From 0367bee51dcb76ef8aca7b1a1802a86a6b367859 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Tue, 3 Jun 2025 17:22:18 +0200 Subject: [PATCH 1/3] Compact patches for better maintainability Related: RHEL-80811 --- 0001-RH-Aarch64-and-ppc64le-use-lib64.patch | 2 +- ...-config-file-to-use-for-rpm-installs.patch | 2 +- 0003-RH-Do-not-install-html-docs.patch | 2 +- ...a-fix-md-option-help-text.patch-DROP.patch | 2 +- ...ture-verification-with-bad-digests-R.patch | 2 +- ...or-PROFILE-SYSTEM-system-default-cip.patch | 2 +- ...RH-Add-FIPS_mode-compatibility-macro.patch | 2 +- ...rnel-FIPS-mode-flag-support-FIXSTYLE.patch | 2 +- ...k-curve-definitions-RENAMED-SQUASHED.patch | 2 +- 0010-RH-Disable-explicit-ec-curves.patch | 19 ++++-- 0011-RH-skipped-tests-EC-curves.patch | 4 +- 0012-RH-skip-quic-pairwise.patch | 4 +- 0013-RH-version-aliasing.patch | 4 +- ...wo-symbols-for-OPENSSL_str-n-casecmp.patch | 34 +++++++++- 0015-RH-TMP-KTLS-test-skip.patch | 4 +- ...H-Allow-disabling-of-SHA1-signatures.patch | 64 +++++++------------ ...d-Hat-s-FIPS-module-name-and-version.patch | 4 +- 0018-FIPS-disable-fipsinstall.patch | 4 +- 0019-FIPS-Force-fips-provider-on.patch | 4 +- ...TEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch | 4 +- ...CHECK-Add-script-to-hmac-ify-fips.so.patch | 4 +- ...HECK-Execute-KATS-before-HMAC-REVIEW.patch | 4 +- 0023-FIPS-RSA-encrypt-limits-REVIEW.patch | 4 +- 0024-FIPS-RSA-PCTs.patch | 10 +-- 0025-FIPS-RSA-encapsulate-limits.patch | 4 +- ...S-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch | 4 +- 0027-FIPS-RSA-size-mode-restrictions.patch | 44 ++++++------- ...Mark-x931-as-not-approved-by-default.patch | 4 +- ...emove-X9.31-padding-signatures-tests.patch | 4 +- ...EWORK-FIPS-Use-OAEP-in-KATs-support-.patch | 4 +- ...PS-Deny-SHA-1-signature-verification.patch | 12 ++-- ...PS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch | 4 +- ...S-RAND-Forbid-truncated-hashes-SHA-3.patch | 4 +- ...S-PBKDF2-Set-minimum-password-length.patch | 4 +- 0035-FIPS-DH-PCT.patch | 4 +- ...H-Disable-FIPS-186-4-type-parameters.patch | 4 +- ...FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch | 4 +- ...FIPS-CMS-Set-default-padding-to-OAEP.patch | 4 +- 0039-FIPS-PKCS12-PBMAC1-defaults.patch | 4 +- ...PS-Fix-encoder-decoder-negative-test.patch | 4 +- 0041-FIPS-EC-DH-DSA-PCTs.patch | 10 +-- 0042-FIPS-EC-disable-weak-curves.patch | 4 +- 0043-FIPS-NO-DSA-Support.patch | 4 +- 0044-FIPS-NO-DES-support.patch | 4 +- 0045-FIPS-NO-Kmac.patch | 4 +- 0046-FIPS-NO-PQ-ML-SLH-DSA.patch | 4 +- ...e-tests-due-to-our-versioning-change.patch | 4 +- 0048-Current-Rebase-status.patch | 4 +- 0049-FIPS-KDF-key-lenght-errors.patch | 4 +- 0050-FIPS-fix-disallowed-digests-tests.patch | 4 +- ...-Make-openssl-speed-run-in-FIPS-mode.patch | 4 +- ...port-upstream-27483-for-PKCS11-needs.patch | 4 +- 0052-Fixup-forbid-SHA1.patch | 58 ----------------- ...053-Red-Hat-9-FIPS-indicator-defines.patch | 4 +- ...ypto-disable-OSSL_PARAM_REAL-on-UEFI.patch | 4 +- ...> 0055-hashfunc-add-stddef.h-include.patch | 4 +- ...=> 0056-rio-add-RIO_POLL_METHOD_NONE.patch | 4 +- ...the-addreject-option-adding-trust-in.patch | 4 +- 0059-Fixup-permit-SHA1-as-MGF1-digest.patch | 50 --------------- 0060-Fixup-no-dup-versions-for-UEFI.patch | 39 ----------- openssl.spec | 21 +++--- 61 files changed, 208 insertions(+), 335 deletions(-) rename 0053-Backport-upstream-27483-for-PKCS11-needs.patch => 0052-Backport-upstream-27483-for-PKCS11-needs.patch (97%) delete mode 100644 0052-Fixup-forbid-SHA1.patch rename 0054-Red-Hat-9-FIPS-indicator-defines.patch => 0053-Red-Hat-9-FIPS-indicator-defines.patch (98%) rename 0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch => 0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch (93%) rename 0056-hashfunc-add-stddef.h-include.patch => 0055-hashfunc-add-stddef.h-include.patch (88%) rename 0057-rio-add-RIO_POLL_METHOD_NONE.patch => 0056-rio-add-RIO_POLL_METHOD_NONE.patch (95%) rename 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch => 0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch (94%) delete mode 100644 0059-Fixup-permit-SHA1-as-MGF1-digest.patch delete mode 100644 0060-Fixup-no-dup-versions-for-UEFI.patch diff --git a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch index 6cb27b1..f9c715c 100644 --- a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch @@ -1,7 +1,7 @@ From fb792883f3ccc55997fdc21a9c1052f778dea1ac Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 01/50] RH: Aarch64 and ppc64le use lib64 +Subject: [PATCH 01/58] RH: Aarch64 and ppc64le use lib64 Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch Patch-id: 1 diff --git a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch index f0808db..d9c7035 100644 --- a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch +++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch @@ -1,7 +1,7 @@ From 193d88dfd8d131d2057fc69b4e2abb66f51924d0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 6 Mar 2025 08:40:29 -0500 -Subject: [PATCH 02/50] Add a separate config file to use for rpm installs +Subject: [PATCH 02/58] Add a separate config file to use for rpm installs In RHEL/Fedora systems we want to use a slightly different set of defaults, but we do not want to change the standard config file diff --git a/0003-RH-Do-not-install-html-docs.patch b/0003-RH-Do-not-install-html-docs.patch index 52ebff1..1589d8e 100644 --- a/0003-RH-Do-not-install-html-docs.patch +++ b/0003-RH-Do-not-install-html-docs.patch @@ -1,7 +1,7 @@ From 786b3456ad2d3d37e9729b83d0ddce8794060fb1 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 03/50] RH: Do not install html docs +Subject: [PATCH 03/58] RH: Do not install html docs Patch-name: 0003-Do-not-install-html-docs.patch Patch-id: 3 diff --git a/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch index f0c1852..9b8b563 100644 --- a/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch +++ b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch @@ -1,7 +1,7 @@ From 9e410805cbd962214f0c0db785320f5fd594ea75 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 04/50] RH: apps ca fix md option help text.patch - DROP? +Subject: [PATCH 04/58] RH: apps ca fix md option help text.patch - DROP? Patch-name: 0005-apps-ca-fix-md-option-help-text.patch Patch-id: 5 diff --git a/0005-RH-Disable-signature-verification-with-bad-digests-R.patch b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch index ac6b340..7b98fd5 100644 --- a/0005-RH-Disable-signature-verification-with-bad-digests-R.patch +++ b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch @@ -1,7 +1,7 @@ From fc8b2977d0b92f5a2e62131e398857ee431bff6e Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 05/50] RH: Disable signature verification with bad digests - +Subject: [PATCH 05/58] RH: Disable signature verification with bad digests - REVIEW Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch diff --git a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch index 12a7dfc..fa24115 100644 --- a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch +++ b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch @@ -1,7 +1,7 @@ From e4f78101181c2a16343c0f281d218fde34b84637 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 06/50] RH: Add support for PROFILE SYSTEM system default +Subject: [PATCH 06/58] RH: Add support for PROFILE SYSTEM system default cipher Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch diff --git a/0007-RH-Add-FIPS_mode-compatibility-macro.patch b/0007-RH-Add-FIPS_mode-compatibility-macro.patch index cc5fe88..508a756 100644 --- a/0007-RH-Add-FIPS_mode-compatibility-macro.patch +++ b/0007-RH-Add-FIPS_mode-compatibility-macro.patch @@ -1,7 +1,7 @@ From 6778626185fb566b9b89f548ff18f481c10ce808 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 07/50] RH: Add FIPS_mode compatibility macro +Subject: [PATCH 07/58] RH: Add FIPS_mode compatibility macro Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch Patch-id: 8 diff --git a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch index aaebff7..c4768a5 100644 --- a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch +++ b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch @@ -1,7 +1,7 @@ From 9df43c7443d85c5685f87c132de448a7c4e652b5 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 08/50] RH: Add Kernel FIPS mode flag support - FIXSTYLE +Subject: [PATCH 08/58] RH: Add Kernel FIPS mode flag support - FIXSTYLE Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch Patch-id: 9 diff --git a/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch index 9fd2610..80ec2c4 100644 --- a/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch +++ b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch @@ -1,7 +1,7 @@ From f9d74e58291461804defa0e2de9635aad76e5d57 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 09/50] RH: Drop weak curve definitions - RENAMED/SQUASHED +Subject: [PATCH 09/58] RH: Drop weak curve definitions - RENAMED/SQUASHED Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch Patch-id: 10 diff --git a/0010-RH-Disable-explicit-ec-curves.patch b/0010-RH-Disable-explicit-ec-curves.patch index 527503c..af0fcdc 100644 --- a/0010-RH-Disable-explicit-ec-curves.patch +++ b/0010-RH-Disable-explicit-ec-curves.patch @@ -1,7 +1,7 @@ -From 325f426bdeb49dd36868e009e99abb641300af96 Mon Sep 17 00:00:00 2001 +From 27fc7dc53e31b3dcd7ff3df40db1060d7a72f126 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 10/50] RH: Disable explicit ec curves +Subject: [PATCH 10/58] RH: Disable explicit ec curves Patch-name: 0012-Disable-explicit-ec.patch Patch-id: 12 @@ -11,11 +11,11 @@ Patch-status: | From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/ec/ec_asn1.c | 11 ++++++++++ - crypto/ec/ec_lib.c | 6 +++++ + crypto/ec/ec_lib.c | 8 ++++++- test/ectest.c | 22 ++++++++++--------- test/endecode_test.c | 20 ++++++++--------- .../30-test_evp_data/evppkey_ecdsa.txt | 12 ---------- - 5 files changed, 39 insertions(+), 32 deletions(-) + 5 files changed, 40 insertions(+), 33 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 643d2d8d7b..5895606176 100644 @@ -47,9 +47,18 @@ index 643d2d8d7b..5895606176 100644 if (priv_key->privateKey) { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index b55677fb1f..dcfdef408e 100644 +index b55677fb1f..1df40018ac 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c +@@ -1554,7 +1554,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + int is_prime_field = 1; + BN_CTX *bnctx = NULL; + const unsigned char *buf = NULL; +- int encoding_flag = -1; ++ /* int encoding_flag = -1; */ + #endif + + /* This is the simple named group case */ @@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } diff --git a/0011-RH-skipped-tests-EC-curves.patch b/0011-RH-skipped-tests-EC-curves.patch index b912ddd..39ac428 100644 --- a/0011-RH-skipped-tests-EC-curves.patch +++ b/0011-RH-skipped-tests-EC-curves.patch @@ -1,7 +1,7 @@ -From ec22400267e5accaacb24eec8fd6be5e73f1833d Mon Sep 17 00:00:00 2001 +From 2c8e302b4a2f9c4eeec718d2a9d5cef655c28153 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 11/50] RH: skipped tests EC curves +Subject: [PATCH 11/58] RH: skipped tests EC curves Patch-name: 0013-skipped-tests-EC-curves.patch Patch-id: 13 diff --git a/0012-RH-skip-quic-pairwise.patch b/0012-RH-skip-quic-pairwise.patch index 5ca0801..ae9b19e 100644 --- a/0012-RH-skip-quic-pairwise.patch +++ b/0012-RH-skip-quic-pairwise.patch @@ -1,7 +1,7 @@ -From 2f327785a69b62eac55a94d49441994cbaf941d5 Mon Sep 17 00:00:00 2001 +From e87e9fbc6bcf90d43f6e09f7de46f1805e3e6674 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Thu, 7 Mar 2024 17:37:09 +0100 -Subject: [PATCH 12/50] RH: skip quic pairwise +Subject: [PATCH 12/58] RH: skip quic pairwise Patch-name: 0115-skip-quic-pairwise.patch Patch-id: 115 diff --git a/0013-RH-version-aliasing.patch b/0013-RH-version-aliasing.patch index 8b67dc4..595ad14 100644 --- a/0013-RH-version-aliasing.patch +++ b/0013-RH-version-aliasing.patch @@ -1,7 +1,7 @@ -From dcea5128f4a6ff30eedca8442b8e3cdc18bac216 Mon Sep 17 00:00:00 2001 +From c63c81754bcf4bf3aeb4049fc5952368764fb303 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 13/50] RH: version aliasing +Subject: [PATCH 13/58] RH: version aliasing Patch-name: 0116-version-aliasing.patch Patch-id: 116 diff --git a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch index bcdad9d..006fdbd 100644 --- a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch +++ b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch @@ -1,19 +1,47 @@ -From 1c440ca60081777e618eaecb31ef92b692cc2444 Mon Sep 17 00:00:00 2001 +From eeaa8125102427cedfda9a1d5bd663956acd8d63 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 16:09:09 -0500 -Subject: [PATCH 14/50] RH: Export two symbols for OPENSSL_str[n]casecmp +Subject: [PATCH 14/58] RH: Export two symbols for OPENSSL_str[n]casecmp We accidentally exported the symbols with the incorrect verison number in an early version of RHEL-9 so we need to keep the wrong symbols for ABI backwards compatibility and the correct symbols to be compatible with upstream. --- + crypto/evp/digest.c | 2 +- + crypto/evp/evp_enc.c | 2 +- crypto/o_str.c | 14 ++++++++++++-- test/recipes/01-test_symbol_presence.t | 2 +- util/libcrypto.num | 2 ++ - 3 files changed, 15 insertions(+), 3 deletions(-) + 5 files changed, 17 insertions(+), 5 deletions(-) mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t +diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c +index 3c80b9dfe1..8ee9db73dd 100644 +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) + } + + EVP_MD_CTX +-#if !defined(FIPS_MODULE) ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) + __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) + #endif +diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c +index 7c51786515..619cf4f385 100644 +--- a/crypto/evp/evp_enc.c ++++ b/crypto/evp/evp_enc.c +@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + } + + EVP_CIPHER_CTX +-#if !defined(FIPS_MODULE) ++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) + __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) + #endif diff --git a/crypto/o_str.c b/crypto/o_str.c index 93af73561f..86442a939e 100644 --- a/crypto/o_str.c diff --git a/0015-RH-TMP-KTLS-test-skip.patch b/0015-RH-TMP-KTLS-test-skip.patch index 5c7bf73..645280f 100644 --- a/0015-RH-TMP-KTLS-test-skip.patch +++ b/0015-RH-TMP-KTLS-test-skip.patch @@ -1,7 +1,7 @@ -From 73574d1847777d0c93d9ebe353d235ebb165eeae Mon Sep 17 00:00:00 2001 +From 601c308871191a17620ade34a9edcb8afe969c8d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:11:19 -0500 -Subject: [PATCH 15/50] RH: TMP KTLS test skip +Subject: [PATCH 15/58] RH: TMP KTLS test skip From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9 --- diff --git a/0016-RH-Allow-disabling-of-SHA1-signatures.patch b/0016-RH-Allow-disabling-of-SHA1-signatures.patch index 27429dc..52ed1bd 100644 --- a/0016-RH-Allow-disabling-of-SHA1-signatures.patch +++ b/0016-RH-Allow-disabling-of-SHA1-signatures.patch @@ -1,7 +1,7 @@ -From 81b507715dded07f61f6d2bd7d498cc16ae04e38 Mon Sep 17 00:00:00 2001 +From 84c7c05d38e96d003df43527e4e6abc6dbae2683 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 21 Aug 2023 13:07:07 +0200 -Subject: [PATCH 16/50] RH: Allow disabling of SHA1 signatures +Subject: [PATCH 16/58] RH: Allow disabling of SHA1 signatures Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch Patch-id: 49 @@ -9,26 +9,26 @@ Patch-status: | # Selectively disallow SHA1 signatures rhbz#2070977 From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- - crypto/context.c | 76 +++++++++++++++++++ + crypto/context.c | 70 +++++++++++++++++++ crypto/evp/evp_cnf.c | 13 ++++ crypto/evp/m_sigver.c | 13 ++++ crypto/evp/pmeth_lib.c | 15 ++++ doc/man5/config.pod | 13 ++++ - include/crypto/context.h | 8 ++ + include/crypto/context.h | 8 +++ include/internal/cryptlib.h | 3 +- - include/internal/sslconf.h | 4 + + include/internal/sslconf.h | 4 ++ providers/common/include/prov/securitycheck.h | 2 + providers/common/securitycheck.c | 14 ++++ providers/common/securitycheck_default.c | 1 + providers/implementations/signature/dsa_sig.c | 1 + - .../implementations/signature/ecdsa_sig.c | 5 +- - providers/implementations/signature/rsa_sig.c | 17 ++++- - ssl/t1_lib.c | 8 ++ + .../implementations/signature/ecdsa_sig.c | 8 ++- + providers/implementations/signature/rsa_sig.c | 14 +++- + ssl/t1_lib.c | 8 +++ util/libcrypto.num | 2 + - 16 files changed, 189 insertions(+), 6 deletions(-) + 16 files changed, 182 insertions(+), 7 deletions(-) diff --git a/crypto/context.c b/crypto/context.c -index 614c8a2c88..6859146510 100644 +index 614c8a2c88..323615e300 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -85,6 +85,8 @@ struct ossl_lib_ctx_st { @@ -40,7 +40,7 @@ index 614c8a2c88..6859146510 100644 int ischild; int conf_diagnostics; }; -@@ -119,6 +121,25 @@ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) +@@ -119,6 +121,22 @@ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) return ctx->ischild; } @@ -56,9 +56,6 @@ index 614c8a2c88..6859146510 100644 +static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) +{ + OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -+ /* Warning: This patch differs from the same patch in CentOS and RHEL here, -+ * because the default on Fedora is to allow SHA-1 and support disabling -+ * it, while CentOS/RHEL disable it by default and allow enabling it. */ + ldsigs->allowed = 0; + return ldsigs; +} @@ -66,7 +63,7 @@ index 614c8a2c88..6859146510 100644 static void context_deinit_objs(OSSL_LIB_CTX *ctx); static int context_init(OSSL_LIB_CTX *ctx) -@@ -235,6 +256,10 @@ static int context_init(OSSL_LIB_CTX *ctx) +@@ -235,6 +253,10 @@ static int context_init(OSSL_LIB_CTX *ctx) goto err; #endif @@ -77,7 +74,7 @@ index 614c8a2c88..6859146510 100644 /* Low priority. */ #ifndef FIPS_MODULE ctx->child_provider = ossl_child_prov_ctx_new(ctx); -@@ -382,6 +407,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) +@@ -382,6 +404,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) } #endif @@ -89,7 +86,7 @@ index 614c8a2c88..6859146510 100644 /* Low priority. */ #ifndef FIPS_MODULE if (ctx->child_provider != NULL) { -@@ -660,6 +690,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) +@@ -660,6 +687,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) case OSSL_LIB_CTX_COMP_METHODS: return (void *)&ctx->comp_methods; @@ -99,7 +96,7 @@ index 614c8a2c88..6859146510 100644 default: return NULL; } -@@ -714,3 +747,46 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value) +@@ -714,3 +744,43 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value) return; libctx->conf_diagnostics = value; } @@ -126,9 +123,6 @@ index 614c8a2c88..6859146510 100644 + return 1; + #endif + -+ /* Warning: This patch differs from the same patch in CentOS and RHEL here, -+ * because the default on Fedora is to allow SHA-1 and support disabling -+ * it, while CentOS/RHEL disable it by default and allow enabling it. */ + return ldsigs != NULL ? ldsigs->allowed : 0; +} + @@ -372,29 +366,30 @@ index c5adbf8002..52ed52482d 100644 if (md == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 4018a772ff..80e4115b69 100644 +index 4018a772ff..04d4009ab5 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -197,13 +197,16 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, +@@ -197,13 +197,15 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, goto err; } md_nid = ossl_digest_get_approved_nid(md); -+ - #ifdef FIPS_MODULE +-#ifdef FIPS_MODULE - if (md_nid == NID_undef) { ++ + md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); -+ if (md_nid <= 0) { ++ /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/ ++ if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); goto err; } - #endif +-#endif + /* XOF digests don't work */ if (EVP_MD_xof(md)) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index e75b90840b..c4740128ce 100644 +index e75b90840b..645304b951 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -26,6 +26,7 @@ @@ -423,18 +418,7 @@ index e75b90840b..c4740128ce 100644 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); goto err; -@@ -475,8 +478,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; - } -- /* The default for mgf1 is SHA1 - so allow SHA1 */ -+ /* The default for mgf1 is SHA1 - so check if we allow SHA1 */ - if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0 -+ || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0 - || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { - if (mdnid <= 0) - ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, -@@ -1765,8 +1769,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1765,8 +1768,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL diff --git a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch index 3478880..18010e2 100644 --- a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch +++ b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch @@ -1,7 +1,7 @@ -From 3e20d4430b34488a06102c30634e7d25d2699290 Mon Sep 17 00:00:00 2001 +From 16fdb39036e7e8438c5b97359818cd9bc472196f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:12:33 -0500 -Subject: [PATCH 17/50] FIPS: Red Hat's FIPS module name and version +Subject: [PATCH 17/58] FIPS: Red Hat's FIPS module name and version Signed-off-by: Simo Sorce --- diff --git a/0018-FIPS-disable-fipsinstall.patch b/0018-FIPS-disable-fipsinstall.patch index 875aa37..3079823 100644 --- a/0018-FIPS-disable-fipsinstall.patch +++ b/0018-FIPS-disable-fipsinstall.patch @@ -1,7 +1,7 @@ -From 50de3f0a5f2023549aaa9caa2184795e692741b0 Mon Sep 17 00:00:00 2001 +From f40c27149fd5bb1864d069b3d116ffd88cca5f2f Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 18/50] FIPS: disable fipsinstall +Subject: [PATCH 18/58] FIPS: disable fipsinstall Patch-name: 0034.fipsinstall_disable.patch Patch-id: 34 diff --git a/0019-FIPS-Force-fips-provider-on.patch b/0019-FIPS-Force-fips-provider-on.patch index 08e2432..6bcd040 100644 --- a/0019-FIPS-Force-fips-provider-on.patch +++ b/0019-FIPS-Force-fips-provider-on.patch @@ -1,7 +1,7 @@ -From a5f2ab969455d591327ea41cac9ffb64234ca38c Mon Sep 17 00:00:00 2001 +From ad031aa2b8ec4042b0081f4179b8a05131bd52df Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 19/50] FIPS: Force fips provider on +Subject: [PATCH 19/58] FIPS: Force fips provider on Patch-name: 0032-Force-fips.patch Patch-id: 32 diff --git a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch index 62f5058..528588e 100644 --- a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch +++ b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch @@ -1,7 +1,7 @@ -From 01427603bda0c44624b57c284e731c539828444e Mon Sep 17 00:00:00 2001 +From ee1a3977388a9ec10aa4998beb67d8e3b4bfdd9e Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 20/50] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE +Subject: [PATCH 20/58] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE Corrected by squashing in: 0052-Restore-the-correct-verify_integrity-function.patch diff --git a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch index 3f894dc..2931295 100644 --- a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch +++ b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch @@ -1,7 +1,7 @@ -From e5fa1a36fb4786a29e5e0ffcafc1198a18ef2a1c Mon Sep 17 00:00:00 2001 +From c202200bda962300ebc7d19e62ea0df734488c0c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 20 Feb 2025 15:30:32 -0500 -Subject: [PATCH 21/50] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so +Subject: [PATCH 21/58] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so This script rewrites the fips.so binary to embed the hmac result into it so that after a build it can be called to make the fips.so as modified diff --git a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch index 1058cf5..fafbff9 100644 --- a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch +++ b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch @@ -1,7 +1,7 @@ -From 2c0a4a02d274997dcc969ec8a7f13922aa3a4d7b Mon Sep 17 00:00:00 2001 +From d0ad196c07d223cbb1dd2419b1ec0b0e4458febb Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 22/50] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW +Subject: [PATCH 22/58] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW Patch-name: 0047-FIPS-early-KATS.patch Patch-id: 47 diff --git a/0023-FIPS-RSA-encrypt-limits-REVIEW.patch b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch index 5fa29ca..1a38677 100644 --- a/0023-FIPS-RSA-encrypt-limits-REVIEW.patch +++ b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch @@ -1,7 +1,7 @@ -From e3def0e0439297fdfb9d17ede9f5e38e829d5d86 Mon Sep 17 00:00:00 2001 +From 19617bb4a510d73e5080d026d22b06b637a6ad1a Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 23/50] FIPS: RSA: encrypt limits - REVIEW +Subject: [PATCH 23/58] FIPS: RSA: encrypt limits - REVIEW Patch-name: 0058-FIPS-limit-rsa-encrypt.patch Patch-id: 58 diff --git a/0024-FIPS-RSA-PCTs.patch b/0024-FIPS-RSA-PCTs.patch index 08fdb73..bbc2ec7 100644 --- a/0024-FIPS-RSA-PCTs.patch +++ b/0024-FIPS-RSA-PCTs.patch @@ -1,7 +1,7 @@ -From 77fdffb56f9194fe81d7e91bf9a7ac06be02e250 Mon Sep 17 00:00:00 2001 +From 7cb38d617ceb819a58ac14b266787ad3d71f6206 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:50:37 -0400 -Subject: [PATCH 24/50] FIPS: RSA: PCTs +Subject: [PATCH 24/58] FIPS: RSA: PCTs Signed-off-by: Simo Sorce --- @@ -67,7 +67,7 @@ index 77d0950094..f0e71beb43 100644 BN_clear_free(gctx->pub_exp); OPENSSL_free(gctx); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index c4740128ce..b08c9685dd 100644 +index 645304b951..3d5af1046a 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -37,7 +37,7 @@ @@ -97,7 +97,7 @@ index c4740128ce..b08c9685dd 100644 { PROV_RSA_CTX *prsactx = NULL; char *propq_copy = NULL; -@@ -1317,7 +1317,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, +@@ -1316,7 +1316,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, return ok; } @@ -106,7 +106,7 @@ index c4740128ce..b08c9685dd 100644 { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -1867,6 +1867,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) +@@ -1866,6 +1866,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) return EVP_MD_settable_ctx_params(prsactx->md); } diff --git a/0025-FIPS-RSA-encapsulate-limits.patch b/0025-FIPS-RSA-encapsulate-limits.patch index 65f4d51..18d5e4c 100644 --- a/0025-FIPS-RSA-encapsulate-limits.patch +++ b/0025-FIPS-RSA-encapsulate-limits.patch @@ -1,7 +1,7 @@ -From 1ba2caa0c71e45e5ccc9cec2e389d3ee7c68a252 Mon Sep 17 00:00:00 2001 +From 158637448165abbde8d4b0c24bf4344744b79adc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 25/50] FIPS: RSA: encapsulate limits +Subject: [PATCH 25/58] FIPS: RSA: encapsulate limits Patch-name: 0091-FIPS-RSA-encapsulate.patch Patch-id: 91 diff --git a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch index 6211eab..00513c7 100644 --- a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch +++ b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch @@ -1,7 +1,7 @@ -From 3b61e3b98c1c0110e9c55fb14a967c69d8efdda8 Mon Sep 17 00:00:00 2001 +From 9595ceef9fe9a45fca1f970706077712dbb9287f Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 26/50] FIPS: RSA: Disallow SHAKE in OAEP and PSS +Subject: [PATCH 26/58] FIPS: RSA: Disallow SHAKE in OAEP and PSS According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms must not be used in higher-level algorithms (such as RSA-OAEP and diff --git a/0027-FIPS-RSA-size-mode-restrictions.patch b/0027-FIPS-RSA-size-mode-restrictions.patch index dd1e11e..8a572a7 100644 --- a/0027-FIPS-RSA-size-mode-restrictions.patch +++ b/0027-FIPS-RSA-size-mode-restrictions.patch @@ -1,21 +1,21 @@ -From 8cb662f002e33c6fb99b96ef24733e16e3dc48ad Mon Sep 17 00:00:00 2001 +From 47cf5bdab3a46ecffd3100330781e6c297e83d66 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:20:30 -0500 -Subject: [PATCH 27/50] FIPS: RSA: size/mode restrictions +Subject: [PATCH 27/58] FIPS: RSA: size/mode restrictions Signed-off-by: Simo Sorce --- providers/implementations/signature/rsa_sig.c | 26 +++++++++ - ssl/ssl_ciph.c | 3 + - test/recipes/30-test_evp_data/evppkey_rsa.txt | 55 ++++++++++++++++++- + ssl/ssl_ciph.c | 3 ++ + test/recipes/30-test_evp_data/evppkey_rsa.txt | 53 +++++++++++++++++++ .../30-test_evp_data/evppkey_rsa_common.txt | 8 +-- - 4 files changed, 87 insertions(+), 5 deletions(-) + 4 files changed, 86 insertions(+), 4 deletions(-) diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index b08c9685dd..0e0810f60a 100644 +index 3d5af1046a..09c202f87c 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -940,6 +940,19 @@ static int rsa_verify_recover(void *vprsactx, +@@ -939,6 +939,19 @@ static int rsa_verify_recover(void *vprsactx, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -35,7 +35,7 @@ index b08c9685dd..0e0810f60a 100644 if (!ossl_prov_is_running()) return 0; -@@ -1034,6 +1047,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, +@@ -1033,6 +1046,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, const unsigned char *tbs, size_t tbslen) { size_t rslen; @@ -70,25 +70,15 @@ index 19420d6c6a..5ab1ccee93 100644 * We ignore any errors from the fetches below. They are expected to fail * if these algorithms are not available. diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt -index f1dc5dd2a2..103556c750 100644 +index f1dc5dd2a2..6ae973eaac 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt -@@ -268,8 +268,8 @@ TwIDAQAB +@@ -268,8 +268,19 @@ TwIDAQAB PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT -- - # Wrong MGF1 digest ++# Wrong MGF1 digest +Availablein = default - Verify = RSA-2048 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_pss_saltlen:0 -@@ -279,7 +279,19 @@ Input="0123456789ABCDEF0123456789ABCDEF" - Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A - Result = VERIFY_ERROR - -+# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify -+Availablein = fips +Verify = RSA-2048 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:0 @@ -96,8 +86,16 @@ index f1dc5dd2a2..103556c750 100644 +Ctrl = rsa_mgf1_md:sha1 +Input="0123456789ABCDEF0123456789ABCDEF" +Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A -+Result = PKEY_CTRL_ERROR -+ ++Result = VERIFY_ERROR + + # Wrong MGF1 digest ++Availablein = fips + Verify = RSA-2048 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:0 +@@ -280,6 +291,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD + Result = VERIFY_ERROR + # Verify using default parameters +Availablein = default Verify = RSA-PSS-DEFAULT diff --git a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch index fd145cf..07fe304 100644 --- a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch +++ b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch @@ -1,7 +1,7 @@ -From 325fb1b9829a5731d9807161f077dae684fa58cb Mon Sep 17 00:00:00 2001 +From ae1fcbd1129fc53d4ac72148696efd126e574453 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 11:03:45 -0400 -Subject: [PATCH 28/50] FIPS: RSA: Mark x931 as not approved by default +Subject: [PATCH 28/58] FIPS: RSA: Mark x931 as not approved by default Signed-off-by: Simo Sorce --- diff --git a/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch index 464bf1a..d6de25f 100644 --- a/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch +++ b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch @@ -1,7 +1,7 @@ -From 004971c02760bcddb77954b90a2be4aeeb70ec22 Mon Sep 17 00:00:00 2001 +From 4ce72cfe8d1e0b37e882766b449af109d9e7c3f8 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 29/50] FIPS: RSA: Remove X9.31 padding signatures tests +Subject: [PATCH 29/58] FIPS: RSA: Remove X9.31 padding signatures tests The current draft of FIPS 186-5 [1] no longer contains specifications for X9.31 signature padding. Instead, it contains the following diff --git a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch index 86d09d0..f89bbfb 100644 --- a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch +++ b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch @@ -1,7 +1,7 @@ -From 0d8ac9675eaaf3eaded5f7d2ec304be022eacd10 Mon Sep 17 00:00:00 2001 +From 3a9f2ccf8120cbf5b854a403926dce2d772f5f78 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 12 Feb 2025 17:12:02 -0500 -Subject: [PATCH 30/50] FIPS: RSA: NEEDS-REWORK: +Subject: [PATCH 30/58] FIPS: RSA: NEEDS-REWORK: FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed Signed-off-by: Simo Sorce diff --git a/0031-FIPS-Deny-SHA-1-signature-verification.patch b/0031-FIPS-Deny-SHA-1-signature-verification.patch index 15ecd81..0adf37a 100644 --- a/0031-FIPS-Deny-SHA-1-signature-verification.patch +++ b/0031-FIPS-Deny-SHA-1-signature-verification.patch @@ -1,7 +1,7 @@ -From 446e3e1ec006a55206881c5e7e658918e104a972 Mon Sep 17 00:00:00 2001 +From 9b198c3634fd3871dd535389e7b7c2379f6934fb Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 31/50] FIPS: Deny SHA-1 signature verification +Subject: [PATCH 31/58] FIPS: Deny SHA-1 signature verification For RHEL, we already disable SHA-1 signatures by default in the default provider, so it is unexpected that the FIPS provider would have a more @@ -57,10 +57,10 @@ index 52ed52482d..0d3050dbe9 100644 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 80e4115b69..096d944896 100644 +index 04d4009ab5..4e46eaf9bc 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -215,9 +215,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, +@@ -214,9 +214,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, #ifdef FIPS_MODULE { @@ -72,7 +72,7 @@ index 80e4115b69..096d944896 100644 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 0e0810f60a..ac3888a1b9 100644 +index 09c202f87c..014b17fe49 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, @@ -86,7 +86,7 @@ index 0e0810f60a..ac3888a1b9 100644 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, -@@ -1796,11 +1794,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1795,11 +1793,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (prsactx->md == NULL && pmdname == NULL && pad_mode == RSA_PKCS1_PSS_PADDING) { diff --git a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch index 532719c..a20b46e 100644 --- a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch +++ b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch @@ -1,7 +1,7 @@ -From f33528e229063b98748943d2fddaf83426fcb8eb Mon Sep 17 00:00:00 2001 +From 39c7eb2e82b9df4ffe58d8e05fbdb9115dde50cc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 32/50] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW +Subject: [PATCH 32/58] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW providers/implementations/rands/crngt.c is gone diff --git a/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch index 140b42b..fa87558 100644 --- a/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch +++ b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch @@ -1,7 +1,7 @@ -From c5a417c02dc6f50b8886eac366650c0f0bee38a0 Mon Sep 17 00:00:00 2001 +From 92c90300747de60df2e805b9fe78fa016f5fd49e Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 33/50] FIPS: RAND: Forbid truncated hashes & SHA-3 +Subject: [PATCH 33/58] FIPS: RAND: Forbid truncated hashes & SHA-3 Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs" of the Implementation Guidance for FIPS 140-3 [1] notes that there is no diff --git a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch index a9e94ce..2aa30cc 100644 --- a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch +++ b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch @@ -1,7 +1,7 @@ -From 07db6d2bc68c37db2c8b00225c42e3c2e3c8b6cc Mon Sep 17 00:00:00 2001 +From 5d5521b81a6714c88438e4f1fb0cf30096a0b0b6 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 34/50] FIPS: PBKDF2: Set minimum password length +Subject: [PATCH 34/58] FIPS: PBKDF2: Set minimum password length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0035-FIPS-DH-PCT.patch b/0035-FIPS-DH-PCT.patch index f4ebd31..a22cfa9 100644 --- a/0035-FIPS-DH-PCT.patch +++ b/0035-FIPS-DH-PCT.patch @@ -1,7 +1,7 @@ -From 4201d6a3b23e14885f2703c705166c68db6351ab Mon Sep 17 00:00:00 2001 +From 1f54210f4e4de1f2143d02f6d0b56cc388b617cd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:49:00 -0400 -Subject: [PATCH 35/50] FIPS: DH: PCT +Subject: [PATCH 35/58] FIPS: DH: PCT Signed-off-by: Simo Sorce --- diff --git a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch index c86fcaa..0b2dd30 100644 --- a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch +++ b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch @@ -1,7 +1,7 @@ -From ea3020727f873e14b4ee4c7f94dfa038d4777319 Mon Sep 17 00:00:00 2001 +From 863cb10f0add28b1d82ec3042d2e7b418169b48a Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 36/50] FIPS: DH: Disable FIPS 186-4 type parameters +Subject: [PATCH 36/58] FIPS: DH: Disable FIPS 186-4 type parameters For DH parameter and key pair generation/verification, the DSA procedures specified in FIPS 186-4 are used. With the release of FIPS diff --git a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch index 2415b7b..8c0e545 100644 --- a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch +++ b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch @@ -1,7 +1,7 @@ -From 39afccf3c978a35d1a2d3ebd072d3d1a7a0d0e09 Mon Sep 17 00:00:00 2001 +From 900d90fa1e34bfbbfcc91face57680c0424f2014 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 37/50] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE +Subject: [PATCH 37/58] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code change the option to enforce it seem to be available only in FIPS build diff --git a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch index 3465171..3e93713 100644 --- a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch +++ b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch @@ -1,7 +1,7 @@ -From e1d57286ca07c3d89018d3c4368bed420f5c454a Mon Sep 17 00:00:00 2001 +From a227572868569ba87b9aef722a8d981ad5feb11b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:08:34 -0500 -Subject: [PATCH 38/50] FIPS: CMS: Set default padding to OAEP +Subject: [PATCH 38/58] FIPS: CMS: Set default padding to OAEP From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe --- diff --git a/0039-FIPS-PKCS12-PBMAC1-defaults.patch b/0039-FIPS-PKCS12-PBMAC1-defaults.patch index fa3e3b4..5d7be3e 100644 --- a/0039-FIPS-PKCS12-PBMAC1-defaults.patch +++ b/0039-FIPS-PKCS12-PBMAC1-defaults.patch @@ -1,7 +1,7 @@ -From db948b9f36c27a72595eb81633d787e6c95977b4 Mon Sep 17 00:00:00 2001 +From 6ca4910fa964f135e5a18b31502bddef3aef1304 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:16:29 -0500 -Subject: [PATCH 39/50] FIPS: PKCS12: PBMAC1 defaults +Subject: [PATCH 39/58] FIPS: PKCS12: PBMAC1 defaults From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708 --- diff --git a/0040-FIPS-Fix-encoder-decoder-negative-test.patch b/0040-FIPS-Fix-encoder-decoder-negative-test.patch index d94c9ec..762757c 100644 --- a/0040-FIPS-Fix-encoder-decoder-negative-test.patch +++ b/0040-FIPS-Fix-encoder-decoder-negative-test.patch @@ -1,7 +1,7 @@ -From c49eb02a6c08ab8398688e609a6c1681b86c24e0 Mon Sep 17 00:00:00 2001 +From fe12acbd953da37dd25e8abca64582c9bdeadf3c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 5 Mar 2025 13:22:03 -0500 -Subject: [PATCH 40/50] FIPS: Fix encoder/decoder negative test +Subject: [PATCH 40/58] FIPS: Fix encoder/decoder negative test Signed-off-by: Simo Sorce --- diff --git a/0041-FIPS-EC-DH-DSA-PCTs.patch b/0041-FIPS-EC-DH-DSA-PCTs.patch index 25ea8c1..8770f3e 100644 --- a/0041-FIPS-EC-DH-DSA-PCTs.patch +++ b/0041-FIPS-EC-DH-DSA-PCTs.patch @@ -1,7 +1,7 @@ -From ad8a02985f28b1ead7169ca20dca010113f52250 Mon Sep 17 00:00:00 2001 +From a4fc741bd6e43b301121f01ef7c823a589faad39 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:50:06 -0400 -Subject: [PATCH 41/50] FIPS: EC: DH/DSA PCTs +Subject: [PATCH 41/58] FIPS: EC: DH/DSA PCTs Signed-off-by: Simo Sorce --- @@ -100,7 +100,7 @@ index 9421aabb14..77531c4b59 100644 EC_GROUP_free(gctx->gen_group); BN_free(gctx->p); diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 096d944896..34fb3aa56e 100644 +index 4e46eaf9bc..4d7c25728a 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -33,7 +33,7 @@ @@ -130,7 +130,7 @@ index 096d944896..34fb3aa56e 100644 { PROV_ECDSA_CTX *ctx; -@@ -613,7 +613,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, +@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, return ok; } @@ -139,7 +139,7 @@ index 096d944896..34fb3aa56e 100644 { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; -@@ -862,6 +862,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) +@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) return EVP_MD_settable_ctx_params(ctx->md); } diff --git a/0042-FIPS-EC-disable-weak-curves.patch b/0042-FIPS-EC-disable-weak-curves.patch index 7c0a5a2..7d89757 100644 --- a/0042-FIPS-EC-disable-weak-curves.patch +++ b/0042-FIPS-EC-disable-weak-curves.patch @@ -1,7 +1,7 @@ -From 998f0c96eb674c2647bfead8b925f3599be3bd0a Mon Sep 17 00:00:00 2001 +From c3f3de074f9140dd8f5833f7fe3e751ac0838323 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:06:36 -0500 -Subject: [PATCH 42/50] FIPS: EC: disable weak curves +Subject: [PATCH 42/58] FIPS: EC: disable weak curves Signed-off-by: Simo Sorce --- diff --git a/0043-FIPS-NO-DSA-Support.patch b/0043-FIPS-NO-DSA-Support.patch index e3471ec..bf39c28 100644 --- a/0043-FIPS-NO-DSA-Support.patch +++ b/0043-FIPS-NO-DSA-Support.patch @@ -1,7 +1,7 @@ -From 64467bd0ad1bf2a0c1a67462a27e405632704026 Mon Sep 17 00:00:00 2001 +From d923f8b4531718ede24814722a0c0f0f912dca7c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:10:52 -0500 -Subject: [PATCH 43/50] FIPS: NO DSA Support +Subject: [PATCH 43/58] FIPS: NO DSA Support Signed-off-by: Simo Sorce --- diff --git a/0044-FIPS-NO-DES-support.patch b/0044-FIPS-NO-DES-support.patch index a117127..2e49a80 100644 --- a/0044-FIPS-NO-DES-support.patch +++ b/0044-FIPS-NO-DES-support.patch @@ -1,7 +1,7 @@ -From 88abbb0a30dd2d990992c769eaad71f6c6764237 Mon Sep 17 00:00:00 2001 +From ca860bb5c16d9a96afb32e025b54db76e5f8cfd3 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:15:13 -0500 -Subject: [PATCH 44/50] FIPS: NO DES support +Subject: [PATCH 44/58] FIPS: NO DES support Signed-off-by: Simo Sorce --- diff --git a/0045-FIPS-NO-Kmac.patch b/0045-FIPS-NO-Kmac.patch index 5abcbc0..bf948cf 100644 --- a/0045-FIPS-NO-Kmac.patch +++ b/0045-FIPS-NO-Kmac.patch @@ -1,7 +1,7 @@ -From 77495dcfb162a588e9121305e798997c687862cd Mon Sep 17 00:00:00 2001 +From 3928272f2d86188ef8796c7d18b1ec7d617cae97 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:22:07 -0500 -Subject: [PATCH 45/50] FIPS: NO Kmac +Subject: [PATCH 45/58] FIPS: NO Kmac Signed-off-by: Simo Sorce --- diff --git a/0046-FIPS-NO-PQ-ML-SLH-DSA.patch b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch index 503a515..5822c05 100644 --- a/0046-FIPS-NO-PQ-ML-SLH-DSA.patch +++ b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch @@ -1,7 +1,7 @@ -From 5de6758ff6d27df266280e8df7f587d7deba6d92 Mon Sep 17 00:00:00 2001 +From a6dce07d8e44e79dc3db9538d269bbbc903a8e15 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:24:36 -0500 -Subject: [PATCH 46/50] FIPS: NO PQ (ML/SLH-DSA) +Subject: [PATCH 46/58] FIPS: NO PQ (ML/SLH-DSA) Signed-off-by: Simo Sorce --- diff --git a/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch index 16d336c..d593bc5 100644 --- a/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch +++ b/0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch @@ -1,7 +1,7 @@ -From 7996dc097918cf09350312d5ee04c727c3cd42ac Mon Sep 17 00:00:00 2001 +From 50c0087bdd6c15e2c63c8324f35221fd45a10518 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 10 Mar 2025 13:52:50 -0400 -Subject: [PATCH 47/50] FIPS: Fix some tests due to our versioning change +Subject: [PATCH 47/58] FIPS: Fix some tests due to our versioning change Signed-off-by: Simo Sorce --- diff --git a/0048-Current-Rebase-status.patch b/0048-Current-Rebase-status.patch index a130864..4c64f0a 100644 --- a/0048-Current-Rebase-status.patch +++ b/0048-Current-Rebase-status.patch @@ -1,7 +1,7 @@ -From d2068b5ee18ccb9014bc49e71be49e467f1bf07f Mon Sep 17 00:00:00 2001 +From 3bc3a6514c078564ac8addbdf24172a5fb90f4d7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 12 Feb 2025 17:25:47 -0500 -Subject: [PATCH 48/50] Current Rebase status +Subject: [PATCH 48/58] Current Rebase status Signed-off-by: Simo Sorce --- diff --git a/0049-FIPS-KDF-key-lenght-errors.patch b/0049-FIPS-KDF-key-lenght-errors.patch index e29f212..c557654 100644 --- a/0049-FIPS-KDF-key-lenght-errors.patch +++ b/0049-FIPS-KDF-key-lenght-errors.patch @@ -1,7 +1,7 @@ -From f9fb76834b0c471d770463e5d7d70f1e2fca3237 Mon Sep 17 00:00:00 2001 +From 573cde99e796fbd76f9be7f6a553c681abbfb55a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 14 Apr 2025 15:25:40 -0400 -Subject: [PATCH 49/50] FIPS: KDF key lenght errors +Subject: [PATCH 49/58] FIPS: KDF key lenght errors Signed-off-by: Simo Sorce --- diff --git a/0050-FIPS-fix-disallowed-digests-tests.patch b/0050-FIPS-fix-disallowed-digests-tests.patch index bd56dca..a062ce1 100644 --- a/0050-FIPS-fix-disallowed-digests-tests.patch +++ b/0050-FIPS-fix-disallowed-digests-tests.patch @@ -1,7 +1,7 @@ -From 7dc0e5c5dbab91874602bbe73a3c0b627283ff64 Mon Sep 17 00:00:00 2001 +From 48498bd445161f1d0fffb60bce8d9474acfe840b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 15 Apr 2025 13:41:42 -0400 -Subject: [PATCH 50/50] FIPS: fix disallowed digests tests +Subject: [PATCH 50/58] FIPS: fix disallowed digests tests Signed-off-by: Simo Sorce --- diff --git a/0051-Make-openssl-speed-run-in-FIPS-mode.patch b/0051-Make-openssl-speed-run-in-FIPS-mode.patch index f3874cb..6a232f0 100644 --- a/0051-Make-openssl-speed-run-in-FIPS-mode.patch +++ b/0051-Make-openssl-speed-run-in-FIPS-mode.patch @@ -1,7 +1,7 @@ -From e128762a1b1f047633e76022a6a8097cb88b49a6 Mon Sep 17 00:00:00 2001 +From 0895e273cacec26a4bd027bef7ab07bae12d9741 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 9 May 2025 15:09:46 +0200 -Subject: [PATCH 51/54] Make `openssl speed` run in FIPS mode +Subject: [PATCH 51/58] Make `openssl speed` run in FIPS mode --- apps/speed.c | 44 ++++++++++++++++++++++---------------------- diff --git a/0053-Backport-upstream-27483-for-PKCS11-needs.patch b/0052-Backport-upstream-27483-for-PKCS11-needs.patch similarity index 97% rename from 0053-Backport-upstream-27483-for-PKCS11-needs.patch rename to 0052-Backport-upstream-27483-for-PKCS11-needs.patch index f7ea623..afbce9a 100644 --- a/0053-Backport-upstream-27483-for-PKCS11-needs.patch +++ b/0052-Backport-upstream-27483-for-PKCS11-needs.patch @@ -1,7 +1,7 @@ -From d3152ec5d2c4e87bb15b669b5b128fe15515e51e Mon Sep 17 00:00:00 2001 +From 120558807e15d3cb2959020bacc928988e512a78 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 12 May 2025 14:34:39 +0200 -Subject: [PATCH 53/54] Backport upstream #27483 for PKCS11 needs +Subject: [PATCH 52/58] Backport upstream #27483 for PKCS11 needs --- .../implementations/skeymgmt/aes_skmgmt.c | 2 + diff --git a/0052-Fixup-forbid-SHA1.patch b/0052-Fixup-forbid-SHA1.patch deleted file mode 100644 index 3706183..0000000 --- a/0052-Fixup-forbid-SHA1.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a6b4af9d39e07457189147bd50fe6ee3e8e88b6d Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 12 May 2025 14:28:00 +0200 -Subject: [PATCH 52/54] Fixup - forbid SHA1 - ---- - crypto/context.c | 6 ------ - providers/implementations/signature/ecdsa_sig.c | 5 ++--- - 2 files changed, 2 insertions(+), 9 deletions(-) - -diff --git a/crypto/context.c b/crypto/context.c -index 6859146510..323615e300 100644 ---- a/crypto/context.c -+++ b/crypto/context.c -@@ -133,9 +133,6 @@ static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) - static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) - { - OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -- /* Warning: This patch differs from the same patch in CentOS and RHEL here, -- * because the default on Fedora is to allow SHA-1 and support disabling -- * it, while CentOS/RHEL disable it by default and allow enabling it. */ - ldsigs->allowed = 0; - return ldsigs; - } -@@ -770,9 +767,6 @@ int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconf - return 1; - #endif - -- /* Warning: This patch differs from the same patch in CentOS and RHEL here, -- * because the default on Fedora is to allow SHA-1 and support disabling -- * it, while CentOS/RHEL disable it by default and allow enabling it. */ - return ldsigs != NULL ? ldsigs->allowed : 0; - } - -diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 34fb3aa56e..4d7c25728a 100644 ---- a/providers/implementations/signature/ecdsa_sig.c -+++ b/providers/implementations/signature/ecdsa_sig.c -@@ -198,14 +198,13 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, - } - md_nid = ossl_digest_get_approved_nid(md); - --#ifdef FIPS_MODULE - md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); -- if (md_nid <= 0) { -+ /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/ -+ if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); - goto err; - } --#endif - - /* XOF digests don't work */ - if (EVP_MD_xof(md)) { --- -2.49.0 - diff --git a/0054-Red-Hat-9-FIPS-indicator-defines.patch b/0053-Red-Hat-9-FIPS-indicator-defines.patch similarity index 98% rename from 0054-Red-Hat-9-FIPS-indicator-defines.patch rename to 0053-Red-Hat-9-FIPS-indicator-defines.patch index f54ab1a..dea0da0 100644 --- a/0054-Red-Hat-9-FIPS-indicator-defines.patch +++ b/0053-Red-Hat-9-FIPS-indicator-defines.patch @@ -1,7 +1,7 @@ -From c6a6ec6d5cd9e74c78bb5167cf77c0f383bf177c Mon Sep 17 00:00:00 2001 +From ee9a3d993eb82f98e4670adc9ccb015065b81555 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 12 May 2025 16:21:23 +0200 -Subject: [PATCH 54/54] Red Hat 9 FIPS indicator defines +Subject: [PATCH 53/58] Red Hat 9 FIPS indicator defines --- include/openssl/evp.h | 15 +++++++++++++++ diff --git a/0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch b/0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch similarity index 93% rename from 0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch rename to 0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch index 4a91c03..cc3db16 100644 --- a/0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch +++ b/0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch @@ -1,7 +1,7 @@ -From 54eabd5b18433a4d624904193c7148e92cb3c9b0 Mon Sep 17 00:00:00 2001 +From 92e50723ae6aa29476b7ebb66d262f78677ee68d Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 7 Apr 2025 12:58:54 +0200 -Subject: [PATCH 55/57] crypto: disable OSSL_PARAM_REAL on UEFI +Subject: [PATCH 54/58] crypto: disable OSSL_PARAM_REAL on UEFI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0056-hashfunc-add-stddef.h-include.patch b/0055-hashfunc-add-stddef.h-include.patch similarity index 88% rename from 0056-hashfunc-add-stddef.h-include.patch rename to 0055-hashfunc-add-stddef.h-include.patch index 6873b27..7c894c0 100644 --- a/0056-hashfunc-add-stddef.h-include.patch +++ b/0055-hashfunc-add-stddef.h-include.patch @@ -1,7 +1,7 @@ -From b2770d12f3225982813bdc3fece7b541d0974793 Mon Sep 17 00:00:00 2001 +From fb8649ec423277d50936a6a7848a1b6705e208cc Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 7 Apr 2025 13:29:36 +0200 -Subject: [PATCH 56/57] hashfunc: add stddef.h include +Subject: [PATCH 55/58] hashfunc: add stddef.h include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0057-rio-add-RIO_POLL_METHOD_NONE.patch b/0056-rio-add-RIO_POLL_METHOD_NONE.patch similarity index 95% rename from 0057-rio-add-RIO_POLL_METHOD_NONE.patch rename to 0056-rio-add-RIO_POLL_METHOD_NONE.patch index dca288b..5c7b9c1 100644 --- a/0057-rio-add-RIO_POLL_METHOD_NONE.patch +++ b/0056-rio-add-RIO_POLL_METHOD_NONE.patch @@ -1,7 +1,7 @@ -From 48a4ffa48905d76b5bca24252de9697bb1a3ea86 Mon Sep 17 00:00:00 2001 +From 60699bc32870a3325a79234158740aac917b39a6 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 7 Apr 2025 14:06:28 +0200 -Subject: [PATCH 57/57] rio: add RIO_POLL_METHOD_NONE +Subject: [PATCH 56/58] rio: add RIO_POLL_METHOD_NONE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch b/0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch similarity index 94% rename from 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch rename to 0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch index 6aee57c..765a4f3 100644 --- a/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch +++ b/0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch @@ -1,7 +1,7 @@ -From 2b18a8b0c5b315083c49664101a103572d5592b6 Mon Sep 17 00:00:00 2001 +From d7ab338f85b55ed6aa6d0187123dbab8684551a5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 20 May 2025 16:34:10 +0200 -Subject: [PATCH 58/59] apps/x509.c: Fix the -addreject option adding trust +Subject: [PATCH 57/58] apps/x509.c: Fix the -addreject option adding trust instead of rejection Fixes CVE-2025-4575 diff --git a/0059-Fixup-permit-SHA1-as-MGF1-digest.patch b/0059-Fixup-permit-SHA1-as-MGF1-digest.patch deleted file mode 100644 index be1795f..0000000 --- a/0059-Fixup-permit-SHA1-as-MGF1-digest.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f23d51fb9c5cdc4ac271846ab322390bfd844760 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Thu, 22 May 2025 10:13:23 +0200 -Subject: [PATCH 59/59] Fixup - permit SHA1 as MGF1 digest - ---- - providers/implementations/signature/rsa_sig.c | 3 +-- - test/recipes/30-test_evp_data/evppkey_rsa.txt | 4 ++-- - 2 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index ac3888a1b9..014b17fe49 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -476,9 +476,8 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; - } -- /* The default for mgf1 is SHA1 - so check if we allow SHA1 */ -+ /* The default for mgf1 is SHA1 - so allow SHA1 */ - if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0 -- || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0 - || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { - if (mdnid <= 0) - ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, -diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt -index 103556c750..6ae973eaac 100644 ---- a/test/recipes/30-test_evp_data/evppkey_rsa.txt -+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt -@@ -279,7 +279,7 @@ Input="0123456789ABCDEF0123456789ABCDEF" - Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A - Result = VERIFY_ERROR - --# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify -+# Wrong MGF1 digest - Availablein = fips - Verify = RSA-2048 - Ctrl = rsa_padding_mode:pss -@@ -288,7 +288,7 @@ Ctrl = digest:sha256 - Ctrl = rsa_mgf1_md:sha1 - Input="0123456789ABCDEF0123456789ABCDEF" - Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A --Result = PKEY_CTRL_ERROR -+Result = VERIFY_ERROR - - # Verify using default parameters - Availablein = default --- -2.49.0 - diff --git a/0060-Fixup-no-dup-versions-for-UEFI.patch b/0060-Fixup-no-dup-versions-for-UEFI.patch deleted file mode 100644 index dd5f4d9..0000000 --- a/0060-Fixup-no-dup-versions-for-UEFI.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 8f95c832f03005c903a6a990cee49346c556be0f Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Thu, 22 May 2025 13:22:12 +0200 -Subject: [PATCH 60/60] Fixup - no dup versions for UEFI - ---- - crypto/evp/digest.c | 2 +- - crypto/evp/evp_enc.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 3c80b9dfe1..8ee9db73dd 100644 ---- a/crypto/evp/digest.c -+++ b/crypto/evp/digest.c -@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) - } - - EVP_MD_CTX --#if !defined(FIPS_MODULE) -+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) - __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) - #endif -diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index 7c51786515..619cf4f385 100644 ---- a/crypto/evp/evp_enc.c -+++ b/crypto/evp/evp_enc.c -@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) - } - - EVP_CIPHER_CTX --#if !defined(FIPS_MODULE) -+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) - __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) - #endif --- -2.49.0 - diff --git a/openssl.spec b/openssl.spec index 4dbf3ad..c7f09fb 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.0 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -91,15 +91,12 @@ Patch0048: 0048-Current-Rebase-status.patch Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch -Patch0052: 0052-Fixup-forbid-SHA1.patch -Patch0053: 0053-Backport-upstream-27483-for-PKCS11-needs.patch -Patch0054: 0054-Red-Hat-9-FIPS-indicator-defines.patch -Patch0055: 0055-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch -Patch0056: 0056-hashfunc-add-stddef.h-include.patch -Patch0057: 0057-rio-add-RIO_POLL_METHOD_NONE.patch -Patch0058: 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch -Patch0059: 0059-Fixup-permit-SHA1-as-MGF1-digest.patch -Patch0060: 0060-Fixup-no-dup-versions-for-UEFI.patch +Patch0052: 0052-Backport-upstream-27483-for-PKCS11-needs.patch +Patch0053: 0053-Red-Hat-9-FIPS-indicator-defines.patch +Patch0054: 0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch +Patch0055: 0055-hashfunc-add-stddef.h-include.patch +Patch0056: 0056-rio-add-RIO_POLL_METHOD_NONE.patch +Patch0057: 0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -438,6 +435,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Mon Jun 02 2025 Dmitry Belyavskiy - 1:3.5.0-5 +- Compact patches for better maintainability + Related: RHEL-80811 + * Thu May 22 2025 Dmitry Belyavskiy - 1:3.5.0-4 - Fix regressions caused by rebase to OpenSSL 3.5 Related: RHEL-80811 From 1e7815b2cfebe92137fc52349e5688e0d81292ea Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Tue, 3 Jun 2025 17:30:09 +0200 Subject: [PATCH 2/3] Make hybrid MLKEM work with our FIPS provider (3.0.7) Resolves: RHEL-94614 --- 0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch | 302 +++++++++++++++++++++ openssl.spec | 5 + 2 files changed, 307 insertions(+) create mode 100644 0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch diff --git a/0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch b/0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch new file mode 100644 index 0000000..b139ecc --- /dev/null +++ b/0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch @@ -0,0 +1,302 @@ +From 26ad3b905a6d4b1fa50b304f21f67aa0d35265e9 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 30 May 2025 16:17:37 +0200 +Subject: [PATCH 58/58] Allow hybrid MLKEM in FIPS mode + +--- + crypto/ml_kem/ml_kem.c | 11 ++-- + include/crypto/ml_kem.h | 2 + + providers/defltprov.c | 8 +-- + providers/implementations/kem/mlx_kem.c | 33 +++++++++- + providers/implementations/keymgmt/mlx_kmgmt.c | 61 ++++++++++++++++++- + 5 files changed, 103 insertions(+), 12 deletions(-) + +diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c +index ec75233435..8d0cc1a82c 100644 +--- a/crypto/ml_kem/ml_kem.c ++++ b/crypto/ml_kem/ml_kem.c +@@ -1581,6 +1581,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, + { + const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type); + ML_KEM_KEY *key; ++ char *adjusted_propq = NULL; + + if (vinfo == NULL) + return NULL; +@@ -1588,15 +1589,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, + if ((key = OPENSSL_malloc(sizeof(*key))) == NULL) + return NULL; + ++ adjusted_propq = get_adjusted_propq(properties); + key->vinfo = vinfo; + key->libctx = libctx; + key->prov_flags = ML_KEM_KEY_PROV_FLAGS_DEFAULT; +- key->shake128_md = EVP_MD_fetch(libctx, "SHAKE128", properties); +- key->shake256_md = EVP_MD_fetch(libctx, "SHAKE256", properties); +- key->sha3_256_md = EVP_MD_fetch(libctx, "SHA3-256", properties); +- key->sha3_512_md = EVP_MD_fetch(libctx, "SHA3-512", properties); ++ key->shake128_md = EVP_MD_fetch(libctx, "SHAKE128", adjusted_propq ? adjusted_propq : properties); ++ key->shake256_md = EVP_MD_fetch(libctx, "SHAKE256", adjusted_propq ? adjusted_propq : properties); ++ key->sha3_256_md = EVP_MD_fetch(libctx, "SHA3-256", adjusted_propq ? adjusted_propq : properties); ++ key->sha3_512_md = EVP_MD_fetch(libctx, "SHA3-512", adjusted_propq ? adjusted_propq : properties); + key->d = key->z = key->rho = key->pkhash = key->encoded_dk = NULL; + key->s = key->m = key->t = NULL; ++ OPENSSL_free(adjusted_propq); + + if (key->shake128_md != NULL + && key->shake256_md != NULL +diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h +index 67d55697e9..ab1aaae8ac 100644 +--- a/include/crypto/ml_kem.h ++++ b/include/crypto/ml_kem.h +@@ -278,4 +278,6 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen, + __owur + int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2); + ++char *get_adjusted_propq(const char *propq); ++ + #endif /* OPENSSL_HEADER_ML_KEM_H */ +diff --git a/providers/defltprov.c b/providers/defltprov.c +index eee2178b41..0dba017f3f 100644 +--- a/providers/defltprov.c ++++ b/providers/defltprov.c +@@ -517,8 +517,8 @@ static const OSSL_ALGORITHM deflt_asym_kem[] = { + { "X448MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions }, + # endif + # if !defined(OPENSSL_NO_EC) +- { "SecP256r1MLKEM768", "provider=default", ossl_mlx_kem_asym_kem_functions }, +- { "SecP384r1MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions }, ++ { "SecP256r1MLKEM768", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions }, ++ { "SecP384r1MLKEM1024", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions }, + # endif + #endif + { NULL, NULL, NULL } +@@ -597,9 +597,9 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { + PROV_DESCS_X448MLKEM1024 }, + # endif + # if !defined(OPENSSL_NO_EC) +- { PROV_NAMES_SecP256r1MLKEM768, "provider=default", ossl_mlx_p256_kem_kmgmt_functions, ++ { PROV_NAMES_SecP256r1MLKEM768, "provider=default,fips=yes", ossl_mlx_p256_kem_kmgmt_functions, + PROV_DESCS_SecP256r1MLKEM768 }, +- { PROV_NAMES_SecP384r1MLKEM1024, "provider=default", ossl_mlx_p384_kem_kmgmt_functions, ++ { PROV_NAMES_SecP384r1MLKEM1024, "provider=default,fips=yes", ossl_mlx_p384_kem_kmgmt_functions, + PROV_DESCS_SecP384r1MLKEM1024 }, + # endif + #endif +diff --git a/providers/implementations/kem/mlx_kem.c b/providers/implementations/kem/mlx_kem.c +index 197c345d85..08fbf99a76 100644 +--- a/providers/implementations/kem/mlx_kem.c ++++ b/providers/implementations/kem/mlx_kem.c +@@ -19,6 +19,7 @@ + #include "prov/mlx_kem.h" + #include "prov/provider_ctx.h" + #include "prov/providercommon.h" ++#include + + static OSSL_FUNC_kem_newctx_fn mlx_kem_newctx; + static OSSL_FUNC_kem_freectx_fn mlx_kem_freectx; +@@ -103,6 +104,28 @@ mlx_kem_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + return 1; + } + ++char *get_adjusted_propq(const char *propq) ++{ ++ char *adjusted_propq = NULL; ++ const char *nofips = "-fips"; ++ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 : ++ strlen(nofips) + 1; ++ char *ptr = NULL; ++ ++ adjusted_propq = OPENSSL_zalloc(len); ++ if (adjusted_propq != NULL) { ++ ptr = adjusted_propq; ++ if (propq && strlen(propq) > 0) { ++ memcpy(ptr, propq, strlen(propq)); ++ ptr += strlen(propq); ++ *ptr = ','; ++ ptr++; ++ } ++ memcpy(ptr, nofips, strlen(nofips)); ++ } ++ return adjusted_propq; ++} ++ + static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, + unsigned char *shsec, size_t *slen) + { +@@ -115,6 +138,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, + uint8_t *sbuf; + int ml_kem_slot = key->xinfo->ml_kem_slot; + int ret = 0; ++ char *adjusted_propq = NULL; + + if (!mlx_kem_have_pubkey(key)) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); +@@ -167,7 +191,8 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, + encap_slen = ML_KEM_SHARED_SECRET_BYTES; + cbuf = ctext + ml_kem_slot * key->xinfo->pubkey_bytes; + sbuf = shsec + ml_kem_slot * key->xinfo->shsec_bytes; +- ctx = EVP_PKEY_CTX_new_from_pkey(key->libctx, key->mkey, key->propq); ++ adjusted_propq = get_adjusted_propq(key->propq); ++ ctx = EVP_PKEY_CTX_new_from_pkey(key->libctx, key->mkey, adjusted_propq ? adjusted_propq : key->propq); + if (ctx == NULL + || EVP_PKEY_encapsulate_init(ctx, NULL) <= 0 + || EVP_PKEY_encapsulate(ctx, cbuf, &encap_clen, sbuf, &encap_slen) <= 0) +@@ -237,6 +262,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, + end: + EVP_PKEY_free(xkey); + EVP_PKEY_CTX_free(ctx); ++ OPENSSL_free(adjusted_propq); + return ret; + } + +@@ -252,6 +278,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, + size_t decap_clen = key->minfo->ctext_bytes + key->xinfo->pubkey_bytes; + int ml_kem_slot = key->xinfo->ml_kem_slot; + int ret = 0; ++ char *adjusted_propq = NULL; + + if (!mlx_kem_have_prvkey(key)) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); +@@ -287,7 +314,8 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, + decap_slen = ML_KEM_SHARED_SECRET_BYTES; + cbuf = ctext + ml_kem_slot * key->xinfo->pubkey_bytes; + sbuf = shsec + ml_kem_slot * key->xinfo->shsec_bytes; +- ctx = EVP_PKEY_CTX_new_from_pkey(key->libctx, key->mkey, key->propq); ++ adjusted_propq = get_adjusted_propq(key->propq); ++ ctx = EVP_PKEY_CTX_new_from_pkey(key->libctx, key->mkey, adjusted_propq ? adjusted_propq : key->propq); + if (ctx == NULL + || EVP_PKEY_decapsulate_init(ctx, NULL) <= 0 + || EVP_PKEY_decapsulate(ctx, sbuf, &decap_slen, cbuf, decap_clen) <= 0) +@@ -325,6 +353,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, + end: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(xkey); ++ OPENSSL_free(adjusted_propq); + return ret; + } + +diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c +index bea8783276..aeef0c8f84 100644 +--- a/providers/implementations/keymgmt/mlx_kmgmt.c ++++ b/providers/implementations/keymgmt/mlx_kmgmt.c +@@ -156,6 +156,52 @@ typedef struct export_cb_arg_st { + size_t prvlen; + } EXPORT_CB_ARG; + ++#ifndef FIPS_MODULE ++# include ++# include ++static size_t decompress_pub_key(void *pub, size_t compressed_len, size_t decompressed_len) ++{ ++ EC_GROUP *group = NULL; ++ EC_POINT *point = NULL; ++ BN_CTX *ctx = NULL; ++ size_t len = compressed_len; ++ int group_nid = NID_undef; ++ ++ switch (len) { ++ case 33: ++ group_nid = NID_X9_62_prime256v1; ++ break; ++ case 49: ++ group_nid = NID_secp384r1; ++ break; ++ default: ++ return len; ++ break; ++ } ++ ++ ctx = BN_CTX_new(); ++ group = EC_GROUP_new_by_curve_name(group_nid); ++ if (ctx == NULL || group == NULL) ++ goto err; ++ ++ point = EC_POINT_new(group); ++ if (point == NULL) ++ goto err; ++ ++ if (!EC_POINT_oct2point(group, point, pub, len, ctx)) ++ goto err; ++ ++ len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, pub, decompressed_len, ctx); ++ ++err: ++ EC_POINT_free(point); ++ EC_GROUP_free(group); ++ BN_CTX_free(ctx); ++ ++ return len; ++} ++#endif ++ + /* Copy any exported key material into its storage slot */ + static int export_sub_cb(const OSSL_PARAM *params, void *varg) + { +@@ -176,6 +222,10 @@ static int export_sub_cb(const OSSL_PARAM *params, void *varg) + + if (OSSL_PARAM_get_octet_string(p, &pub, sub_arg->publen, &len) != 1) + return 0; ++#ifndef FIPS_MODULE ++ if (len < sub_arg->publen) ++ len = decompress_pub_key(pub, len, sub_arg->publen); ++#endif + if (len != sub_arg->publen) { + ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, + "Unexpected %s public key length %lu != %lu", +@@ -344,12 +394,14 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, + void *val; + int ml_kem_slot = key->xinfo->ml_kem_slot; + int ret = 0; ++ char *adjusted_propq = NULL; + + if (slot == ml_kem_slot) { + alg = key->minfo->algorithm_name; + ppkey = &key->mkey; + off = slot * xbytes; + len = mbytes; ++ adjusted_propq = get_adjusted_propq(propq); + } else { + alg = key->xinfo->algorithm_name; + group = (char *) key->xinfo->group_name; +@@ -359,7 +411,8 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, + } + val = (void *)(in + off); + +- if ((ctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propq)) == NULL ++ if ((ctx = EVP_PKEY_CTX_new_from_name(libctx, alg, ++ adjusted_propq ? adjusted_propq : propq)) == NULL + || EVP_PKEY_fromdata_init(ctx) <= 0) + goto err; + parr[0] = OSSL_PARAM_construct_octet_string(pname, val, len); +@@ -370,6 +423,7 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, + ret = 1; + + err: ++ OPENSSL_free(adjusted_propq); + EVP_PKEY_CTX_free(ctx); + return ret; + } +@@ -688,6 +742,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) + PROV_ML_KEM_GEN_CTX *gctx = vgctx; + MLX_KEY *key; + char *propq; ++ char *adjusted_propq = NULL; + + if (gctx == NULL + || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == +@@ -704,8 +759,10 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) + return key; + + /* For now, using the same "propq" for all components */ +- key->mkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, ++ adjusted_propq = get_adjusted_propq(propq); ++ key->mkey = EVP_PKEY_Q_keygen(key->libctx, adjusted_propq ? adjusted_propq : key->propq, + key->minfo->algorithm_name); ++ OPENSSL_free(adjusted_propq); + key->xkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, + key->xinfo->algorithm_name, + key->xinfo->group_name); +-- +2.49.0 + diff --git a/openssl.spec b/openssl.spec index c7f09fb..d7d9edd 100644 --- a/openssl.spec +++ b/openssl.spec @@ -97,6 +97,9 @@ Patch0054: 0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch Patch0055: 0055-hashfunc-add-stddef.h-include.patch Patch0056: 0056-rio-add-RIO_POLL_METHOD_NONE.patch Patch0057: 0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch +%if ( %{defined rhel} && (! %{defined centos}) ) +Patch0058: 0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch +%endif License: Apache-2.0 URL: http://www.openssl.org/ @@ -438,6 +441,8 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h * Mon Jun 02 2025 Dmitry Belyavskiy - 1:3.5.0-5 - Compact patches for better maintainability Related: RHEL-80811 +- Make hybrid MLKEM work with our FIPS provider (3.0.7) + Resolves: RHEL-94614 * Thu May 22 2025 Dmitry Belyavskiy - 1:3.5.0-4 - Fix regressions caused by rebase to OpenSSL 3.5 From 1d401560ac344b8b5dc472cd0f8bcfd009348b6c Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 4 Jun 2025 17:43:35 +0200 Subject: [PATCH 3/3] rebuilt Related: RHEL-80811 --- openssl.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index d7d9edd..aa7e159 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.0 -Release: 5%{?dist} +Release: 6%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -438,6 +438,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Wed Jun 04 2025 Dmitry Belyavskiy - 1:3.5.0-6 +- rebuilt + Related: RHEL-80811 + * Mon Jun 02 2025 Dmitry Belyavskiy - 1:3.5.0-5 - Compact patches for better maintainability Related: RHEL-80811