fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
- make FIPS mode keygen bit length restriction enforced only when OPENSSL_ENFORCE_MODULUS_BITS is set
This commit is contained in:
Tomas Mraz
parent
0a491cd9f2
commit
a98d99a503
@ -80,11 +80,12 @@ diff -up openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1g/crypto/dh/
|
|||||||
diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
|
diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
|
||||||
--- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs 2014-05-06 16:22:21.254536168 +0200
|
--- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs 2014-05-06 16:22:21.254536168 +0200
|
||||||
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:22:21.432540283 +0200
|
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:22:21.432540283 +0200
|
||||||
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
}
|
}
|
||||||
|
|
||||||
if (FIPS_module_mode() &&
|
if (FIPS_module_mode() &&
|
||||||
- (bits != 1024 || qbits != 160) &&
|
- (bits != 1024 || qbits != 160) &&
|
||||||
|
+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) &&
|
||||||
(bits != 2048 || qbits != 224) &&
|
(bits != 2048 || qbits != 224) &&
|
||||||
(bits != 2048 || qbits != 256) &&
|
(bits != 2048 || qbits != 256) &&
|
||||||
(bits != 3072 || qbits != 256))
|
(bits != 3072 || qbits != 256))
|
||||||
@ -95,7 +96,7 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1g/crypto/dsa/dsa
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
|
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
|
||||||
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048
|
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
|
||||||
|
|
||||||
#define DSA_FLAG_CACHE_MONT_P 0x01
|
#define DSA_FLAG_CACHE_MONT_P 0x01
|
||||||
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
|
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
|
||||||
@ -1493,7 +1494,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ if (bits != 2048 && bits != 3072)
|
+ if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072))
|
||||||
+ {
|
+ {
|
||||||
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
|
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
|
||||||
+ return 0;
|
+ return 0;
|
||||||
@ -1693,7 +1694,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
|
|||||||
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
||||||
{
|
{
|
||||||
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
||||||
@@ -176,17 +393,7 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -176,17 +393,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (FIPS_module_mode())
|
if (FIPS_module_mode())
|
||||||
{
|
{
|
||||||
@ -1703,16 +1704,16 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
|
|||||||
- return 0;
|
- return 0;
|
||||||
- }
|
- }
|
||||||
-
|
-
|
||||||
- if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
|
if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
|
||||||
- {
|
{
|
||||||
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
|
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
|
||||||
- return 0;
|
return 0;
|
||||||
- }
|
}
|
||||||
+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
|
+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -301,17 +508,6 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -301,17 +520,6 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
p = rsa->p;
|
p = rsa->p;
|
||||||
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
||||||
|
|
||||||
|
|||||||
11
openssl-1.0.1h-session-resumption.patch
Normal file
11
openssl-1.0.1h-session-resumption.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up openssl-1.0.1h/ssl/s3_clnt.c.resumption openssl-1.0.1h/ssl/s3_clnt.c
|
||||||
|
--- openssl-1.0.1h/ssl/s3_clnt.c.resumption 2014-06-05 11:44:33.000000000 +0200
|
||||||
|
+++ openssl-1.0.1h/ssl/s3_clnt.c 2014-06-10 16:35:12.895096670 +0200
|
||||||
|
@@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s)
|
||||||
|
{
|
||||||
|
s->session->cipher = pref_cipher ?
|
||||||
|
pref_cipher : ssl_get_cipher_by_char(s, p+j);
|
||||||
|
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_NO_TLSEXT */
|
||||||
@ -23,7 +23,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1h
|
Version: 1.0.1h
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -85,6 +85,7 @@ Patch90: openssl-1.0.1e-enc-fail.patch
|
|||||||
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
|
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
||||||
|
Patch82: openssl-1.0.1h-session-resumption.patch
|
||||||
Patch84: openssl-1.0.1e-trusted-first.patch
|
Patch84: openssl-1.0.1e-trusted-first.patch
|
||||||
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
||||||
Patch89: openssl-1.0.1e-ephemeral-key-size.patch
|
Patch89: openssl-1.0.1e-ephemeral-key-size.patch
|
||||||
@ -206,6 +207,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
|||||||
%patch91 -p1 -b .ssl2noec
|
%patch91 -p1 -b .ssl2noec
|
||||||
|
|
||||||
%patch81 -p1 -b .padlock64
|
%patch81 -p1 -b .padlock64
|
||||||
|
%patch82 -p1 -b .resumption
|
||||||
%patch84 -p1 -b .trusted-first
|
%patch84 -p1 -b .trusted-first
|
||||||
%patch85 -p1 -b .armcap
|
%patch85 -p1 -b .armcap
|
||||||
%patch89 -p1 -b .ephemeral
|
%patch89 -p1 -b .ephemeral
|
||||||
@ -472,6 +474,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-3
|
||||||
|
- make FIPS mode keygen bit length restriction enforced only when
|
||||||
|
OPENSSL_ENFORCE_MODULUS_BITS is set
|
||||||
|
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
|
||||||
|
|
||||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1h-2
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1h-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user