Zeroize FIPS module integrity check MAC after check
Resolves: rhbz#2175873 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
6a9e17a8c1
commit
58955140b6
26
0109-fips-Zeroize-out-in-fips-selftest.patch
Normal file
26
0109-fips-Zeroize-out-in-fips-selftest.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 9dbc6069665690bd238caa7622647ea8ac94124f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Mon, 13 Feb 2023 11:01:44 +0100
|
||||||
|
Subject: fips: Zeroize `out` in fips selftest
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
Resolves: rhbz#2169314
|
||||||
|
---
|
||||||
|
providers/fips/self_test.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
|
||||||
|
index 80d048a847..11a989209c 100644
|
||||||
|
--- a/providers/fips/self_test.c
|
||||||
|
+++ b/providers/fips/self_test.c
|
||||||
|
@@ -221,6 +221,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
|
||||||
|
goto err;
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
+ OPENSSL_cleanse(out, sizeof(out));
|
||||||
|
OSSL_SELF_TEST_onend(ev, ret);
|
||||||
|
EVP_MAC_CTX_free(ctx);
|
||||||
|
EVP_MAC_free(mac);
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -166,6 +166,9 @@ Patch106: 0106-CVE-2023-0217-dsa.patch
|
|||||||
Patch107: 0107-CVE-2023-0286-X400.patch
|
Patch107: 0107-CVE-2023-0286-X400.patch
|
||||||
Patch108: 0108-CVE-2023-0401-pkcs7-md.patch
|
Patch108: 0108-CVE-2023-0401-pkcs7-md.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2169314
|
||||||
|
Patch109: 0109-fips-Zeroize-out-in-fips-selftest.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
BuildRequires: gcc g++
|
BuildRequires: gcc g++
|
||||||
@ -498,6 +501,8 @@ install -m644 %{SOURCE9} \
|
|||||||
* Tue Mar 14 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-7
|
* Tue Mar 14 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-7
|
||||||
- Add explicit FIPS indicators to key derivation functions
|
- Add explicit FIPS indicators to key derivation functions
|
||||||
Resolves: rhbz#2175860 rhbz#2175864
|
Resolves: rhbz#2175860 rhbz#2175864
|
||||||
|
- Zeroize FIPS module integrity check MAC after check
|
||||||
|
Resolves: rhbz#2175873
|
||||||
|
|
||||||
* Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
|
* Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
|
||||||
- Fixes RNG slowdown in FIPS mode
|
- Fixes RNG slowdown in FIPS mode
|
||||||
|
Loading…
Reference in New Issue
Block a user