS:mx1.example.com" -+ printf "[kdc_princ_name]\n" -+ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n" -+ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n" -+ printf "[kdc_principal_seq]\n" -+ printf "name_type = EXP:0, INTEGER:1\n" -+ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n" -+ printf "[kdc_principal_components]\n" -+ printf "princ1 = GeneralString:krbtgt\n" -+ printf "princ2 = GeneralString:TEST.EXAMPLE\n" -+ ) -+ -+printf "%s\n" "$exts" -+ -+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \ -+ -subj "/CN=TEST.EXAMPLE" | -+ openssl x509 -req -out kdc-cert.pem \ -+ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \ -+ -set_serial 2 -days 36524 \ -+ -extfile <(printf "%s\n" "$exts") diff --git a/0140-prov_no-cache.patch b/0140-prov_no-cache.patch deleted file mode 100644 index 3dee746..0000000 --- a/0140-prov_no-cache.patch +++ /dev/null @@ -1,103 +0,0 @@ -diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c -index d311158d77589..70715e7d6a99c 100644 ---- a/crypto/core_fetch.c -+++ b/crypto/core_fetch.c -@@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, - * It is *expected* that the put function increments the refcnt - * of the passed method. - */ -- data->mcm->put(data->store, method, provider, algo->algorithm_names, -+ data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names, - algo->property_definition, data->mcm_data); - - /* refcnt-- because we're dropping the reference */ -diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf -new file mode 100644 -index 0000000000000..cf5ca8d114151 ---- /dev/null -+++ b/test/nocache-and-default.cnf -@@ -0,0 +1,18 @@ -+openssl_conf = openssl_init -+ -+# Comment out the next line to ignore configuration errors -+config_diagnostics = 1 -+ -+[openssl_init] -+providers = provider_sect -+ -+[provider_sect] -+test = test_sect -+default = default_sect -+ -+[test_sect] -+module = ../test/p_test.so -+activate = true -+ -+[default_sect] -+activate = true -diff --git a/test/p_test.c b/test/p_test.c -index 2d20190d4d57b..05f71ec8347c0 100644 ---- a/test/p_test.c -+++ b/test/p_test.c -@@ -230,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_) - return reason_strings; - } - -+static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov, -+ int operation_id, -+ int *no_cache) -+{ -+ *no_cache = 1; -+ return NULL; -+} -+ - static const OSSL_DISPATCH p_test_table[] = { - { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params }, - { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params }, - { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, - (void (*)(void))p_get_reason_strings}, - { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, -+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, - OSSL_DISPATCH_END - }; - -diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t -new file mode 100644 -index 0000000000000..734e44ec8c2e1 ---- /dev/null -+++ b/test/recipes/20-test_nocache.t -@@ -0,0 +1,34 @@ -+#! /usr/bin/env perl -+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use strict; -+use warnings; -+ -+use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; -+use OpenSSL::Test::Utils; -+ -+setup("test_nocache"); -+ -+plan tests => 4; -+ -+ok(run(app(["openssl", "list", "-mac-algorithms"], -+ stdout => "listout.txt")), -+"List mac algorithms - default configuration"); -+open DATA, "listout.txt"; -+my @match = grep /MAC/, ; -+close DATA; -+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration"); -+ -+$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf"); -+ok(run(app(["openssl", "list", "-mac-algorithms"], -+ stdout => "listout.txt")), -+"List mac algorithms"); -+open DATA, "listout.txt"; -+my @match = grep /MAC/, ; -+close DATA; -+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default"); diff --git a/0141-print-pq-group.patch b/0141-print-pq-group.patch deleted file mode 100644 index e834823..0000000 --- a/0141-print-pq-group.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c -index 3b3c0dd0b38f5..026315406e298 100644 ---- a/apps/lib/s_cb.c -+++ b/apps/lib/s_cb.c -@@ -418,8 +418,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s) - { - EVP_PKEY *key; - -- if (!SSL_get_peer_tmp_key(s, &key)) -+ if (!SSL_get_peer_tmp_key(s, &key)) { -+ if (SSL_version(s) == TLS1_3_VERSION) -+ BIO_printf(out, "Negotiated TLS1.3 group: %s\n", -+ SSL_group_to_name(s, SSL_get_negotiated_group(s))); - return 1; -+ } -+ - BIO_puts(out, "Server Temp Key: "); - switch (EVP_PKEY_get_id(key)) { - case EVP_PKEY_RSA: -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index b98464256e..eb3d7e24f6 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -3734,7 +3734,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) - if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex) - id = sc->s3.group_id; - else -- id = sc->session->kex_group; -+ id = (sc->session != NULL) ? sc->session->kex_group : NID_undef; - ret = tls1_group_id2nid(id, 1); - break; - } diff --git a/0142-CVE-2024-13176-Minerva.patch b/0142-CVE-2024-13176-Minerva.patch deleted file mode 100644 index 4dbe652..0000000 --- a/0142-CVE-2024-13176-Minerva.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c -index b876edbfac36e..af52e2ced6914 100644 ---- a/crypto/bn/bn_exp.c -+++ b/crypto/bn/bn_exp.c -@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - * out by Colin Percival, - * http://www.daemonology.net/hyperthreading-considered-harmful/) - */ --int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -+int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) - { -@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - unsigned int t4 = 0; - #endif - -- bn_check_top(a); -- bn_check_top(p); -- bn_check_top(m); -- - if (!BN_is_odd(m)) { - ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); - return 0; -@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - goto err; - } else - #endif -- if (!BN_from_montgomery(rr, &tmp, mont, ctx)) -+ if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) - goto err; - ret = 1; - err: -@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - return ret; - } - -+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont) -+{ -+ bn_check_top(a); -+ bn_check_top(p); -+ bn_check_top(m); -+ if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont)) -+ return 0; -+ bn_correct_top(rr); -+ return 1; -+} -+ - int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) - { -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 19384eba186b5..3f8d65c1bf1a1 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -21,6 +21,7 @@ - #include - #include - #include "crypto/ec.h" -+#include "crypto/bn.h" - #include "internal/nelem.h" - #include "ec_local.h" - -@@ -1265,10 +1266,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, - if (!BN_sub(e, group->order, e)) - goto err; - /*- -- * Exponent e is public. -- * No need for scatter-gather or BN_FLG_CONSTTIME. -+ * Although the exponent is public we want the result to be -+ * fixed top. - */ -- if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) -+ if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data)) - goto err; - - ret = 1; -diff --git a/include/crypto/bn.h b/include/crypto/bn.h -index 47d9b44f879f0..bdee28625ce60 100644 ---- a/include/crypto/bn.h -+++ b/include/crypto/bn.h -@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); - */ - int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); -+int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont); - int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); - int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, diff --git a/0143-CVE-2024-12797.patch b/0143-CVE-2024-12797.patch deleted file mode 100644 index 0f618e9..0000000 --- a/0143-CVE-2024-12797.patch +++ /dev/null @@ -1,238 +0,0 @@ -diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c -index 436b397346..df2eed7594 100644 ---- a/ssl/statem/statem_clnt.c -+++ b/ssl/statem/statem_clnt.c -@@ -1910,6 +1910,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, - { - size_t certidx; - const SSL_CERT_LOOKUP *clu; -+ int v_ok; - - if (sc->session->peer_rpk == NULL) { - SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, -@@ -1919,9 +1920,19 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, - - if (sc->rwstate == SSL_RETRY_VERIFY) - sc->rwstate = SSL_NOTHING; -- if (ssl_verify_rpk(sc, sc->session->peer_rpk) > 0 -- && sc->rwstate == SSL_RETRY_VERIFY) -+ -+ ERR_set_mark(); -+ v_ok = ssl_verify_rpk(sc, sc->session->peer_rpk); -+ if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) { -+ ERR_clear_last_mark(); -+ SSLfatal(sc, ssl_x509err2alert(sc->verify_result), -+ SSL_R_CERTIFICATE_VERIFY_FAILED); -+ return WORK_ERROR; -+ } -+ ERR_pop_to_mark(); /* but we keep s->verify_result */ -+ if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) { - return WORK_MORE_A; -+ } - - if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx, - SSL_CONNECTION_GET_CTX(sc))) == NULL) { -@@ -2071,10 +2082,7 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, - - if (s->rwstate == SSL_RETRY_VERIFY) - s->rwstate = SSL_NOTHING; -- i = ssl_verify_cert_chain(s, s->session->peer_chain); -- if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) { -- return WORK_MORE_A; -- } -+ - /* - * The documented interface is that SSL_VERIFY_PEER should be set in order - * for client side verification of the server certificate to take place. -@@ -2089,12 +2097,17 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, - * (less clean) historic behaviour of performing validation if any flag is - * set. The *documented* interface remains the same. - */ -- if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { -+ ERR_set_mark(); -+ i = ssl_verify_cert_chain(s, s->session->peer_chain); -+ if (i <= 0 && s->verify_mode != SSL_VERIFY_NONE) { -+ ERR_clear_last_mark(); - SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); - return WORK_ERROR; - } -- ERR_clear_error(); /* but we keep s->verify_result */ -+ ERR_pop_to_mark(); /* but we keep s->verify_result */ -+ if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) -+ return WORK_MORE_A; - - /* - * Inconsistency alert: cert_chain does include the peer's certificate, -diff --git a/test/rpktest.c b/test/rpktest.c -index ac824798f1..624d366508 100644 ---- a/test/rpktest.c -+++ b/test/rpktest.c -@@ -89,12 +89,14 @@ static int rpk_verify_server_cb(int ok, X509_STORE_CTX *ctx) - * idx = 13 - resumption with client authentication - * idx = 14 - resumption with client authentication, no ticket - * idx = 15 - like 0, but use non-default libctx -+ * idx = 16 - like 7, but with SSL_VERIFY_PEER connection should fail -+ * idx = 17 - like 8, but with SSL_VERIFY_PEER connection should fail - * -- * 16 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests -+ * 18 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests - */ - static int test_rpk(int idx) - { --# define RPK_TESTS 16 -+# define RPK_TESTS 18 - # define RPK_DIMS (2 * 4 * 2 * 2 * 2 * 2) - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; -@@ -114,6 +116,7 @@ static int test_rpk(int idx) - int idx_cert, idx_prot; - int client_auth = 0; - int resumption = 0; -+ int want_error = SSL_ERROR_NONE; - long server_verify_result = 0; - long client_verify_result = 0; - OSSL_LIB_CTX *test_libctx = NULL; -@@ -188,7 +191,7 @@ static int test_rpk(int idx) - #ifdef OPENSSL_NO_ECDSA - /* Can't get other_key if it's ECDSA */ - if (other_pkey == NULL && idx_cert == 0 -- && (idx == 4 || idx == 6 || idx == 7)) { -+ && (idx == 4 || idx == 6 || idx == 7 || idx == 16)) { - testresult = TEST_skip("EDCSA disabled"); - goto end; - } -@@ -266,8 +269,10 @@ static int test_rpk(int idx) - goto end; - /* Only a private key */ - if (idx == 1) { -- if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0) -+ if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0) { - expected = 0; -+ want_error = SSL_ERROR_SSL; -+ } - } else { - /* Add certificate */ - if (!TEST_int_eq(SSL_use_certificate_file(serverssl, cert_file, SSL_FILETYPE_PEM), 1)) -@@ -333,12 +338,14 @@ static int test_rpk(int idx) - client_expected = -1; - if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey))) - goto end; -+ SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb); - client_verify_result = X509_V_ERR_DANE_NO_MATCH; - break; - case 8: - if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) - client_expected = -1; - /* no peer keys */ -+ SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb); - client_verify_result = X509_V_ERR_RPK_UNTRUSTED; - break; - case 9: -@@ -370,9 +377,13 @@ static int test_rpk(int idx) - if (!TEST_int_eq(SSL_use_PrivateKey_file(clientssl, privkey_file, SSL_FILETYPE_PEM), 1)) - goto end; - /* Since there's no cert, this is expected to fail without RPK support */ -- if (!idx_server_client_rpk || !idx_client_client_rpk) -+ if (!idx_server_client_rpk || !idx_client_client_rpk) { - expected = 0; -- SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb); -+ want_error = SSL_ERROR_SSL; -+ SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); -+ } else { -+ SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb); -+ } - client_auth = 1; - break; - case 11: -@@ -449,31 +460,52 @@ static int test_rpk(int idx) - if (!TEST_true(SSL_add_expected_rpk(clientssl, pkey))) - goto end; - break; -+ case 16: -+ if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) { -+ /* wrong expected server key */ -+ expected = 0; -+ want_error = SSL_ERROR_SSL; -+ SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); -+ } -+ if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey))) -+ goto end; -+ break; -+ case 17: -+ if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) { -+ /* no expected server keys */ -+ expected = 0; -+ want_error = SSL_ERROR_SSL; -+ SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); -+ } -+ break; - } - -- ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); -+ ret = create_ssl_connection(serverssl, clientssl, want_error); - if (!TEST_int_eq(expected, ret)) - goto end; - -+ if (expected <= 0) { -+ testresult = 1; -+ goto end; -+ } -+ - /* Make sure client gets RPK or certificate as configured */ -- if (expected == 1) { -- if (idx_server_server_rpk && idx_client_server_rpk) { -- if (!TEST_long_eq(SSL_get_verify_result(clientssl), client_verify_result)) -- goto end; -- if (!TEST_ptr(SSL_get0_peer_rpk(clientssl))) -- goto end; -- if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_rpk)) -- goto end; -- if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_rpk)) -- goto end; -- } else { -- if (!TEST_ptr(SSL_get0_peer_certificate(clientssl))) -- goto end; -- if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_x509)) -- goto end; -- if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_x509)) -- goto end; -- } -+ if (idx_server_server_rpk && idx_client_server_rpk) { -+ if (!TEST_long_eq(SSL_get_verify_result(clientssl), client_verify_result)) -+ goto end; -+ if (!TEST_ptr(SSL_get0_peer_rpk(clientssl))) -+ goto end; -+ if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_rpk)) -+ goto end; -+ if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_rpk)) -+ goto end; -+ } else { -+ if (!TEST_ptr(SSL_get0_peer_certificate(clientssl))) -+ goto end; -+ if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_x509)) -+ goto end; -+ if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_x509)) -+ goto end; - } - - if (idx == 9) { -@@ -500,8 +532,7 @@ static int test_rpk(int idx) - if (!TEST_int_eq(SSL_get_negotiated_client_cert_type(clientssl), TLSEXT_cert_type_rpk)) - goto end; - } else { -- /* only if connection is expected to succeed */ -- if (expected == 1 && !TEST_ptr(SSL_get0_peer_certificate(serverssl))) -+ if (!TEST_ptr(SSL_get0_peer_certificate(serverssl))) - goto end; - if (!TEST_int_eq(SSL_get_negotiated_client_cert_type(serverssl), TLSEXT_cert_type_x509)) - goto end; -@@ -591,7 +622,7 @@ static int test_rpk(int idx) - } - - ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); -- if (!TEST_int_eq(expected, ret)) -+ if (!TEST_true(ret)) - goto end; - verify = SSL_get_verify_result(clientssl); - if (!TEST_int_eq(client_expected, verify)) diff --git a/Makefile.certificate b/Makefile.certificate deleted file mode 100644 index cc88c52..0000000 --- a/Makefile.certificate +++ /dev/null @@ -1,82 +0,0 @@ -UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) -DAYS=365 -KEYLEN=2048 -TYPE=rsa:$(KEYLEN) -EXTRA_FLAGS= -ifdef SERIAL - EXTRA_FLAGS+=-set_serial $(SERIAL) -endif - -.PHONY: usage -.SUFFIXES: .key .csr .crt .pem -.PRECIOUS: %.key %.csr %.crt %.pem - -usage: - @echo "This makefile allows you to create:" - @echo " o public/private key pairs" - @echo " o SSL certificate signing requests (CSRs)" - @echo " o self-signed SSL test certificates" - @echo - @echo "To create a key pair, run \"make SOMETHING.key\"." - @echo "To create a CSR, run \"make SOMETHING.csr\"." - @echo "To create a test certificate, run \"make SOMETHING.crt\"." - @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." - @echo - @echo "To create a key for use with Apache, run \"make genkey\"." - @echo "To create a CSR for use with Apache, run \"make certreq\"." - @echo "To create a test certificate for use with Apache, run \"make testcert\"." - @echo - @echo "To create a test certificate with serial number other than random, add SERIAL=num" - @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" - @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" - @echo - @echo Examples: - @echo " make server.key" - @echo " make server.csr" - @echo " make server.crt" - @echo " make stunnel.pem" - @echo " make genkey" - @echo " make certreq" - @echo " make testcert" - @echo " make server.crt SERIAL=1" - @echo " make stunnel.pem EXTRA_FLAGS=-sha384" - @echo " make testcert DAYS=600" - -%.pem: - umask 77 ; \ - PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ - PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ - /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ - cat $$PEM1 > $@ ; \ - echo "" >> $@ ; \ - cat $$PEM2 >> $@ ; \ - $(RM) $$PEM1 $$PEM2 - -%.key: - umask 77 ; \ - /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ - -%.csr: %.key - umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $^ -out $@ - -%.crt: %.key - umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) - -TLSROOT=/etc/pki/tls -KEY=$(TLSROOT)/private/localhost.key -CSR=$(TLSROOT)/certs/localhost.csr -CRT=$(TLSROOT)/certs/localhost.crt - -genkey: $(KEY) -certreq: $(CSR) -testcert: $(CRT) - -$(CSR): $(KEY) - umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) - -$(CRT): $(KEY) - umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) diff --git a/fips-hmacify.sh b/fips-hmacify.sh new file mode 100755 index 0000000..bee0e65 --- /dev/null +++ b/fips-hmacify.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +dd if=/dev/zero bs=1 count=32 of=tmp.mac >/dev/null 2>&1 +objcopy --update-section .rodata1=tmp.mac $1 $1.zeromac +mv $1.zeromac $1 +LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $1 > $1.hmac +objcopy --update-section .rodata1=$1.hmac $1 $1.mac +rm $1.hmac +mv $1.mac $1 diff --git a/fixpatch b/fixpatch deleted file mode 100755 index bf5eb67..0000000 --- a/fixpatch +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# Fixes patch from upstream tracker view -gawk ' -BEGIN { - dir="" -} -/^Index: openssl\// { - dir = $2 -} -/^(---|\+\+\+)/ { - $2 = dir -} -{ - print -}' diff --git a/openssl.spec b/openssl.spec index 1af9f9e..a51cd29 100644 --- a/openssl.spec +++ b/openssl.spec @@ -28,167 +28,68 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.2.2 -Release: 16%{?dist} +Version: 3.5.0 +Release: 1%{?dist} Epoch: 1 -Source: openssl-%{version}.tar.gz -Source2: Makefile.certificate +Source0: openssl-%{version}.tar.gz +Source1: fips-hmacify.sh Source3: genpatches Source4: openssl.rpmlintrc Source6: make-dummy-cert Source7: renew-dummy-cert Source9: configuration-switch.h Source10: configuration-prefix.h -Source14: 0025-for-tests.patch -# # Patches exported from source git -# # Aarch64 and ppc64le use lib64 -Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch -# # Use more general default values in openssl.cnf -Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch -# # Do not install html docs -Patch3: 0003-Do-not-install-html-docs.patch -# # Override default paths for the CA directory tree -Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch -# # apps/ca: fix md option help text -Patch5: 0005-apps-ca-fix-md-option-help-text.patch -# # Disable signature verification with totally unsafe hash algorithms -Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch -# # Add support for PROFILE=SYSTEM system default cipherlist -Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -# # Add FIPS_mode() compatibility macro -Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch -# # Add check to see if fips flag is enabled in kernel -Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so -# # that new modifications made to these files by upstream are not lost. -Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch -# # remove unsupported EC curves -Patch11: 0011-Remove-EC-curves.patch -# # Disable explicit EC curves -# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 -Patch12: 0012-Disable-explicit-ec.patch -# # Skipped tests from former 0011-Remove-EC-curves.patch -Patch13: 0013-skipped-tests-EC-curves.patch -# # Instructions to load legacy provider in openssl.cnf -Patch24: 0024-load-legacy-prov.patch -# # We load FIPS provider and set FIPS properties implicitly -Patch32: 0032-Force-fips.patch -# # Embed HMAC into the fips.so -# Modify fips self test as per -# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a -Patch33: 0033-FIPS-embed-hmac.patch -# # Comment out fipsinstall command-line utility -Patch34: 0034.fipsinstall_disable.patch -# # Skip unavailable algorithms running `openssl speed` -Patch35: 0035-speed-skip-unavailable-dgst.patch -# # Extra public/private key checks required by FIPS-140-3 -Patch44: 0044-FIPS-140-3-keychecks.patch -# # Minimize fips services -Patch45: 0045-FIPS-services-minimize.patch -# # Execute KATS before HMAC verification -Patch47: 0047-FIPS-early-KATS.patch -# # Selectively disallow SHA1 signatures rhbz#2070977 -Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch -# Originally from https://github.com/openssl/openssl/pull/18103 -# As we rebased to 3.0.7 and used the version of the function -# not matching the upstream one, we have to use aliasing. -# When we eliminate this patch, the `-Wl,--allow-multiple-definition` -# should also be removed -Patch56: 0056-strcasecmp.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 -Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch -# 0062-fips-Expose-a-FIPS-indicator.patch -Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -# [PATCH 29/46] -# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch -# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -Patch76: 0076-FIPS-140-3-DRBG.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 -Patch77: 0077-FIPS-140-3-zeroization.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 -Patch78: 0078-KDF-Add-FIPS-indicators.patch -# # We believe that some changes present in CentOS are not necessary -# # because ustream has a check for FIPS version -Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch -# [PATCH 36/46] -# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -# [PATCH 37/46] -# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -# [PATCH 38/46] -# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch -Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch -# 0085-FIPS-RSA-disable-shake.patch -Patch85: 0085-FIPS-RSA-disable-shake.patch -# 0088-signature-Add-indicator-for-PSS-salt-length.patch -Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch -# 0091-FIPS-RSA-encapsulate.patch -Patch91: 0091-FIPS-RSA-encapsulate.patch -# [PATCH 42/46] -# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch -Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch -# [PATCH 43/46] -# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch -Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch -# [PATCH 44/46] -# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch -Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch -# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -# # We believe that some changes present in CentOS are not necessary -# # because ustream has a check for FIPS version -Patch114: 0114-FIPS-enforce-EMS-support.patch -# Amend tests according to Fedora/RHEL code -Patch115: 0115-skip-quic-pairwise.patch -# Add version aliasing due to -# https://github.com/openssl/openssl/issues/23534 -Patch116: 0116-version-aliasing.patch -# https://github.com/openssl/openssl/issues/23050 -Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2160797 -Patch121: 0121-FIPS-cms-defaults.patch -# skip KTLS tests on infrastructure -Patch122: 0122-TMP-KTLS-test-skip.patch -# HKDF regression with older provider implementations -Patch123: 0123-kdf-Preserve-backward-compatibility-with-older-provi.patch -# https://github.com/openssl/openssl/issues/24577 -Patch124: 0124-PBMAC1-PKCS12-FIPS-support.patch -# Downstream patch: enforce PBMAC1 in FIPS mode -Patch125: 0125-PBMAC1-PKCS12-FIPS-default.patch -# https://github.com/openssl/openssl/issues/25127 -Patch126: 0126-pkeyutl-encap.patch -# https://github.com/openssl/openssl/issues/25056 -Patch127: 0127-speedup-SSL_add_cert_subjects_to_stack.patch -Patch128: 0128-SAST-findings.patch -# https://github.com/openssl/openssl/pull/24717 -Patch129: 0129-Fix-SSL_select_next_proto.patch -Patch130: 0130-More-correctly-handle-a-selected_len-of-0-when-proce.patch -Patch131: 0131-Use-correctly-formatted-ALPN-data-in-tserver.patch -Patch132: 0132-Clarify-the-SSL_select_next_proto-documentation.patch -Patch133: 0133-Add-a-test-for-SSL_select_next_proto.patch -Patch134: 0134-Allow-an-empty-NPN-ALPN-protocol-list-in-the-tests.patch -Patch135: 0135-Correct-return-values-for-tls_construct_stoc_next_pr.patch -Patch136: 0136-Add-ALPN-validation-in-the-client.patch -Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch -Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch -Patch139: 0139-CVE-2024-6119.patch -# https://github.com/openssl/openssl/pull/26197 -Patch140: 0140-prov_no-cache.patch -# https://github.com/openssl/openssl/pull/25959 -# https://github.com/openssl/openssl/pull/26722 -Patch141: 0141-print-pq-group.patch -# https://github.com/openssl/openssl/pull/26429 -Patch142: 0142-CVE-2024-13176-Minerva.patch -Patch143: 0143-CVE-2024-12797.patch + +Patch0001: 0001-RH-Aarch64-and-ppc64le-use-lib64.patch +Patch0002: 0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch +Patch0003: 0003-RH-Do-not-install-html-docs.patch +Patch0004: 0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch +Patch0005: 0005-RH-Disable-signature-verification-with-bad-digests-R.patch +Patch0006: 0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch +Patch0007: 0007-RH-Add-FIPS_mode-compatibility-macro.patch +Patch0008: 0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch +Patch0009: 0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch +Patch0010: 0010-RH-Disable-explicit-ec-curves.patch +Patch0011: 0011-RH-skipped-tests-EC-curves.patch +Patch0012: 0012-RH-skip-quic-pairwise.patch +Patch0013: 0013-RH-version-aliasing.patch +Patch0014: 0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch +Patch0015: 0015-RH-TMP-KTLS-test-skip.patch +Patch0016: 0016-RH-Allow-disabling-of-SHA1-signatures.patch +Patch0017: 0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch +Patch0018: 0018-FIPS-disable-fipsinstall.patch +Patch0019: 0019-FIPS-Force-fips-provider-on.patch +Patch0020: 0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch +Patch0021: 0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch +Patch0022: 0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch +Patch0023: 0023-FIPS-RSA-encrypt-limits-REVIEW.patch +Patch0024: 0024-FIPS-RSA-PCTs.patch +Patch0025: 0025-FIPS-RSA-encapsulate-limits.patch +Patch0026: 0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch +Patch0027: 0027-FIPS-RSA-size-mode-restrictions.patch +Patch0028: 0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch +Patch0029: 0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch +Patch0030: 0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch +Patch0031: 0031-FIPS-Deny-SHA-1-signature-verification.patch +Patch0032: 0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch +Patch0033: 0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch +Patch0034: 0034-FIPS-PBKDF2-Set-minimum-password-length.patch +Patch0035: 0035-FIPS-DH-PCT.patch +Patch0036: 0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch +Patch0037: 0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch +Patch0038: 0038-FIPS-CMS-Set-default-padding-to-OAEP.patch +Patch0039: 0039-FIPS-PKCS12-PBMAC1-defaults.patch +Patch0040: 0040-FIPS-Fix-encoder-decoder-negative-test.patch +Patch0041: 0041-FIPS-EC-DH-DSA-PCTs.patch +Patch0042: 0042-FIPS-EC-disable-weak-curves.patch +Patch0043: 0043-FIPS-NO-DSA-Support.patch +Patch0044: 0044-FIPS-NO-DES-support.patch +Patch0045: 0045-FIPS-NO-Kmac.patch +Patch0046: 0046-FIPS-NO-PQ-ML-SLH-DSA.patch +Patch0047: 0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch +Patch0048: 0048-Current-Rebase-status.patch +Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch +Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -200,12 +101,13 @@ BuildRequires: /usr/bin/pod2man BuildRequires: /usr/sbin/sysctl BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) -BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA) +BuildRequires: perl(Time::HiRes), perl(Time::Piece), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA) BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint) BuildRequires: git-core BuildRequires: systemtap-sdt-devel Requires: coreutils Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Obsoletes: oqsprovider < 0.9.0 %description The OpenSSL toolkit provides support for secure communications between @@ -306,9 +208,8 @@ sslarch="linux64-mips64 -mips64r2" sslflags=enable-ec_nistp_64_gcc_128 %endif %ifarch riscv64 -sslarch=linux-generic64 +sslarch=linux64-riscv64 %endif -#temporarily disable ktls to unblock c10s builds ktlsopt=enable-ktls %ifarch armv7hl ktlsopt=disable-ktls @@ -329,11 +230,15 @@ export HASHBANGPERL=/usr/bin/perl # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ +%ifarch riscv64 + --libdir=%{_lib} \ +%endif --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\ no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\ - shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' -DOPENSSL_PEDANTIC_ZEROIZATION\ + -DREDHAT_FIPS_VENDOR='"\"Red Hat Enterprise Linux OpenSSL FIPS Provider\""' -DREDHAT_FIPS_VERSION='"\"%{fips}\""'\ -Wl,--allow-multiple-definition # Do not run this in a production package the FIPS symbols must be patched-in @@ -356,25 +261,13 @@ done touch -r configdata.pm configdata.pm.new && \ mv -f configdata.pm.new configdata.pm) -# We must revert patch4 before tests otherwise they will fail -patch -p1 -R < %{PATCH4} -#We must disable default provider before tests otherwise they will fail -patch -p1 < %{SOURCE14} - OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY OPENSSL_ENABLE_SHA1_SIGNATURES= export OPENSSL_ENABLE_SHA1_SIGNATURES OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE -#embed HMAC into fips provider for test run -dd if=/dev/zero bs=1 count=32 of=tmp.mac -objcopy --update-section .rodata1=tmp.mac providers/fips.so providers/fips.so.zeromac -mv providers/fips.so.zeromac providers/fips.so -rm tmp.mac -LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac -objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac -mv providers/fips.so.mac providers/fips.so +%{SOURCE1} providers/fips.so #run tests itself make test HARNESS_JOBS=8 @@ -393,14 +286,7 @@ make test HARNESS_JOBS=8 %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - dd if=/dev/zero bs=1 count=32 of=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac \ - objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.zeromac \ - mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.zeromac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ - rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac \ - LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ - objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \ - mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ - rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ + %{SOURCE1} $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \ %{nil} %endif @@ -417,17 +303,15 @@ for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} done +mv rh-openssl.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf # Remove static libraries for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do rm -f ${lib} done -# Install a makefile for generating keys and self-signed certs, and a script -# for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d -install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert @@ -448,8 +332,8 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # Ensure the config file timestamps are identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade -touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf -touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf +touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist @@ -498,7 +382,6 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %{_mandir}/man1/* %{_mandir}/man5/* %{_mandir}/man7/* -%{_pkgdocdir}/Makefile.certificate %exclude %{_mandir}/man1/*.pl* %exclude %{_mandir}/man1/tsget* @@ -527,6 +410,8 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %{_mandir}/man3/* %exclude %{_mandir}/man3/ENGINE* %{_libdir}/pkgconfig/*.pc +%{_libdir}/cmake/OpenSSL/OpenSSLConfig.cmake +%{_libdir}/cmake/OpenSSL/OpenSSLConfigVersion.cmake %files perl %{_bindir}/c_rehash @@ -543,6 +428,15 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Wed Apr 09 2025 Dmitry Belyavskiy - 1:3.5.0-1 +- Rebasing OpenSSL to 3.5 + + Resolves: RHEL-80811 + Resolves: RHEL-57022 + Resolves: RHEL-24098 + Resolves: RHEL-24097 + Resolves: RHEL-86865 + * Wed Jan 29 2025 Dmitry Belyavskiy - 1:3.2.2-16 - Fix timing side-channel in ECDSA signature computation (CVE-2024-13176) Resolves: RHEL-70879 diff --git a/sources b/sources index 6d3dc96..423bcc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.2.2.tar.gz) = ebc945065f62a8a2ea4e2f136a2afaea4d38a03bb07a148f7fb73c34a64475a4069de122ebee11a66e421dbd58756ad7ab2d3f905dc90acee72d62757d8c0a2d +SHA512 (openssl-3.5.0.tar.gz) = 39cc80e2843a2ee30f3f5de25cd9d0f759ad8de71b0b39f5a679afaaa74f4eb58d285ae50e29e4a27b139b49343ac91d1f05478f96fb0c6b150f16d7b634676f