Commit Graph

89 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
87f109e9fb Use KAT for ECDSA signature tests
Resolves: rhbz#2069235
2022-05-16 18:54:17 +02:00
Dmitry Belyavskiy
69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
Resolves: rhbz#2063947
2022-05-12 13:45:42 +02:00
Dmitry Belyavskiy
b4d281e4de -config argument of openssl app should work properly
Resolves: rhbz#2083274
2022-05-12 13:29:27 +02:00
Dmitry Belyavskiy
1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
Resolves: rhbz#2058663
2022-05-06 17:41:32 +02:00
Dmitry Belyavskiy
4dc19fe033 Reworked patch forbidding explicit EC parameters
Resolves: rhbz#2066412
2022-05-06 16:51:28 +02:00
Clemens Lang
1447e64bc3 Include hash in FIPS module version
Include a hash of specfile, patches, and sources in the FIPS module
version. This should allow us to uniquely identify a build that we do,
so that we can be sure which specific binary is being submitted for
validation and was certified.

The previous solution used $(date +%Y%m%d), which had some risks related
to build server timezone and build date differences on different
architectures.

Resolves: rhbz#2070550
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-05-06 13:16:36 +02:00
Dmitry Belyavskiy
ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms
Resolves: rhbz#2081378
2022-05-05 17:34:49 +02:00
Dmitry Belyavskiy
6ba0e5efa3 When FIPS provider is in use, we forbid only some padding modes - spec
Resolves: rhbz#2053289
2022-05-02 18:33:35 +02:00
Dmitry Belyavskiy
067b6b249b When FIPS provider is in use, we forbid only some padding modes
Resolves: rhbz#2053289
2022-05-02 17:42:54 +02:00
Dmitry Belyavskiy
02c75e5a65 We dont'want totally forbid RSA encryption.
Related: rhbz#2053289
2022-05-02 15:54:28 +02:00
Clemens Lang
9afaa3d1f4 Fix regression in evp_pkey_name2type caused by tr_TR locale fix
Resolves: rhbz#2071631
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-04-28 13:39:35 +02:00
Dmitry Belyavskiy
a711ac2e4f Fix openssl curl error with LANG=tr_TR.utf8
Resolves: rhbz#2071631
2022-04-21 15:16:46 +02:00
Dmitry Belyavskiy
c0744a0cbf Temporary manual test 2022-04-21 13:20:27 +02:00
Dmitry Belyavskiy
7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport
Resolves: rhbz#2053289
2022-03-29 13:32:47 +02:00
Clemens Lang
93ff3f8fe5 Fix occasional internal error in TLS when DHE is used
Resolves: rhbz#2004915
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-22 13:04:16 +01:00
Clemens Lang
153f593fa6 Fix SHA1 certs in LEGACY without openssl lib ctxt
Resolves: rhbz#2065400
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-18 13:36:55 +01:00
Clemens Lang
4eb630f7d5 Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
Resolves: rhbz#2065400
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-18 09:27:51 +01:00
Dmitry Belyavskiy
03697fff80 CVE-2022-0778 fix
Resolves: rhbz#2062315
2022-03-16 15:03:25 +01:00
Clemens Lang
bc7dfd9722 Fix RSA PSS padding with SHA-1 disabled
Invocations of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING)
before setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
would fail with SHA-1 use in signatures disabled, because OpenSSL's
internal default for the digest was SHA-1.

This isn't documented in any of the manpages, hence we expect users to
always call both EVP_PKEY_CTX_set_rsa_padding() and
EVP_PKEY_CTX_set_signature_md(). We do not want set_rsa_padding() to
fail if users set a non-SHA-1 signature algorithm after setting the
padding mode, though, so change the internal default to SHA-256 if SHA-1
is disabled.

Resolves: rhbz#2062640
2022-03-10 13:29:29 +01:00
Clemens Lang
3c66c99bd5 Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
We want legacy policy to be able to talk to older RHEL that only
supports SHA1 signature algorithms, so allow SHA1 signatures even in
seclevel 2 if rh-allow-sha1-signatures is set to yes.

Resolves: rhbz#2060510
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-03-04 10:19:04 +01:00
Clemens Lang
ede38fcb54 Prevent use of SHA1 with ECDSA
providers/implementations/signature/{ec,}dsa_sig.c accept a NID_undef
digest, so to prevent SHA1 from working with ECDSA and DSA, we must
return a negative value in securitycheck.c.

Resolves: rhbz#2031742
2022-02-25 14:45:22 +01:00
Dmitry Belyavskiy
ea9f0a5726 OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Resolves: rhbz#1977867
2022-02-25 12:37:01 +01:00
Peter Robinson
849a9965ee Support KBKDF (NIST SP800-108) with an R value of 8bits Resolves: rhbz#2027261
Signed-off-by: Peter Robinson <pbrobinson@redhat.com>
2022-02-24 10:14:16 +00:00
Clemens Lang
53f53fedec Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-23 17:53:55 +01:00
Dmitry Belyavskiy
b33dfd3fc3 Spec bump
Resolves: rhbz#2031742
2022-02-23 11:47:25 +01:00
Clemens Lang
5a9ab1160e Allow SHA1 usage in HMAC in TLS
The EVP_DigestSign API is used in TLS to compute a SHA1 HMAC, which is
OK from our point of view, but was blocked so far. Modify
0049-Selectively-disallow-SHA1-signatures.patch to check the EVP_PKEY
type for HMAC (and TLS1-PRF and HKDF), and allow SHA1 for these cases.

Note that TLS1.1 signs a MD5-SHA1 hash with a private key, which does
not work with rh-allow-sha1-signatures = no, so the minimum TLS version
will be TLS 1.2.

Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-22 19:40:20 +01:00
Dmitry Belyavskiy
53b85f538c OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
Resolves: rhbz#1977867
2022-02-22 16:32:34 +01:00
Dmitry Belyavskiy
d79f404164 Allows non-fips KDF for PKCS#12
Related: rhbz#2049265
2022-02-22 16:30:16 +01:00
Clemens Lang
78fb78d307 Disable SHA1 signature creation and verification by default
Set rh-allow-sha1-signatures = yes to re-enable

Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-22 12:25:35 +01:00
Sahana Prasad
0a5c81da78 s_server: correctly handle 2^14 byte long records
Resolves: rhbz#2042011

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-02-03 15:37:48 +01:00
Dmitry Belyavskiy
922b5301ea Adjust FIPS provider version
FIPS provider version is now autofilled from release and date
Related: rhbz#2026445
2022-02-01 16:02:01 +01:00
Dmitry Belyavskiy
8c3b745547 On the s390x, zeroize all the copies of TLS premaster secret
Related: rhbz#2040448
2022-01-26 16:50:19 +01:00
Dmitry Belyavskiy
92e721fa5d Rebuild
Related: rhbz#2026445
2022-01-21 14:40:57 +01:00
Dmitry Belyavskiy
691c22b61c Remove volatile attribute from HMAC to make annocheck happy
Related: rhbz#1985362
2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy
d237e7f301 Restoring fips=yes to SHA-1
Related: rhbz#2026445
2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy
9df33eabbe KATS self-tests should run before HMAC verifcation
Related: rhbz#2041994
2022-01-21 13:48:28 +01:00
Sahana Prasad
f5421022ee Adds enable-buildtest-c++ to the configure options.
Related: rhbz#1990814

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-20 16:37:50 +01:00
Sahana Prasad
78a467efcc Rebase to upstream version 3.0.1
Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
Resolves: rhbz#2038910, rhbz#2035148

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-18 18:30:10 +01:00
Dmitry Belyavskiy
e63c4b68b2 Update spec file, remove fipsmodule.cnf
Related: rhbz#2026445
2022-01-17 14:18:22 +01:00
Dmitry Belyavskiy
6cdaa527d8 Explicitly permit SHA1 HMAC
Related: rhbz#2026445
2022-01-17 13:19:40 +01:00
Dmitry Belyavskiy
cc37486d86 Minimize the list of services allowed for FIPS
Related: rhbz#2026445
2022-01-17 13:19:29 +01:00
Dmitry Belyavskiy
225b6d37b9 openssl speed should run in FIPS mode
Related: rhbz#1977318
2021-12-21 16:16:07 +01:00
Dmitry Belyavskiy
13dc3794cb Make rpminspect happy 2021-12-10 14:19:15 +01:00
Dmitry Belyavskiy
4c1c00d6af Updated spec, some cleanup done
Related: rhbz#1985362
2021-11-24 13:44:25 +01:00
Dmitry Belyavskiy
9422ae52de Always activate default provider via config
Related: rhbz#1985362
2021-11-23 16:52:23 +01:00
Dmitry Belyavskiy
210c37e906 Disable fipsinstall application
Related: rhbz#1985362
2021-11-23 15:02:48 +01:00
Dmitry Belyavskiy
3ff0db7558 Embed correct HMAC into fips provider
We have stripped production version and unstripped version for tests.
Related: rhbz#1985362
2021-11-23 15:02:14 +01:00
Dmitry Belyavskiy
5c4e10ac26 FIPS provider auto activation
When FIPS flag is on, we load fips provider and set properties to fips.
FIPS checksum is embedded in FIPS provider itself
Related: rhbz#1985362
2021-11-23 15:01:33 +01:00
Dmitry Belyavskiy
694c426faf Fix memory leak in s_client
Related: rhbz#1996092
2021-10-07 19:08:23 +02:00
Dmitry Belyavskiy
b76c2316a3 KTLS and FIPS may interfere, so tests need to be tuned
Resolves: rhbz#1961643
2021-09-22 17:15:22 +02:00