Drop long ago obsolete part of the FIPS patch

2020-06-23 15:55:16 +02:00 · 2020-06-23 15:55:16 +02:00 · 7f27ca925c
commit 7f27ca925c
parent f023424321
2 changed files with 4 additions and 123 deletions
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@ -879,128 +879,6 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm
     pkey_ec_init,
     pkey_ec_copy,
     pkey_ec_cleanup,
 diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c
 --- openssl-1.1.1e/crypto/evp/c_allc.c.fips	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/crypto/evp/c_allc.c	2020-03-17 17:30:52.027567375 +0100
@@ -17,6 +17,9 @@
 void openssl_add_all_ciphers_int(void)
 {
 +#ifdef OPENSSL_FIPS
 +    if (!FIPS_mode()) {
 +#endif
 #ifndef OPENSSL_NO_DES
     EVP_add_cipher(EVP_des_cfb());
     EVP_add_cipher(EVP_des_cfb1());
@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void)
     EVP_add_cipher(EVP_chacha20_poly1305());
 # endif
 #endif
 +#ifdef OPENSSL_FIPS
 +    } else {
 +# ifndef OPENSSL_NO_DES
 +        EVP_add_cipher(EVP_des_ede3_cfb());
 +
 +        EVP_add_cipher(EVP_des_ede3_ofb());
 +
 +        EVP_add_cipher(EVP_des_ede3_cbc());
 +        EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
 +        EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
 +
 +        EVP_add_cipher(EVP_des_ede3());
 +        EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
 +        EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
 +        EVP_add_cipher(EVP_des_ede3_wrap());
 +        EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
 +# endif
 +
 +# ifndef OPENSSL_NO_AES
 +        EVP_add_cipher(EVP_aes_128_ecb());
 +        EVP_add_cipher(EVP_aes_128_cbc());
 +        EVP_add_cipher(EVP_aes_128_cfb());
 +        EVP_add_cipher(EVP_aes_128_cfb1());
 +        EVP_add_cipher(EVP_aes_128_cfb8());
 +        EVP_add_cipher(EVP_aes_128_ofb());
 +        EVP_add_cipher(EVP_aes_128_ctr());
 +        EVP_add_cipher(EVP_aes_128_gcm());
 +        EVP_add_cipher(EVP_aes_128_xts());
 +        EVP_add_cipher(EVP_aes_128_ccm());
 +        EVP_add_cipher(EVP_aes_128_wrap());
 +        EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
 +        EVP_add_cipher(EVP_aes_128_wrap_pad());
 +        EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
 +        EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
 +        EVP_add_cipher(EVP_aes_192_ecb());
 +        EVP_add_cipher(EVP_aes_192_cbc());
 +        EVP_add_cipher(EVP_aes_192_cfb());
 +        EVP_add_cipher(EVP_aes_192_cfb1());
 +        EVP_add_cipher(EVP_aes_192_cfb8());
 +        EVP_add_cipher(EVP_aes_192_ofb());
 +        EVP_add_cipher(EVP_aes_192_ctr());
 +        EVP_add_cipher(EVP_aes_192_gcm());
 +        EVP_add_cipher(EVP_aes_192_ccm());
 +        EVP_add_cipher(EVP_aes_192_wrap());
 +        EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
 +        EVP_add_cipher(EVP_aes_192_wrap_pad());
 +        EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
 +        EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
 +        EVP_add_cipher(EVP_aes_256_ecb());
 +        EVP_add_cipher(EVP_aes_256_cbc());
 +        EVP_add_cipher(EVP_aes_256_cfb());
 +        EVP_add_cipher(EVP_aes_256_cfb1());
 +        EVP_add_cipher(EVP_aes_256_cfb8());
 +        EVP_add_cipher(EVP_aes_256_ofb());
 +        EVP_add_cipher(EVP_aes_256_ctr());
 +        EVP_add_cipher(EVP_aes_256_gcm());
 +        EVP_add_cipher(EVP_aes_256_xts());
 +        EVP_add_cipher(EVP_aes_256_ccm());
 +        EVP_add_cipher(EVP_aes_256_wrap());
 +        EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
 +        EVP_add_cipher(EVP_aes_256_wrap_pad());
 +        EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
 +        EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
 +# endif
 +    }
 +#endif
 }
 diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c
 --- openssl-1.1.1e/crypto/evp/c_alld.c.fips	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/crypto/evp/c_alld.c	2020-03-17 17:30:52.027567375 +0100
@@ -16,6 +16,9 @@
 void openssl_add_all_digests_int(void)
 {
 +#ifdef OPENSSL_FIPS
 +    if (!FIPS_mode()) {
 +#endif
 #ifndef OPENSSL_NO_MD4
     EVP_add_digest(EVP_md4());
 #endif
@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void)
     EVP_add_digest(EVP_sha3_512());
     EVP_add_digest(EVP_shake128());
     EVP_add_digest(EVP_shake256());
 +#ifdef OPENSSL_FIPS
 +    } else {
 +        EVP_add_digest(EVP_md5_sha1());
 +        EVP_add_digest(EVP_sha1());
 +        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
 +        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
 +        EVP_add_digest(EVP_sha224());
 +        EVP_add_digest(EVP_sha256());
 +        EVP_add_digest(EVP_sha384());
 +        EVP_add_digest(EVP_sha512());
 +        EVP_add_digest(EVP_sha512_224());
 +        EVP_add_digest(EVP_sha512_256());
 +        EVP_add_digest(EVP_sha3_224());
 +        EVP_add_digest(EVP_sha3_256());
 +        EVP_add_digest(EVP_sha3_384());
 +        EVP_add_digest(EVP_sha3_512());
 +        EVP_add_digest(EVP_shake128());
 +        EVP_add_digest(EVP_shake256());
 +    }
 +#endif
 }
 diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c
 --- openssl-1.1.1e/crypto/evp/digest.c.fips	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/crypto/evp/digest.c	2020-03-17 17:38:57.528093469 +0100
--- a/openssl.spec
+++ b/openssl.spec
@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 %changelog
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
 - Drop long ago obsolete part of the FIPS patch
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
 - Rewire FIPS_drbg API to use the RAND_DRBG