From b7eb6f4a5f05b02a3442354dca5d93c5578b9378 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 15 Nov 2012 21:11:36 +0100 Subject: [PATCH] use 1024 bit DH parameters in s_server as 512 bit is not allowed in FIPS mode and it is quite weak anyway --- openssl-1.0.1c-dh-1024.patch | 61 ++++++++++++++++++++++++++++++++++++ openssl.spec | 8 ++++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 openssl-1.0.1c-dh-1024.patch diff --git a/openssl-1.0.1c-dh-1024.patch b/openssl-1.0.1c-dh-1024.patch new file mode 100644 index 0000000..89f0f04 --- /dev/null +++ b/openssl-1.0.1c-dh-1024.patch @@ -0,0 +1,61 @@ +diff -up openssl-1.0.1c/apps/s_server.c.dh1024 openssl-1.0.1c/apps/s_server.c +--- openssl-1.0.1c/apps/s_server.c.dh1024 2012-11-14 20:27:50.000000000 +0100 ++++ openssl-1.0.1c/apps/s_server.c 2012-11-15 20:56:15.247774465 +0100 +@@ -222,27 +222,31 @@ static void s_server_init(void); + #endif + + #ifndef OPENSSL_NO_DH +-static unsigned char dh512_p[]={ +- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, +- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, +- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, +- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, +- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, +- 0x47,0x74,0xE8,0x33, +- }; +-static unsigned char dh512_g[]={ +- 0x02, +- }; +- +-static DH *get_dh512(void) ++static DH *get_dh1024() + { +- DH *dh=NULL; ++ static unsigned char dh1024_p[]={ ++ 0x99,0x58,0xFA,0x90,0x53,0x2F,0xE0,0x61,0x83,0x9D,0x54,0x63, ++ 0xBD,0x35,0x5A,0x31,0xF3,0xC6,0x79,0xE5,0xA0,0x0F,0x66,0x79, ++ 0x3C,0xA0,0x7F,0xE8,0xA2,0x5F,0xDF,0x11,0x08,0xA3,0xF0,0x3C, ++ 0xC3,0x3C,0x5D,0x50,0x2C,0xD5,0xD6,0x58,0x12,0xDB,0xC1,0xEF, ++ 0xB4,0x47,0x4A,0x5A,0x39,0x8A,0x4E,0xEB,0x44,0xE2,0x07,0xFB, ++ 0x3D,0xA3,0xC7,0x6E,0x52,0xF3,0x2B,0x7B,0x10,0xA5,0x98,0xE3, ++ 0x38,0x2A,0xE2,0x7F,0xA4,0x8F,0x26,0x87,0x9B,0x66,0x7A,0xED, ++ 0x2D,0x4C,0xE7,0x33,0x77,0x47,0x94,0x43,0xB6,0xAA,0x97,0x23, ++ 0x8A,0xFC,0xA5,0xA6,0x64,0x09,0xC0,0x27,0xC0,0xEF,0xCB,0x05, ++ 0x90,0x9D,0xD5,0x75,0xBA,0x00,0xE0,0xFB,0xA8,0x81,0x52,0xA4, ++ 0xB2,0x83,0x22,0x5B,0xCB,0xD7,0x16,0x93, ++ }; ++ static unsigned char dh1024_g[]={ ++ 0x02, ++ }; ++ DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); +- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); +- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); ++ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); ++ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) +- return(NULL); ++ { DH_free(dh); return(NULL); } + return(dh); + } + #endif +@@ -1657,7 +1661,7 @@ bad: + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); +- dh=get_dh512(); ++ dh=get_dh1024(); + } + (void)BIO_flush(bio_s_out); + diff --git a/openssl.spec b/openssl.spec index 5e74218..51453dc 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implem Name: openssl Version: 1.0.1c # Do not forget to bump SHLIB_VERSION on version upgrades -Release: 7%{?dist} +Release: 8%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -67,6 +67,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch Patch66: openssl-1.0.1-pkgconfig-krb5.patch Patch67: openssl-1.0.0-fips-pkcs8.patch Patch68: openssl-1.0.1c-secure-getenv.patch +Patch69: openssl-1.0.1c-dh-1024.patch # Backported fixes including security fixes Patch81: openssl-1.0.1-beta2-padlock64.patch Patch82: openssl-1.0.1c-backports.patch @@ -171,6 +172,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch66 -p1 -b .krb5 %patch67 -p1 -b .pkcs8 %patch68 -p1 -b .secure-getenv +%patch69 -p1 -b .dh1024 %patch81 -p1 -b .padlock64 %patch82 -p1 -b .backports @@ -429,6 +431,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Thu Nov 15 2012 Tomas Mraz 1.0.1c-8 +- use 1024 bit DH parameters in s_server as 512 bit is not allowed + in FIPS mode and it is quite weak anyway + * Mon Sep 10 2012 Tomas Mraz 1.0.1c-7 - add missing initialization of str in aes_ccm_init_key (#853963) - add important patches from upstream CVS