From 1eb7adc383b24fe90dab5d9cbdae148ce43ee0d9 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Jul 31 2023 08:04:55 +0000 Subject: Adding changes to patch files from source-git sync Signed-off-by: Sahana Prasad --- diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index 7c70c60..7f20774 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,21 +1,21 @@ -From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 09:17:26 +0200 -Subject: Override default paths for the CA directory tree +From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 04/35] + 0004-Override-default-paths-for-the-CA-directory-tree.patch -Also add default section to load crypto-policies configuration -for TLS. - -It needs to be reverted before running tests. - -(was openssl-1.1.1-conf-paths.patch) +Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch +Patch-id: 4 +Patch-status: | + # Override default paths for the CA directory tree +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- apps/CA.pl.in | 2 +- - apps/openssl.cnf | 20 ++++++++++++++++++-- - 2 files changed, 19 insertions(+), 3 deletions(-) + apps/openssl.cnf | 13 +++++++++++-- + 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index c0afb96716..d6a5fabd16 100644 +index f029470005..729f104a7e 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; @@ -27,10 +27,11 @@ index c0afb96716..d6a5fabd16 100644 my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf ---- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 -+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 -@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7 +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 8141ab20cd..3956235fda 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect @@ -39,7 +40,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1 # List of providers to load [provider_sect] -@@ -64,6 +66,13 @@ default = default_sect +@@ -71,6 +73,13 @@ default = default_sect [default_sect] # activate = 1 @@ -53,7 +54,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1 #################################################################### [ ca ] -@@ -72,7 +81,7 @@ default_ca = CA_default # The default c +@@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] @@ -62,7 +63,7 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1 certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. -@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default +@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. @@ -71,3 +72,6 @@ diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha1 serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate +-- +2.41.0 + diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 4c313ff..2ac82fa 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,25 +1,30 @@ -From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 24 Sep 2020 10:16:46 +0200 -Subject: Add support for PROFILE=SYSTEM system default cipherlist +From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 07/35] + 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -(was openssl-1.1.1-system-cipherlist.patch) +Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +Patch-id: 7 +Patch-status: | + # Add support for PROFILE=SYSTEM system default cipherlist +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- Configurations/unix-Makefile.tmpl | 5 ++ - Configure | 10 +++- + Configure | 11 +++- doc/man1/openssl-ciphers.pod.in | 9 ++++ include/openssl/ssl.h.in | 5 ++ - ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- + ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++---- ssl/ssl_lib.c | 4 +- test/cipherlist_test.c | 2 + util/libcrypto.num | 1 + 8 files changed, 110 insertions(+), 14 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 9f369edf0e..c52389f831 100644 +index f29cdc7f38..c0df026de3 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man +@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -30,7 +35,7 @@ index 9f369edf0e..c52389f831 100644 # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} +@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CPPFLAGS={- our $cppflags1 = join(" ", (map { "-D".$_} @{$config{CPPDEFINES}}), @@ -38,11 +43,54 @@ index 9f369edf0e..c52389f831 100644 (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +diff --git a/Configure b/Configure +index 456995240b..93be83be94 100755 +--- a/Configure ++++ b/Configure +@@ -27,7 +27,7 @@ use OpenSSL::config; + my $orig_death_handler = $SIG{__DIE__}; + $SIG{__DIE__} = \&death_handler; + +-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; ++my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; + + my $banner = <<"EOF"; + +@@ -61,6 +61,10 @@ EOF + # given with --prefix. + # This becomes the value of OPENSSLDIR in Makefile and in C. + # (Default: PREFIX/ssl) ++# ++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM ++# cipher is specified (default). ++# + # --banner=".." Output specified text instead of default completion banner + # + # -w Don't wait after showing a Configure warning +@@ -387,6 +391,7 @@ $config{prefix}=""; + $config{openssldir}=""; + $config{processor}=""; + $config{libdir}=""; ++$config{system_ciphers_file}=""; + my $auto_threads=1; # enable threads automatically? true by default + my $default_ranlib; + +@@ -989,6 +994,10 @@ while (@argvcopy) + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; + } ++ elsif (/^--system-ciphers-file=(.*)$/) ++ { ++ $config{system_ciphers_file}=$1; ++ } + elsif (/^--banner=(.*)$/) + { + $banner = $1 . "\n"; diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in -index b4ed3e51d5..2122e6bdfd 100644 +index 658730ec53..04e66bcebe 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in -@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. +@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. The cipher suites not enabled by B, currently B. @@ -59,10 +107,10 @@ index b4ed3e51d5..2122e6bdfd 100644 "High" encryption cipher suites. This currently means those with key lengths diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index f9a61609e4..c6f95fed3f 100644 +index f03f52fbd8..0b6de603e2 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -209,6 +209,11 @@ extern "C" { +@@ -208,6 +208,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -75,10 +123,10 @@ index f9a61609e4..c6f95fed3f 100644 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index b1d3f7919e..f7cc7fed48 100644 +index 93de9cf8fd..a5e60e8839 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) +@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -132,7 +180,7 @@ index b1d3f7919e..f7cc7fed48 100644 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -153,14 +201,14 @@ index b1d3f7919e..f7cc7fed48 100644 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) - return NULL; + goto err; - + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) - return NULL; + goto err; /* * To reduce the work to do we only want to process the compiled -@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -169,7 +217,7 @@ index b1d3f7919e..f7cc7fed48 100644 } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -179,7 +227,7 @@ index b1d3f7919e..f7cc7fed48 100644 } /* -@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -190,7 +238,7 @@ index b1d3f7919e..f7cc7fed48 100644 } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -200,7 +248,7 @@ index b1d3f7919e..f7cc7fed48 100644 } /* -@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -216,7 +264,7 @@ index b1d3f7919e..f7cc7fed48 100644 /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -232,10 +280,10 @@ index b1d3f7919e..f7cc7fed48 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index d14d5819ba..48d491219a 100644 +index f12ad6d034..a059bcd83b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -244,7 +292,7 @@ index d14d5819ba..48d491219a 100644 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -254,10 +302,10 @@ index d14d5819ba..48d491219a 100644 ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c -index 380f0727fc..6922a87c30 100644 +index 2d166e2b46..4ff2aa12d6 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c -@@ -244,7 +244,9 @@ end: +@@ -246,7 +246,9 @@ end: int setup_tests(void) { @@ -268,56 +316,14 @@ index 380f0727fc..6922a87c30 100644 ADD_TEST(test_default_cipherlist_clear); return 1; diff --git a/util/libcrypto.num b/util/libcrypto.num -index 404a706fab..e81fa9ec3e 100644 +index 406392a7d9..9cb8a4dda2 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: +@@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION: EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -- -2.26.2 +2.41.0 -diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure ---- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200 -+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200 -@@ -27,7 +27,7 @@ use OpenSSL::config; - my $orig_death_handler = $SIG{__DIE__}; - $SIG{__DIE__} = \&death_handler; - --my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; -+my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; - - my $banner = <<"EOF"; - -@@ -61,6 +61,10 @@ EOF - # given with --prefix. - # This becomes the value of OPENSSLDIR in Makefile and in C. - # (Default: PREFIX/ssl) -+# -+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM -+# cipher is specified (default). -+# - # --banner=".." Output specified text instead of default completion banner - # - # -w Don't wait after showing a Configure warning -@@ -385,6 +389,7 @@ $config{prefix}=""; - $config{openssldir}=""; - $config{processor}=""; - $config{libdir}=""; -+$config{system_ciphers_file}=""; - my $auto_threads=1; # enable threads automatically? true by default - my $default_ranlib; - -@@ -987,6 +992,10 @@ while (@argvcopy) - die "FIPS key too long (64 bytes max)\n" - if length $1 > 64; - } -+ elsif (/^--system-ciphers-file=(.*)$/) -+ { -+ $config{system_ciphers_file}=$1; -+ } - elsif (/^--banner=(.*)$/) - { - $banner = $1 . "\n"; diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index 2e72999..c05aa79 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,20 +1,22 @@ -From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 26 Nov 2020 14:00:16 +0100 -Subject: Add FIPS_mode() compatibility macro +From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch -The macro calls EVP_default_properties_is_fips_enabled() on the -default context. +Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch +Patch-id: 8 +Patch-status: | + # Add FIPS_mode() compatibility macro +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- - include/openssl/crypto.h.in | 1 + - include/openssl/fips.h | 25 +++++++++++++++++++++++++ - test/property_test.c | 13 +++++++++++++ - 3 files changed, 39 insertions(+) + include/openssl/fips.h | 26 ++++++++++++++++++++++++++ + test/property_test.c | 14 ++++++++++++++ + 2 files changed, 40 insertions(+) create mode 100644 include/openssl/fips.h diff --git a/include/openssl/fips.h b/include/openssl/fips.h new file mode 100644 -index 0000000000..c64f0f8e8f +index 0000000000..4162cbf88e --- /dev/null +++ b/include/openssl/fips.h @@ -0,0 +1,26 @@ @@ -44,13 +46,14 @@ index 0000000000..c64f0f8e8f +} +# endif +#endif -diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c ---- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 -+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 -@@ -488,6 +488,19 @@ static int test_property_list_to_string( +diff --git a/test/property_test.c b/test/property_test.c +index 45b1db3e85..8894c1c1cb 100644 +--- a/test/property_test.c ++++ b/test/property_test.c +@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i) return ret; } - + +#include +static int test_downstream_FIPS_mode(void) +{ @@ -67,7 +70,7 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1 int setup_tests(void) { ADD_TEST(test_property_string); -@@ -500,6 +512,7 @@ int setup_tests(void) +@@ -690,6 +703,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); @@ -75,3 +78,6 @@ diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1 ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); return 1; } +-- +2.41.0 + diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index 3f25180..7b7a223 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -1,7 +1,23 @@ -diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c ---- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 -+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 -@@ -12,6 +12,41 @@ +From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch + +Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch +Patch-id: 9 +Patch-status: | + # Add check to see if fips flag is enabled in kernel +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++ + include/internal/provider.h | 3 +++ + 2 files changed, 39 insertions(+) + +diff --git a/crypto/context.c b/crypto/context.c +index e294ea1512..51002ba79a 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -16,6 +16,41 @@ #include "internal/provider.h" #include "crypto/context.h" @@ -43,7 +59,7 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 struct ossl_lib_ctx_st { CRYPTO_RWLOCK *lock, *rand_crngt_lock; OSSL_EX_DATA_GLOBAL global; -@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte +@@ -336,6 +371,7 @@ static int default_context_inited = 0; DEFINE_RUN_ONCE_STATIC(default_context_do_init) { @@ -51,10 +67,11 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) goto err; -diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h ---- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 -+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 -@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB +diff --git a/include/internal/provider.h b/include/internal/provider.h +index 18937f84c7..1446bf7afb 100644 +--- a/include/internal/provider.h ++++ b/include/internal/provider.h +@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, const OSSL_DISPATCH *in); void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); @@ -64,3 +81,6 @@ diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/incl # ifdef __cplusplus } # endif +-- +2.41.0 + diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0010-Add-changes-to-ectest-and-eccurve.patch index aac242b..876ddb3 100644 --- a/0010-Add-changes-to-ectest-and-eccurve.patch +++ b/0010-Add-changes-to-ectest-and-eccurve.patch @@ -1,10 +1,29 @@ -diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c ---- ./crypto/ec/ec_curve.c.remove-ec 2023-03-13 16:50:09.278933578 +0100 -+++ ./crypto/ec/ec_curve.c 2023-03-21 12:38:57.696531941 +0100 -@@ -32,38 +32,6 @@ typedef struct { +From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch + +Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch +Patch-id: 10 +Patch-status: | + # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so + # that new modifications made to these files by upstream are not lost. +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_curve.c | 844 ------------------------------------------- + test/ectest.c | 174 +-------- + 2 files changed, 8 insertions(+), 1010 deletions(-) + +diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c +index b5b2f3342d..d32a768fe6 100644 +--- a/crypto/ec/ec_curve.c ++++ b/crypto/ec/ec_curve.c +@@ -30,38 +30,6 @@ typedef struct { + } EC_CURVE_DATA; + /* the nist prime curves */ - static const struct { - EC_CURVE_DATA h; +-static const struct { +- EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_NIST_PRIME_192 = { - { @@ -35,11 +54,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c - } -}; - --static const struct { -- EC_CURVE_DATA h; + static const struct { + EC_CURVE_DATA h; unsigned char data[20 + 28 * 6]; - } _EC_NIST_PRIME_224 = { - { @@ -200,187 +168,6 @@ static const struct { } }; @@ -228,10 +245,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c static const struct { EC_CURVE_DATA h; unsigned char data[20 + 32 * 6]; -@@ -423,294 +210,6 @@ static const struct { +@@ -421,294 +208,6 @@ static const struct { + + #ifndef FIPS_MODULE /* the secg prime curves (minus the nist and x9.62 prime curves) */ - static const struct { - EC_CURVE_DATA h; +-static const struct { +- EC_CURVE_DATA h; - unsigned char data[20 + 14 * 6]; -} _EC_SECG_PRIME_112R1 = { - { @@ -518,11 +537,9 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c - } -}; - --static const struct { -- EC_CURVE_DATA h; + static const struct { + EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; - } _EC_SECG_PRIME_256K1 = { - { @@ -745,102 +244,6 @@ static const struct { } }; @@ -626,10 +643,12 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c #endif /* FIPS_MODULE */ #ifndef OPENSSL_NO_EC2M -@@ -2238,198 +1641,6 @@ static const struct { +@@ -2236,198 +1639,6 @@ static const struct { + */ + #ifndef FIPS_MODULE - static const struct { - EC_CURVE_DATA h; +-static const struct { +- EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_brainpoolP160r1 = { - { @@ -820,12 +839,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c - } -}; - --static const struct { -- EC_CURVE_DATA h; + static const struct { + EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; - } _EC_brainpoolP256r1 = { - { -@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[ +@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = { "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ @@ -834,7 +851,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, # if defined(ECP_NISTZ256_ASM) EC_GFp_nistz256_method, -@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[ +@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = { static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ @@ -860,7 +877,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field"}, -@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[ +@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = { # endif "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ @@ -879,7 +896,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, # if defined(ECP_NISTZ256_ASM) EC_GFp_nistz256_method, -@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[ +@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = { {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"}, # endif @@ -902,7 +919,7 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c # ifndef OPENSSL_NO_EC2M /* IPSec curves */ {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, -@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[ +@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = { "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, # endif /* brainpool curves */ @@ -921,9 +938,10 @@ diff -up ./crypto/ec/ec_curve.c.remove-ec ./crypto/ec/ec_curve.c {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, -diff -up ./test/ectest.c.remove-ec ./test/ectest.c ---- ./test/ectest.c.remove-ec 2023-03-13 18:39:30.544642912 +0100 -+++ ./test/ectest.c 2023-03-20 07:27:26.403212965 +0100 +diff --git a/test/ectest.c b/test/ectest.c +index afef85b0e6..4890b0555e 100644 +--- a/test/ectest.c ++++ b/test/ectest.c @@ -175,184 +175,26 @@ static int prime_field_tests(void) || !TEST_ptr(p = BN_new()) || !TEST_ptr(a = BN_new()) @@ -1125,3 +1143,6 @@ diff -up ./test/ectest.c.remove-ec ./test/ectest.c ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); #ifndef OPENSSL_NO_EC2M +-- +2.41.0 + diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index f6c733a..4010bf5 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,7 +1,26 @@ -diff -up ./apps/speed.c.ec-curves ./apps/speed.c ---- ./apps/speed.c.ec-curves 2023-03-14 04:44:12.545437892 +0100 -+++ ./apps/speed.c 2023-03-14 04:48:28.606729067 +0100 -@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1]; +From e65f698d59fc71300d3e49492f9ef899b7209e5f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 11/35] 0011-Remove-EC-curves.patch + +Patch-name: 0011-Remove-EC-curves.patch +Patch-id: 11 +Patch-status: | + # remove unsupported EC curves +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/speed.c | 8 +--- + crypto/evp/ec_support.c | 76 ------------------------------------ + test/acvp_test.inc | 9 ----- + test/ecdsatest.h | 17 -------- + test/recipes/15-test_genec.t | 27 ------------- + 5 files changed, 1 insertion(+), 136 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index cace25eda1..d527f12f18 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ #endif /* OPENSSL_NO_DH */ enum ec_curves_t { @@ -10,7 +29,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c #ifndef OPENSSL_NO_EC2M R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -@@ -376,8 +376,6 @@ enum ec_curves_t { +@@ -395,8 +395,6 @@ enum ec_curves_t { }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { @@ -19,7 +38,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c {"ecdsap224", R_EC_P224}, {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, -@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS +@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { @@ -28,7 +47,7 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c {"ecdhp224", R_EC_P224}, {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, -@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv) +@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ @@ -37,9 +56,10 @@ diff -up ./apps/speed.c.ec-curves ./apps/speed.c {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, -diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c ---- ./crypto/evp/ec_support.c.ec-curves 2023-03-14 06:22:41.542310442 +0100 -+++ ./crypto/evp/ec_support.c 2023-03-21 11:24:18.378451683 +0100 +diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c +index 1ec10143d2..8fe774140f 100644 +--- a/crypto/evp/ec_support.c ++++ b/crypto/evp/ec_support.c @@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ @@ -130,7 +150,7 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c {"brainpoolP256r1", NID_brainpoolP256r1 }, {"brainpoolP256t1", NID_brainpoolP256t1 }, {"brainpoolP320r1", NID_brainpoolP320r1 }, -@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = +@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = { {"brainpoolP384t1", NID_brainpoolP384t1 }, {"brainpoolP512r1", NID_brainpoolP512r1 }, {"brainpoolP512t1", NID_brainpoolP512t1 }, @@ -139,13 +159,15 @@ diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c }; const char *OSSL_EC_curve_nid2name(int nid) -diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc ---- ./test/acvp_test.inc.ec-curves 2023-03-14 06:38:20.563712586 +0100 -+++ ./test/acvp_test.inc 2023-03-14 06:39:01.631080059 +0100 -@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index ad11d3ae1e..894a0bff9d 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = { + 0xB1, 0xAC, }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { - { +- { - "SHA-1", - "P-192", - ITM(ecdsa_sigver_msg0), @@ -154,13 +176,13 @@ diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc - ITM(ecdsa_sigver_s0), - PASS, - }, -- { + { "SHA2-512", "P-521", - ITM(ecdsa_sigver_msg1), -diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h ---- ./test/ecdsatest.h.ec-curves 2023-03-14 04:49:16.148154472 +0100 -+++ ./test/ecdsatest.h 2023-03-14 04:51:01.376096037 +0100 +diff --git a/test/ecdsatest.h b/test/ecdsatest.h +index 63fe319025..06b5c0aac5 100644 +--- a/test/ecdsatest.h ++++ b/test/ecdsatest.h @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -185,10 +207,11 @@ diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t ---- ./test/recipes/15-test_genec.t.ec-curves 2023-03-14 04:51:45.215488277 +0100 -+++ ./test/recipes/15-test_genec.t 2023-03-21 11:26:58.613885435 +0100 -@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport +diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t +index 2dfed387ca..c733b68f83 100644 +--- a/test/recipes/15-test_genec.t ++++ b/test/recipes/15-test_genec.t +@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build" if disabled("ec"); my @prime_curves = qw( @@ -234,3 +257,6 @@ diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t P-224 P-256 P-384 +-- +2.41.0 + diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index 0cae2fa..9b86309 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,7 +1,27 @@ -diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c ---- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100 -+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100 -@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** +From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch + +Patch-name: 0012-Disable-explicit-ec.patch +Patch-id: 12 +Patch-status: | + # Disable explicit EC curves + # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_asn1.c | 11 ++++++++++ + crypto/ec/ec_lib.c | 6 +++++ + test/ectest.c | 22 ++++++++++--------- + test/endecode_test.c | 20 ++++++++--------- + .../30-test_evp_data/evppkey_ecdsa.txt | 12 ---------- + 5 files changed, 39 insertions(+), 32 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 7a0b35a594..d19d57344e 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -14,7 +34,7 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry if (a) { EC_GROUP_free(*a); *a = group; -@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con +@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } @@ -26,10 +46,11 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry ret->version = priv_key->version; if (priv_key->privateKey) { -diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c ---- openssl-3.0.9/crypto/ec/ec_lib.c.noec 2023-07-27 10:32:52.870910095 +0200 -+++ openssl-3.0.9/crypto/ec/ec_lib.c 2023-07-27 10:35:18.029151181 +0200 -@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index a84e088c19..6c37bf78ae 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } if (named_group == group) { @@ -41,7 +62,7 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c /* * If we did not find a named group then the encoding should be explicit * if it was specified -@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const +@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); @@ -49,10 +70,75 @@ diff -up openssl-3.0.9/crypto/ec/ec_lib.c.noec openssl-3.0.9/crypto/ec/ec_lib.c } else { EC_GROUP_free(group); group = named_group; -diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c ---- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100 -+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100 -@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL; +diff --git a/test/ectest.c b/test/ectest.c +index 4890b0555e..e11aec5b3b 100644 +--- a/test/ectest.c ++++ b/test/ectest.c +@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) +- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, ++ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam, + EVP_PKEY_KEY_PARAMETERS, params), 0)) + goto err; +- ++/* As creating the key should fail, the rest of the test is pointless */ ++# if 0 + /*- Check that all the set values are retrievable -*/ + + /* There should be no match to a group name since the generator changed */ +@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + #endif + ) + goto err; ++#endif + ret = 1; + err: + BN_free(order_out); +@@ -2714,21 +2716,21 @@ static int custom_params_test(int id) + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) +- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) +- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */) + goto err; +- ++#if 0 + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; +@@ -2780,7 +2782,7 @@ static int custom_params_test(int id) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; +- ++#endif + ret = 1; + + err: +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 14648287eb..9a437d8c64 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; static OSSL_PARAM_BLD *bld_prime = NULL; static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; @@ -61,7 +147,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; -@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") +@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") @@ -74,7 +160,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) -@@ -1318,7 +1318,7 @@ int setup_tests(void) +@@ -1352,7 +1352,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) @@ -83,7 +169,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) -@@ -1346,7 +1346,7 @@ int setup_tests(void) +@@ -1380,7 +1380,7 @@ int setup_tests(void) TEST_info("Generating EC keys..."); MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); @@ -92,7 +178,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -@@ -1389,8 +1389,8 @@ int setup_tests(void) +@@ -1423,8 +1423,8 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(EC); ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); @@ -103,7 +189,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); -@@ -1427,7 +1427,7 @@ void cleanup_tests(void) +@@ -1461,7 +1461,7 @@ void cleanup_tests(void) { #ifndef OPENSSL_NO_EC OSSL_PARAM_free(ec_explicit_prime_params_nc); @@ -112,7 +198,7 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); # ifndef OPENSSL_NO_EC2M -@@ -1449,7 +1449,7 @@ void cleanup_tests(void) +@@ -1483,7 +1483,7 @@ void cleanup_tests(void) #ifndef OPENSSL_NO_EC FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); @@ -121,10 +207,11 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te # ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); -diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ---- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100 -+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100 -@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index ec3c032aba..584ecee0eb 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl -----END PRIVATE KEY----- @@ -143,66 +230,6 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_e PrivateKey = B-163 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K -diff -up openssl-3.0.9/test/ectest.c.noec openssl-3.0.9/test/ectest.c ---- openssl-3.0.9/test/ectest.c.noec 2023-07-27 11:30:24.078979261 +0200 -+++ openssl-3.0.9/test/ectest.c 2023-07-27 11:35:12.335576107 +0200 -@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromd - if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) - || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) - || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) -- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, -+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam, - EVP_PKEY_KEY_PARAMETERS, params), 0)) - goto err; -- -+/* As creating the key should fail, the rest of the test is pointless */ -+# if 0 - /*- Check that all the set values are retrievable -*/ - - /* There should be no match to a group name since the generator changed */ -@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromd - #endif - ) - goto err; -+#endif - ret = 1; - err: - BN_free(order_out); -@@ -2714,21 +2716,21 @@ static int custom_params_test(int id) - - /* Compute keyexchange in both directions */ - if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) -- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) -- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) -+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0) -+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) - || !TEST_int_gt(bsize, sslen) -- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) -+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/) - goto err; - if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) -- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) -- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) -+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1) -+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) -- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) -+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */) - goto err; -- -+#if 0 - /* Both sides should expect the same shared secret */ - if (!TEST_mem_eq(buf1, sslen, buf2, t)) - goto err; -@@ -2780,7 +2782,7 @@ static int custom_params_test(int id) - /* compare with previous result */ - || !TEST_mem_eq(buf1, t, buf2, sslen)) - goto err; -- -+#endif - ret = 1; - - err: +-- +2.41.0 + diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch index 0c81d4c..3cf7a78 100644 --- a/0013-skipped-tests-EC-curves.patch +++ b/0013-skipped-tests-EC-curves.patch @@ -1,7 +1,24 @@ -diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t ---- ./test/recipes/15-test_ec.t.skip-tests 2023-03-14 13:42:38.865508269 +0100 -+++ ./test/recipes/15-test_ec.t 2023-03-14 13:43:36.237021635 +0100 -@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key +From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch + +Patch-name: 0013-skipped-tests-EC-curves.patch +Patch-id: 13 +Patch-status: | + # Skipped tests from former 0011-Remove-EC-curves.patch +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + test/recipes/15-test_ec.t | 2 +- + test/recipes/65-test_cmp_protect.t | 2 +- + test/recipes/65-test_cmp_vfy.t | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t +index 0638d626e7..c0efd77649 100644 +--- a/test/recipes/15-test_ec.t ++++ b/test/recipes/15-test_ec.t +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub { subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" @@ -10,10 +27,11 @@ diff -up ./test/recipes/15-test_ec.t.skip-tests ./test/recipes/15-test_ec.t plan tests => 2; -diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_cmp_protect.t ---- ./test/recipes/65-test_cmp_protect.t.skip-tests 2023-03-14 10:13:11.342056559 +0100 -+++ ./test/recipes/65-test_cmp_protect.t 2023-03-14 10:14:42.643873496 +0100 -@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo +diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t +index 631603df7c..4cb2ffebbc 100644 +--- a/test/recipes/65-test_cmp_protect.t ++++ b/test/recipes/65-test_cmp_protect.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a shared library build on Windows" if $^O eq 'MSWin32' && !disabled("shared"); @@ -22,10 +40,11 @@ diff -up ./test/recipes/65-test_cmp_protect.t.skip-tests ./test/recipes/65-test_ my @basic_cmd = ("cmp_protect_test", data_file("server.pem"), -diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_vfy.t ---- ./test/recipes/65-test_cmp_vfy.t.skip-tests 2023-03-14 10:13:38.106296042 +0100 -+++ ./test/recipes/65-test_cmp_vfy.t 2023-03-14 10:16:56.496071178 +0100 -@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo +diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t +index f722800e27..26a01786bb 100644 +--- a/test/recipes/65-test_cmp_vfy.t ++++ b/test/recipes/65-test_cmp_vfy.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a no-ec build" if disabled("ec"); @@ -34,3 +53,6 @@ diff -up ./test/recipes/65-test_cmp_vfy.t.skip-tests ./test/recipes/65-test_cmp_ my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), +-- +2.41.0 + diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index c7d2958..2997d1e 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,22 @@ -diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf ---- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 -+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 +From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 14/35] 0024-load-legacy-prov.patch + +Patch-name: 0024-load-legacy-prov.patch +Patch-id: 24 +Patch-status: | + # Instructions to load legacy provider in openssl.cnf +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/openssl.cnf | 37 +++++++++++++++---------------------- + doc/man5/config.pod | 8 ++++++++ + 2 files changed, 23 insertions(+), 22 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 3956235fda..bddb6bc029 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -19,11 +35,6 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c ssl_conf = ssl_module -# List of providers to load --[provider_sect] --default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 @@ -32,7 +43,13 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. - ++ + [provider_sect] + default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect +- -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# @@ -41,13 +58,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. --[default_sect] --# activate = 1 -+[provider_sect] -+default = default_sect +##legacy = legacy_sect +## -+[default_sect] + [default_sect] +-# activate = 1 +activate = 1 + +##[legacy_sect] @@ -55,9 +69,10 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c [ ssl_module ] -diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod ---- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 -+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 8d312c661f..714a10437b 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. @@ -73,3 +88,6 @@ diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/co =head3 Default provider and its activation If no providers are activated explicitly, the default one is activated implicitly. +-- +2.41.0 + diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch index 47e5f26..ce5c3cf 100644 --- a/0032-Force-fips.patch +++ b/0032-Force-fips.patch @@ -1,6 +1,21 @@ -diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c ---- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 -+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 +From 8c6dffe2347fc801a2b285d79dd99b8739414bc3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 16/35] 0032-Force-fips.patch + +Patch-name: 0032-Force-fips.patch +Patch-id: 32 +Patch-status: | + # We load FIPS provider and set FIPS properties implicitly +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/provider_conf.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c +index 058fb58837..ad0b29c954 100644 +--- a/crypto/provider_conf.c ++++ b/crypto/provider_conf.c @@ -10,6 +10,7 @@ #include #include @@ -9,7 +24,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi #include #include #include -@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C +@@ -169,7 +170,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, if (path != NULL) ossl_provider_set_module_path(prov, path); @@ -18,7 +33,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi if (ok) { if (!ossl_provider_activate(prov, 1, 0)) { -@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU +@@ -309,6 +310,16 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) return 0; } @@ -35,3 +50,6 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi return 1; } +-- +2.41.0 + diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch index f014a07..9e4e579 100644 --- a/0033-FIPS-embed-hmac.patch +++ b/0033-FIPS-embed-hmac.patch @@ -1,7 +1,30 @@ -diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c ---- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100 -+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100 -@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) +From 538665f6c210f876bf2733afe63460b36f2c9929 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 17/35] 0033-FIPS-embed-hmac.patch + +Patch-name: 0033-FIPS-embed-hmac.patch +Patch-id: 33 +Patch-status: | + # Embed HMAC into the fips.so +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + providers/fips/self_test.c | 69 ++++++++++++++++++++++++--- + test/fipsmodule.cnf | 2 + + test/recipes/00-prep_fipsmodule_cnf.t | 2 +- + test/recipes/01-test_fipsmodule_cnf.t | 2 +- + test/recipes/03-test_fipsinstall.t | 2 +- + test/recipes/30-test_defltfips.t | 2 +- + test/recipes/80-test_ssl_new.t | 2 +- + test/recipes/90-test_sslapi.t | 2 +- + 8 files changed, 70 insertions(+), 13 deletions(-) + create mode 100644 test/fipsmodule.cnf + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index 10804d9f59..ef56002854 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -231,11 +231,27 @@ err: return ok; } @@ -29,7 +52,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI +@@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex EVP_MAC *mac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -53,7 +76,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); if (mac == NULL) goto err; -@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI +@@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) goto err; @@ -61,12 +84,12 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi - status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); + while ((off + INTEGRITY_BUF_SIZE) <= paddr) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); - if (status != 1) - break; - if (!EVP_MAC_update(ctx, buf, bytes_read)) - goto err; ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; + off += bytes_read; - } ++ } + + if (off + INTEGRITY_BUF_SIZE > paddr) { + int delta = paddr - off; @@ -88,17 +111,17 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi + + while (bytes_read > 0) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; + off += bytes_read; -+ } + } + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) goto err; -@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -349,8 +405,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) CRYPTO_THREAD_unlock(fips_state_lock); } @@ -108,7 +131,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } -@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -359,8 +414,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; @@ -120,7 +143,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; -@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -434,7 +490,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) end: EVP_RAND_free(testrand); OSSL_SELF_TEST_free(ev); @@ -128,10 +151,19 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi OPENSSL_free(indicator_checksum); if (st != NULL) { -diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t ---- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 -@@ -20,7 +20,7 @@ +diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf +new file mode 100644 +index 0000000000..f05d0dedbe +--- /dev/null ++++ b/test/fipsmodule.cnf +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 +diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t +index 4e3a6d85e8..e8255ba974 100644 +--- a/test/recipes/00-prep_fipsmodule_cnf.t ++++ b/test/recipes/00-prep_fipsmodule_cnf.t +@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -140,10 +172,11 @@ diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/ plan skip_all => "FIPS module config file only supported in a fips build" if $no_check; -diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t ---- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 -@@ -23,7 +23,7 @@ +diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t +index ce594817d5..00cebacff8 100644 +--- a/test/recipes/01-test_fipsmodule_cnf.t ++++ b/test/recipes/01-test_fipsmodule_cnf.t +@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -152,10 +185,11 @@ diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/ plan skip_all => "Test only supported in a fips build" if $no_check; plan tests => 1; -diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t ---- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 -@@ -22,7 +22,7 @@ +diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t +index b8b136d110..8242f4ebc3 100644 +--- a/test/recipes/03-test_fipsinstall.t ++++ b/test/recipes/03-test_fipsinstall.t +@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -164,10 +198,11 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes # Compatible options for pedantic FIPS compliance my @pedantic_okay = -diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t ---- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 -@@ -21,7 +21,7 @@ +diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t +index 426bd660d1..6dc514936b 100644 +--- a/test/recipes/30-test_defltfips.t ++++ b/test/recipes/30-test_defltfips.t +@@ -21,7 +21,7 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); @@ -176,10 +211,11 @@ diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/ plan tests => ($no_fips ? 1 : 5); -diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t ---- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 -@@ -23,7 +23,7 @@ +diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t +index 0c6d6402d9..e45f9cb560 100644 +--- a/test/recipes/80-test_ssl_new.t ++++ b/test/recipes/80-test_ssl_new.t +@@ -27,7 +27,7 @@ setup("test_ssl_new"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); @@ -188,10 +224,11 @@ diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/re $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t ---- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 -+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 -@@ -18,7 +18,7 @@ +diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t +index 9e9e32b51e..1a1a7159b5 100644 +--- a/test/recipes/90-test_sslapi.t ++++ b/test/recipes/90-test_sslapi.t +@@ -17,7 +17,7 @@ setup("test_sslapi"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); @@ -200,8 +237,6 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec my $fipsmodcfg_filename = "fipsmodule.cnf"; my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); ---- /dev/null 2021-11-16 15:27:32.915000000 +0100 -+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 -@@ -0,0 +1,2 @@ -+[fips_sect] -+activate = 1 +-- +2.41.0 + diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch index 11779fe..f1d7b27 100644 --- a/0034.fipsinstall_disable.patch +++ b/0034.fipsinstall_disable.patch @@ -1,7 +1,27 @@ -diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c ---- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100 -+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100 -@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar +From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch + +Patch-name: 0034.fipsinstall_disable.patch +Patch-id: 34 +Patch-status: | + # Comment out fipsinstall command-line utility +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/fipsinstall.c | 3 + + doc/man1/openssl-fipsinstall.pod.in | 272 +--------------------------- + doc/man1/openssl.pod | 4 - + doc/man5/config.pod | 1 - + doc/man5/fips_config.pod | 104 +---------- + doc/man7/OSSL_PROVIDER-FIPS.pod | 1 - + 6 files changed, 10 insertions(+), 375 deletions(-) + +diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c +index e1ef645b60..db92cb5fb2 100644 +--- a/apps/fipsinstall.c ++++ b/apps/fipsinstall.c +@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv) EVP_MAC *mac = NULL; CONF *conf = NULL; @@ -11,160 +31,11 @@ diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) goto end; -diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod ---- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100 -+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100 -@@ -158,10 +158,6 @@ Engine (loadable module) information and - - Error Number to Error String Conversion. - --=item B -- --FIPS configuration installation. -- - =item B - - Generation of DSA Private Key from Parameters. Superseded by -diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod ---- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100 -+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100 -@@ -573,7 +573,6 @@ configuration files using that syntax wi - =head1 SEE ALSO - - L, L, L, --L, - L, - L, - L, -diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod ---- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100 -+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100 -@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration - - =head1 DESCRIPTION - --A separate configuration file, using the OpenSSL L syntax, --is used to hold information about the FIPS module. This includes a digest --of the shared library file, and status about the self-testing. --This data is used automatically by the module itself for two --purposes: -- --=over 4 -- --=item - Run the startup FIPS self-test known answer tests (KATS). -- --This is normally done once, at installation time, but may also be set up to --run each time the module is used. -- --=item - Verify the module's checksum. -- --This is done each time the module is used. -- --=back -- --This file is generated by the L program, and --used internally by the FIPS module during its initialization. -- --The following options are supported. They should all appear in a section --whose name is identified by the B option in the B --section, as described in L. -- --=over 4 -- --=item B -- --If present, the module is activated. The value assigned to this name is not --significant. -- --=item B -- --A version number for the fips install process. Should be 1. -- --=item B -- --The FIPS module normally enters an internal error mode if any self test fails. --Once this error mode is active, no services or cryptographic algorithms are --accessible from this point on. --Continuous tests are a subset of the self tests (e.g., a key pair test during key --generation, or the CRNG output test). --Setting this value to C<0> allows the error mode to not be triggered if any --continuous test fails. The default value of C<1> will trigger the error mode. --Regardless of the value, the operation (e.g., key generation) that called the --continuous test will return an error code if its continuous test fails. The --operation may then be retried if the error mode has not been triggered. -- --=item B -- --This indicates if run-time checks related to enforcement of security parameters --such as minimum security strength of keys and approved curve names are used. --A value of '1' will perform the checks, otherwise if the value is '0' the checks --are not performed and FIPS compliance must be done by procedures documented in --the relevant Security Policy. -- --=item B -- --The calculated MAC of the FIPS provider file. -- --=item B -- --An indicator that the self-tests were successfully run. --This should only be written after the module has --successfully passed its self tests during installation. --If this field is not present, then the self tests will run when the module --loads. -- --=item B -- --A MAC of the value of the B option, to prevent accidental --changes to that value. --It is written-to at the same time as B is updated. -- --=back -- --For example: -- -- [fips_sect] -- activate = 1 -- install-version = 1 -- conditional-errors = 1 -- security-checks = 1 -- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC -- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C -- install-status = INSTALL_SELF_TEST_KATS_RUN -- --=head1 NOTES -- --When using the FIPS provider, it is recommended that the --B option is enabled to prevent accidental use of --non-FIPS validated algorithms via broken or mistaken configuration. --See L. -- --=head1 SEE ALSO -- --L --L -+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is -+automatically loaded when the system is booted in FIPS mode, or when the -+environment variable B is set. See the documentation -+for more information. - - =head1 HISTORY - -diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod ---- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100 -+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100 -@@ -388,7 +388,6 @@ A simple self test callback is shown bel - - =head1 SEE ALSO - --L, - L, - L, - L, -diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in ---- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100 -+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100 -@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi +diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in +index b1768b7f91..b6b00e27d8 100644 +--- a/doc/man1/openssl-fipsinstall.pod.in ++++ b/doc/man1/openssl-fipsinstall.pod.in +@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation =head1 SYNOPSIS B @@ -443,3 +314,160 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. =head1 COPYRIGHT +diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod +index d9c22a580f..d5ec3b9a6a 100644 +--- a/doc/man1/openssl.pod ++++ b/doc/man1/openssl.pod +@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation. + + Error Number to Error String Conversion. + +-=item B +- +-FIPS configuration installation. +- + =item B + + Generation of DSA Private Key from Parameters. Superseded by +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 714a10437b..bd05736220 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified. + =head1 SEE ALSO + + L, L, L, +-L, + L, + L, + L, +diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod +index 2255464304..1c15e32a5c 100644 +--- a/doc/man5/fips_config.pod ++++ b/doc/man5/fips_config.pod +@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration + + =head1 DESCRIPTION + +-A separate configuration file, using the OpenSSL L syntax, +-is used to hold information about the FIPS module. This includes a digest +-of the shared library file, and status about the self-testing. +-This data is used automatically by the module itself for two +-purposes: +- +-=over 4 +- +-=item - Run the startup FIPS self-test known answer tests (KATS). +- +-This is normally done once, at installation time, but may also be set up to +-run each time the module is used. +- +-=item - Verify the module's checksum. +- +-This is done each time the module is used. +- +-=back +- +-This file is generated by the L program, and +-used internally by the FIPS module during its initialization. +- +-The following options are supported. They should all appear in a section +-whose name is identified by the B option in the B +-section, as described in L. +- +-=over 4 +- +-=item B +- +-If present, the module is activated. The value assigned to this name is not +-significant. +- +-=item B +- +-A version number for the fips install process. Should be 1. +- +-=item B +- +-The FIPS module normally enters an internal error mode if any self test fails. +-Once this error mode is active, no services or cryptographic algorithms are +-accessible from this point on. +-Continuous tests are a subset of the self tests (e.g., a key pair test during key +-generation, or the CRNG output test). +-Setting this value to C<0> allows the error mode to not be triggered if any +-continuous test fails. The default value of C<1> will trigger the error mode. +-Regardless of the value, the operation (e.g., key generation) that called the +-continuous test will return an error code if its continuous test fails. The +-operation may then be retried if the error mode has not been triggered. +- +-=item B +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-=item B +- +-The calculated MAC of the FIPS provider file. +- +-=item B +- +-An indicator that the self-tests were successfully run. +-This should only be written after the module has +-successfully passed its self tests during installation. +-If this field is not present, then the self tests will run when the module +-loads. +- +-=item B +- +-A MAC of the value of the B option, to prevent accidental +-changes to that value. +-It is written-to at the same time as B is updated. +- +-=back +- +-For example: +- +- [fips_sect] +- activate = 1 +- install-version = 1 +- conditional-errors = 1 +- security-checks = 1 +- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +- install-status = INSTALL_SELF_TEST_KATS_RUN +- +-=head1 NOTES +- +-When using the FIPS provider, it is recommended that the +-B option is enabled to prevent accidental use of +-non-FIPS validated algorithms via broken or mistaken configuration. +-See L. +- +-=head1 SEE ALSO +- +-L +-L ++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is ++automatically loaded when the system is booted in FIPS mode, or when the ++environment variable B is set. See the documentation ++for more information. + + =head1 HISTORY + +diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod +index 4f908888ba..ef00247770 100644 +--- a/doc/man7/OSSL_PROVIDER-FIPS.pod ++++ b/doc/man7/OSSL_PROVIDER-FIPS.pod +@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are: + + =head1 SEE ALSO + +-L, + L, + L, + L, +-- +2.41.0 + diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch index 9256f7f..d52d5e1 100644 --- a/0035-speed-skip-unavailable-dgst.patch +++ b/0035-speed-skip-unavailable-dgst.patch @@ -1,7 +1,22 @@ -diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c ---- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 -+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 -@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo +From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch + +Patch-name: 0035-speed-skip-unavailable-dgst.patch +Patch-id: 35 +Patch-status: | + # Skip unavailable algorithms running `openssl speed` +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/speed.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/apps/speed.c b/apps/speed.c +index d527f12f18..2ff3eb53bd 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args) for (count = 0; COND(c[algindex][testnum]); count++) { size_t outl; @@ -11,3 +26,6 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c if (!EVP_MAC_init(mctx, NULL, 0, NULL) || !EVP_MAC_update(mctx, buf, lengths[testnum]) || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) +-- +2.41.0 + diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch index 137a26d..986b5e6 100644 --- a/0044-FIPS-140-3-keychecks.patch +++ b/0044-FIPS-140-3-keychecks.patch @@ -1,7 +1,24 @@ -diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c ---- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200 -+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200 -@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k +From bdf751d87be5dfb3164264ebcdbc0c0374d3eabf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 20/35] 0044-FIPS-140-3-keychecks.patch + +Patch-name: 0044-FIPS-140-3-keychecks.patch +Patch-id: 44 +Patch-status: | + # Extra public/private key checks required by FIPS-140-3 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/dh/dh_key.c | 28 ++++++++++++ + crypto/rsa/rsa_gen.c | 44 ++++++++----------- + .../implementations/exchange/ecdh_exch.c | 19 ++++++++ + 3 files changed, 65 insertions(+), 26 deletions(-) + +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 4e9705beef..cb9e641f54 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *z = NULL, *pminus1; int ret = -1; @@ -11,7 +28,7 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k +@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) return 0; } @@ -59,39 +76,10 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c dh->dirty_cnt++; ok = 1; err: -diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c -diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c ---- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200 -+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200 -@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u - } - - ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); -+#ifdef FIPS_MODULE -+ { -+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); -+ int check = 0; -+ -+ if (bn_ctx == NULL) { -+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); -+ BN_CTX_free(bn_ctx); -+ -+ if (check <= 0) { -+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); -+ goto end; -+ } -+ } -+#endif - - retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); - -diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c ---- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200 -+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200 +diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c +index e0d139d312..de9cedb64b 100644 +--- a/crypto/rsa/rsa_gen.c ++++ b/crypto/rsa/rsa_gen.c @@ -23,6 +23,7 @@ #include #include "internal/cryptlib.h" @@ -100,7 +88,7 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g #include #include "prov/providercommon.h" #include "rsa_local.h" -@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc +@@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) { int ret = 0; @@ -128,13 +116,13 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); - ciphertxt_len = RSA_size(rsa); -+ signature_len = RSA_size(rsa); - /* - * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' - * parameter to be a maximum of RSA_size() - allocate space for both. - */ - ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); - if (ciphertxt == NULL) ++ signature_len = RSA_size(rsa); + signature = OPENSSL_zalloc(signature_len); + if (signature == NULL) goto err; @@ -170,3 +158,36 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_g return ret; } +diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c +index 43caedb6df..73873f9758 100644 +--- a/providers/implementations/exchange/ecdh_exch.c ++++ b/providers/implementations/exchange/ecdh_exch.c +@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, + } + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); ++#ifdef FIPS_MODULE ++ { ++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); ++ int check = 0; ++ ++ if (bn_ctx == NULL) { ++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); ++ BN_CTX_free(bn_ctx); ++ ++ if (check <= 0) { ++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); ++ goto end; ++ } ++ } ++#endif + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + +-- +2.41.0 + diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch index 6e667b8..82fb6ee 100644 --- a/0045-FIPS-services-minimize.patch +++ b/0045-FIPS-services-minimize.patch @@ -1,7 +1,64 @@ -diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/providers/common/capabilities.c ---- openssl-3.0.1/providers/common/capabilities.c.fipsmin3 2022-05-05 17:11:36.146638536 +0200 -+++ openssl-3.0.1/providers/common/capabilities.c 2022-05-05 17:12:00.138848787 +0200 -@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list +From 8da97ba910507ea36fecd374ab896f80d150a7e7 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 21/35] 0045-FIPS-services-minimize.patch + +Patch-name: 0045-FIPS-services-minimize.patch +Patch-id: 45 +Patch-status: | + # Minimize fips services +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/ecparam.c | 3 ++ + apps/req.c | 2 +- + providers/common/capabilities.c | 2 +- + providers/fips/fipsprov.c | 45 +++++++++++-------- + providers/fips/self_test_data.inc | 12 +++-- + providers/implementations/signature/rsa_sig.c | 13 ++++++ + ssl/ssl_ciph.c | 3 ++ + test/acvp_test.c | 2 + + test/endecode_test.c | 4 ++ + test/evp_libctx_test.c | 9 +++- + test/recipes/15-test_gendsa.t | 2 +- + test/recipes/20-test_cli_fips.t | 3 +- + test/recipes/30-test_evp.t | 16 +++---- + .../30-test_evp_data/evpmac_common.txt | 22 +++++++++ + test/recipes/80-test_cms.t | 22 ++++----- + test/recipes/80-test_ssl_old.t | 2 +- + 16 files changed, 112 insertions(+), 50 deletions(-) + +diff --git a/apps/ecparam.c b/apps/ecparam.c +index 9e9ad13683..fc125a45c9 100644 +--- a/apps/ecparam.c ++++ b/apps/ecparam.c +@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + ++ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) ++ continue; ++ + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) +diff --git a/apps/req.c b/apps/req.c +index 23757044ab..5916914978 100644 +--- a/apps/req.c ++++ b/apps/req.c +@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) + unsigned long chtype = MBSTRING_ASC, reqflag = 0; + + #ifndef OPENSSL_NO_DES +- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); ++ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); + #endif + + prog = opt_init(argc, argv, req_options); +diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c +index ed37e76969..eb836dfa6a 100644 +--- a/providers/common/capabilities.c ++++ b/providers/common/capabilities.c +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), @@ -12,10 +69,11 @@ diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/pr # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are as per RFC 7919 */ -diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c ---- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200 -+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200 -@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 518226dfc6..73bb96dece 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); @@ -32,7 +90,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) -@@ -281,10 +280,11 @@ static const OSSL_ALGORITHM fips_digests +@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = { * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ @@ -46,7 +104,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider { NULL, NULL, NULL } }; -@@ -343,8 +343,9 @@ static const OSSL_ALGORITHM_CAPABLE fips +@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_DES @@ -58,7 +116,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; -@@ -356,8 +357,9 @@ static const OSSL_ALGORITHM fips_macs[] +@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = { #endif { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, @@ -70,7 +128,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider { NULL, NULL, NULL } }; -@@ -392,8 +394,9 @@ static const OSSL_ALGORITHM fips_keyexch +@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { #endif #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, @@ -82,7 +140,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_keyexch_functions }, -@@ -403,13 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch +@@ -420,13 +424,14 @@ static const OSSL_ALGORITHM fips_keyexch[] = { static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA @@ -101,7 +159,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, -@@ -438,8 +443,9 @@ static const OSSL_ALGORITHM fips_keymgmt +@@ -456,8 +461,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA @@ -113,7 +171,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, PROV_DESCS_RSA }, -@@ -448,14 +454,15 @@ static const OSSL_ALGORITHM fips_keymgmt +@@ -466,14 +472,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, @@ -131,10 +189,11 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, PROV_DESCS_TLS1_PRF_SIGN }, -diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/providers/fips/self_test_data.inc ---- openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 2022-05-05 12:36:32.335069046 +0200 -+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-05 12:40:02.427966128 +0200 -@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 2057378d3d..e0fdc0daa4 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = /*- CIPHER TEST DATA */ /* DES3 test data */ @@ -142,7 +201,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ static const unsigned char des_ede3_cbc_pt[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, -@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_ +@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = { 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 }; @@ -151,7 +210,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ +@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { # endif /* OPENSSL_NO_EC2M */ #endif /* OPENSSL_NO_EC */ @@ -162,7 +221,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ static const unsigned char dsa_p[] = { 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, -@@ -1549,8 +1553,8 @@ static const ST_KAT_PARAM dsa_key[] = { +@@ -1589,8 +1591,8 @@ static const ST_KAT_PARAM dsa_key[] = { ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), ST_KAT_PARAM_END() }; @@ -173,7 +232,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ /* Hash DRBG inputs for signature KATs */ static const unsigned char sig_kat_entropyin[] = { 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, -@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes +@@ -1642,6 +1644,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { }, # endif #endif /* OPENSSL_NO_EC */ @@ -181,7 +240,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ #ifndef OPENSSL_NO_DSA { OSSL_SELF_TEST_DESC_SIGN_DSA, -@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes +@@ -1654,6 +1657,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ITM(dsa_expected_sig) }, #endif /* OPENSSL_NO_DSA */ @@ -189,9 +248,48 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ }; static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { -diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c ---- openssl-3.0.1/test/acvp_test.c.fipsmin2 2022-05-05 11:42:58.597848865 +0200 -+++ openssl-3.0.1/test/acvp_test.c 2022-05-05 11:43:30.141126336 +0200 +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index cd5de6bd51..07824e558c 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -777,6 +777,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index a5e60e8839..f9af07d12b 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) + ctx->disabled_mkey_mask = 0; + ctx->disabled_auth_mask = 0; + ++ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) ++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; ++ + /* + * We ignore any errors from the fetches below. They are expected to fail + * if theose algorithms are not available. +diff --git a/test/acvp_test.c b/test/acvp_test.c +index fee880d441..13d7a0ea8b 100644 +--- a/test/acvp_test.c ++++ b/test/acvp_test.c @@ -1476,6 +1476,7 @@ int setup_tests(void) OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ @@ -208,9 +306,43 @@ diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); -diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_libctx_test.c ---- openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 2022-05-05 14:18:46.370911817 +0200 -+++ openssl-3.0.1/test/evp_libctx_test.c 2022-05-05 14:30:02.117911993 +0200 +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 9a437d8c64..53385028fc 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -1407,6 +1407,7 @@ int setup_tests(void) + * so no legacy tests. + */ + #endif ++ if (is_fips == 0) { + #ifndef OPENSSL_NO_DSA + ADD_TEST_SUITE(DSA); + ADD_TEST_SUITE_PARAMS(DSA); +@@ -1417,6 +1418,7 @@ int setup_tests(void) + ADD_TEST_SUITE_PROTECTED_PVK(DSA); + # endif + #endif ++ } + #ifndef OPENSSL_NO_EC + ADD_TEST_SUITE(EC); + ADD_TEST_SUITE_PARAMS(EC); +@@ -1431,10 +1433,12 @@ int setup_tests(void) + ADD_TEST_SUITE(ECExplicitTri2G); + ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); + # endif ++ if (is_fips == 0) { + ADD_TEST_SUITE(ED25519); + ADD_TEST_SUITE(ED448); + ADD_TEST_SUITE(X25519); + ADD_TEST_SUITE(X448); ++ } + /* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. +diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c +index 2448c35a14..a7913cda4c 100644 +--- a/test/evp_libctx_test.c ++++ b/test/evp_libctx_test.c @@ -21,6 +21,7 @@ */ #include "internal/deprecated.h" @@ -219,8 +351,7 @@ diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_li #include #include #include -@@ -725,8 +726,10 @@ int setup_tests(void) - if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) +@@ -726,7 +727,9 @@ int setup_tests(void) return 0; #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) @@ -231,7 +362,7 @@ diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_li #endif #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); -@@ -746,7 +750,9 @@ int setup_tests(void) +@@ -746,7 +749,9 @@ int setup_tests(void) ADD_TEST(kem_invalid_keytype); #endif #ifndef OPENSSL_NO_DES @@ -242,9 +373,10 @@ diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_li #endif return 1; } -diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test/recipes/15-test_gendsa.t ---- openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 2022-05-05 13:46:00.631590335 +0200 -+++ openssl-3.0.1/test/recipes/15-test_gendsa.t 2022-05-05 13:46:06.999644496 +0200 +diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t +index b495b08bda..69bd299521 100644 +--- a/test/recipes/15-test_gendsa.t ++++ b/test/recipes/15-test_gendsa.t @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); plan skip_all => "This test is unsupported in a no-dsa build" if disabled("dsa"); @@ -254,10 +386,11 @@ diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test plan tests => ($no_fips ? 0 : 2) # FIPS related tests -diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/test/recipes/20-test_cli_fips.t ---- openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 2022-05-05 13:47:55.217564900 +0200 -+++ openssl-3.0.1/test/recipes/20-test_cli_fips.t 2022-05-05 13:48:02.824629600 +0200 -@@ -207,8 +207,7 @@ SKIP: { +diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t +index 6d3c5ba1bb..2ba47b5fca 100644 +--- a/test/recipes/20-test_cli_fips.t ++++ b/test/recipes/20-test_cli_fips.t +@@ -273,8 +273,7 @@ SKIP: { } SKIP : { @@ -267,112 +400,11 @@ diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/te subtest DSA => sub { my $testtext_prefix = 'DSA'; -diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_cms.t ---- openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 2022-05-05 13:55:05.257292637 +0200 -+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-05 13:58:35.307150750 +0200 -@@ -95,7 +95,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content DER format, DSA key", -+ [ "signed content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -103,7 +103,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, DSA key", -+ [ "signed detached content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, add RSA signer (with DSA existing)", -+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", -@@ -123,7 +123,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, DSA key", -+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], -@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -145,7 +145,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-noattr", "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -175,7 +175,7 @@ my @smime_pkcs7_tests = ( - \&zero_compare - ], - -- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = ( - - my @smime_cms_tests = ( - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-keyid", - "-signer", $smrsa1, -@@ -260,7 +260,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -370,7 +370,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "encrypted content test streaming PEM format, triple DES key", -+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-stream", "-out", "{output}.cms" ], -diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t ---- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200 -+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200 -@@ -43,10 +43,8 @@ my @files = qw( +diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t +index 9d7040ced2..3be2549cb5 100644 +--- a/test/recipes/30-test_evp.t ++++ b/test/recipes/30-test_evp.t +@@ -42,10 +42,8 @@ my @files = qw( evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_aes_stitched.txt @@ -383,20 +415,20 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt evpkdf_ss.txt -@@ -66,12 +65,6 @@ push @files, qw( +@@ -65,12 +63,6 @@ push @files, qw( + evppkey_ffdhe.txt evppkey_dh.txt ) unless $no_dh; - push @files, qw( +-push @files, qw( - evpkdf_x942_des.txt - evpmac_cmac_des.txt - ) unless $no_des; -push @files, qw(evppkey_dsa.txt) unless $no_dsa; -push @files, qw(evppkey_ecx.txt) unless $no_ec; --push @files, qw( + push @files, qw( evppkey_ecc.txt evppkey_ecdh.txt - evppkey_ecdsa.txt -@@ -91,6 +84,8 @@ my @defltfiles = qw( +@@ -91,6 +83,8 @@ my @defltfiles = qw( evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt @@ -405,7 +437,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re evpciph_idea.txt evpciph_rc2.txt evpciph_rc4.txt -@@ -117,6 +111,12 @@ my @defltfiles = qw( +@@ -118,6 +112,12 @@ my @defltfiles = qw( evppkey_kdf_tls1_prf.txt evppkey_rsa.txt ); @@ -418,10 +450,11 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; -diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt ---- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200 -+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200 -@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 +diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt +index 93195df97c..315413cd9b 100644 +--- a/test/recipes/30-test_evp_data/evpmac_common.txt ++++ b/test/recipes/30-test_evp_data/evpmac_common.txt +@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Result = MAC_INIT_ERROR @@ -429,7 +462,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 Title = KMAC Tests (From NIST) MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -@@ -338,12 +339,14 @@ Ctrl = xof:0 +@@ -350,12 +351,14 @@ Ctrl = xof:0 OutputSize = 32 BlockSize = 168 @@ -444,7 +477,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -351,6 +354,7 @@ Custom = "My Tagged Application" +@@ -363,6 +366,7 @@ Custom = "My Tagged Application" Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 Ctrl = size:32 @@ -452,7 +485,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -359,12 +363,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 +@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC OutputSize = 64 BlockSize = 136 @@ -467,7 +500,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -374,12 +380,14 @@ Ctrl = size:64 +@@ -386,12 +392,14 @@ Ctrl = size:64 Title = KMAC XOF Tests (From NIST) @@ -482,7 +515,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -387,6 +395,7 @@ Custom = "My Tagged Application" +@@ -399,6 +407,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C XOF = 1 @@ -490,7 +523,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -395,6 +404,7 @@ Output = 47026C7CD793084AA0283C253EF6584 +@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F XOF = 1 Ctrl = size:32 @@ -498,7 +531,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -402,6 +412,7 @@ Custom = "My Tagged Application" +@@ -414,6 +424,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B XOF = 1 @@ -506,7 +539,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -409,6 +420,7 @@ Custom = "" +@@ -421,6 +432,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B XOF = 1 @@ -514,7 +547,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -419,6 +431,7 @@ XOF = 1 +@@ -431,6 +443,7 @@ XOF = 1 Title = KMAC long customisation string (from NIST ACVP) @@ -522,7 +555,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -429,12 +442,14 @@ XOF = 1 +@@ -441,12 +454,14 @@ XOF = 1 Title = KMAC XOF Tests via ctrl (From NIST) @@ -537,7 +570,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -442,6 +457,7 @@ Custom = "My Tagged Application" +@@ -454,6 +469,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C Ctrl = xof:1 @@ -545,7 +578,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -450,6 +466,7 @@ Output = 47026C7CD793084AA0283C253EF6584 +@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F Ctrl = xof:1 Ctrl = size:32 @@ -553,7 +586,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -457,6 +474,7 @@ Custom = "My Tagged Application" +@@ -469,6 +486,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B Ctrl = xof:1 @@ -561,7 +594,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -464,6 +482,7 @@ Custom = "" +@@ -476,6 +494,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B Ctrl = xof:1 @@ -569,7 +602,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -474,6 +493,7 @@ Ctrl = xof:1 +@@ -486,6 +505,7 @@ Ctrl = xof:1 Title = KMAC long customisation string via ctrl (from NIST ACVP) @@ -577,7 +610,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -484,6 +504,7 @@ Ctrl = xof:1 +@@ -496,6 +516,7 @@ Ctrl = xof:1 Title = KMAC long customisation string negative test @@ -585,7 +618,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -492,6 +513,7 @@ Result = MAC_INIT_ERROR +@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR Title = KMAC output is too large @@ -593,10 +626,114 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_ssl_old.t ---- openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 2022-05-05 16:02:59.745500635 +0200 -+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-05 16:10:24.071348890 +0200 -@@ -426,7 +426,7 @@ sub testssl { +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 40dd585c18..cbec426137 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content DER format, DSA key", ++ [ "signed content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, DSA key", ++ [ "signed detached content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, add RSA signer (with DSA existing)", ++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", +@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, DSA key", ++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], +@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = ( + \&zero_compare + ], + +- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( + + my @smime_cms_tests = ( + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", $smrsa1, +@@ -261,7 +261,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -371,7 +371,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "encrypted content test streaming PEM format, triple DES key", ++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index 50b74a1e29..e2dcb68fb5 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -436,7 +436,7 @@ sub testssl { my @exkeys = (); my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; @@ -605,96 +742,6 @@ diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/tes push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; } -diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode_test.c ---- openssl-3.0.1/test/endecode_test.c.fipsmin3 2022-05-06 16:25:57.296926271 +0200 -+++ openssl-3.0.1/test/endecode_test.c 2022-05-06 16:27:42.712850840 +0200 -@@ -1387,6 +1387,7 @@ int setup_tests(void) - * so no legacy tests. - */ - #endif -+ if (is_fips == 0) { - #ifndef OPENSSL_NO_DSA - ADD_TEST_SUITE(DSA); - ADD_TEST_SUITE_PARAMS(DSA); -@@ -1397,6 +1398,7 @@ int setup_tests(void) - ADD_TEST_SUITE_PROTECTED_PVK(DSA); - # endif - #endif -+ } - #ifndef OPENSSL_NO_EC - ADD_TEST_SUITE(EC); - ADD_TEST_SUITE_PARAMS(EC); -@@ -1411,10 +1413,12 @@ int setup_tests(void) - ADD_TEST_SUITE(ECExplicitTri2G); - ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); - # endif -+ if (is_fips == 0) { - ADD_TEST_SUITE(ED25519); - ADD_TEST_SUITE(ED448); - ADD_TEST_SUITE(X25519); - ADD_TEST_SUITE(X448); -+ } - /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. -diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c ---- openssl-3.0.1/apps/req.c.dfc 2022-05-12 13:31:21.957638329 +0200 -+++ openssl-3.0.1/apps/req.c 2022-05-12 13:31:49.587984867 +0200 -@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) - unsigned long chtype = MBSTRING_ASC, reqflag = 0; - - #ifndef OPENSSL_NO_DES -- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - #endif - - prog = opt_init(argc, argv, req_options); -diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c ---- openssl-3.0.1/apps/ecparam.c.fips_list_curves 2022-05-19 11:46:22.682519422 +0200 -+++ openssl-3.0.1/apps/ecparam.c 2022-05-19 11:50:44.559828701 +0200 -@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) - const char *comment = curves[n].comment; - const char *sname = OBJ_nid2sn(curves[n].nid); - -+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) -+ continue; -+ - if (comment == NULL) - comment = "CURVE DESCRIPTION NOT AVAILABLE"; - if (sname == NULL) -diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c ---- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200 -+++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200 -@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) - ctx->disabled_mkey_mask = 0; - ctx->disabled_auth_mask = 0; - -+ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) -+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; -+ - /* - * We ignore any errors from the fetches below. They are expected to fail - * if theose algorithms are not available. -diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c ---- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200 -+++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200 -@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - size_t rslen; -+# ifdef FIPS_MODULE -+ size_t rsabits = RSA_bits(prsactx->rsa); -+ -+ if (rsabits < 2048) { -+ if (rsabits != 1024 -+ && rsabits != 1280 -+ && rsabits != 1536 -+ && rsabits != 1792) { -+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ } -+# endif - - if (!ossl_prov_is_running()) - return 0; +-- +2.41.0 + diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch index 3604e6f..2656115 100644 --- a/0047-FIPS-early-KATS.patch +++ b/0047-FIPS-early-KATS.patch @@ -1,7 +1,22 @@ -diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c ---- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100 -+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100 -@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch + +Patch-name: 0047-FIPS-early-KATS.patch +Patch-id: 47 +Patch-status: | + # Execute KATS before HMAC verification +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + providers/fips/self_test.c | 22 ++++++++++------------ + 1 file changed, 10 insertions(+), 12 deletions(-) + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index ef56002854..062d9df84a 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; @@ -18,11 +33,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid module_checksum = fips_hmac_container; checksum_len = sizeof(fips_hmac_container); -@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - kats_already_passed = 1; +@@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) } } -- + - /* - * Only runs the KAT's during installation OR on_demand(). - * NOTE: If the installation option 'self_test_onload' is chosen then this @@ -34,6 +48,10 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid - goto end; - } - } - +- /* Verify that the RNG has been restored properly */ testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL); + if (testrand == NULL +-- +2.41.0 + diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch deleted file mode 100644 index 5be033e..0000000 --- a/0049-Selectively-disallow-SHA1-signatures.patch +++ /dev/null @@ -1,544 +0,0 @@ -From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 17 Aug 2022 12:56:29 -0400 -Subject: [PATCH] Selectively disallow SHA1 signatures - -For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is -disabling SHA1 signatures. Introduce a new configuration option in the -alg_section named 'rh-allow-sha1-signatures'. This option defaults to -false. If set to false (or unset), any signature creation or -verification operations that involve SHA1 as digest will fail. - -This also affects TLS, where the signature_algorithms extension of any -ClientHello message sent by OpenSSL will no longer include signatures -with the SHA1 digest if rh-allow-sha1-signatures is false. For servers -that request a client certificate, the same also applies for -CertificateRequest messages sent by them. - -For signatures created using the EVP_PKEY API, this is a best-effort -check that will deny signatures in cases where the digest algorithm is -known. This means, for example, that that following steps will still -work: - - $> openssl dgst -sha1 -binary -out sha1 infile - $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig - $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1 - -whereas these will not: - - $> openssl dgst -sha1 -binary -out sha1 infile - $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1 - $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1 - -This happens because in the first case, OpenSSL's signature -implementation does not know that it is signing a SHA1 hash (it could be -signing arbitrary data). - -Resolves: rhbz#2031742 - -Signed-off-by: Stephen Gallagher ---- - crypto/context.c | 14 ++++ - crypto/evp/evp_cnf.c | 13 ++++ - crypto/evp/m_sigver.c | 71 +++++++++++++++++++ - crypto/evp/pmeth_lib.c | 15 ++++ - doc/man5/config.pod | 11 +++ - include/crypto/context.h | 3 + - include/internal/cryptlib.h | 3 +- - include/internal/sslconf.h | 4 ++ - providers/common/securitycheck.c | 20 ++++++ - providers/common/securitycheck_default.c | 9 ++- - providers/implementations/signature/dsa_sig.c | 11 ++- - .../implementations/signature/ecdsa_sig.c | 4 ++ - providers/implementations/signature/rsa_sig.c | 20 +++++- - ssl/t1_lib.c | 8 +++ - util/libcrypto.num | 2 + - 15 files changed, 199 insertions(+), 9 deletions(-) - -diff --git a/crypto/context.c b/crypto/context.c -index e294ea1512..ab6abf44ab 100644 ---- a/crypto/context.c -+++ b/crypto/context.c -@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st { - void *fips_prov; - #endif - -+ void *legacy_digest_signatures; -+ - unsigned int ischild:1; - }; - -@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx) - goto err; - #endif - -+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx); -+ if (ctx->legacy_digest_signatures == NULL) -+ goto err; -+ - /* Low priority. */ - #ifndef FIPS_MODULE - ctx->child_provider = ossl_child_prov_ctx_new(ctx); -@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) - } - #endif - -+ if (ctx->legacy_digest_signatures != NULL) { -+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures); -+ ctx->legacy_digest_signatures = NULL; -+ } -+ - /* Low priority. */ - #ifndef FIPS_MODULE - if (ctx->child_provider != NULL) { -@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) - return ctx->fips_prov; - #endif - -+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: -+ return ctx->legacy_digest_signatures; -+ - default: - return NULL; - } -diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c -index 0e7fe64cf9..b9d3b6d226 100644 ---- a/crypto/evp/evp_cnf.c -+++ b/crypto/evp/evp_cnf.c -@@ -10,6 +10,7 @@ - #include - #include - #include "internal/cryptlib.h" -+#include "internal/sslconf.h" - #include - #include - #include -@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } -+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { -+ int m; -+ -+ /* Detailed error already reported. */ -+ if (!X509V3_get_value_bool(oval, &m)) -+ return 0; -+ -+ if (!ossl_ctx_legacy_digest_signatures_allowed_set( -+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); -+ return 0; -+ } - } else { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 630d339c35..06028b082e 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -15,6 +15,65 @@ - #include "internal/provider.h" - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" -+#include "crypto/context.h" -+ -+typedef struct ossl_legacy_digest_signatures_st { -+ int allowed; -+} OSSL_LEGACY_DIGEST_SIGNATURES; -+ -+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; -+ -+ if (ldsigs != NULL) { -+ OPENSSL_free(ldsigs); -+ } -+} -+ -+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) -+{ -+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -+} -+ -+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( -+ OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+#ifndef FIPS_MODULE -+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) -+ return NULL; -+#endif -+ -+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX); -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+#ifndef FIPS_MODULE -+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) -+ /* used in tests */ -+ return 1; -+#endif -+ -+ return ldsigs != NULL ? ldsigs->allowed : 0; -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+ if (ldsigs == NULL) { -+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ ldsigs->allowed = allow; -+ return 1; -+} - - #ifndef FIPS_MODULE - -@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - } - } - -+ if (ctx->reqdigest != NULL -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(ctx->reqdigest); -+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) -+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ goto err; -+ } -+ } -+ - if (ver) { - if (signature->digest_verify_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index ce6e1a1ccb..003926247b 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -33,6 +33,7 @@ - #include "internal/ffc.h" - #include "internal/numbers.h" - #include "internal/provider.h" -+#include "internal/sslconf.h" - #include "evp_local.h" - - #ifndef FIPS_MODULE -@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, - return -2; - } - -+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) -+ && md != NULL -+ && ctx->pkey != NULL -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ return -1; -+ } -+ } -+ - if (fallback) - return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); - -diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index 8d312c661f..e5a88d11aa 100644 ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod -@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning: - The value may be anything that is acceptable as a property query - string for EVP_set_default_properties(). - -+=item B -+ -+The value is a boolean that can be B or B. If the value is not set, -+it behaves as if it was set to B. -+ -+When set to B, any attempt to create or verify a signature with a SHA1 -+digest will fail. For compatibility with older versions of OpenSSL, set this -+option to B. This setting also affects TLS, where signature algorithms -+that use SHA1 as digest will no longer be supported if this option is set to -+B. -+ - =item B (deprecated) - - The value is a boolean that can be B or B. If the value is -diff --git a/include/crypto/context.h b/include/crypto/context.h -index cc06c71be8..e9f74a414d 100644 ---- a/include/crypto/context.h -+++ b/include/crypto/context.h -@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); - void ossl_thread_event_ctx_free(void *); - void ossl_fips_prov_ossl_ctx_free(void *); - void ossl_release_default_drbg_ctx(void); -+ -+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); -+void ossl_ctx_legacy_digest_signatures_free(void *); -diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index ac50eb3bbd..3b115cc7df 100644 ---- a/include/internal/cryptlib.h -+++ b/include/internal/cryptlib.h -@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { - # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 - # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 - # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 --# define OSSL_LIB_CTX_MAX_INDEXES 19 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19 -+# define OSSL_LIB_CTX_MAX_INDEXES 20 - - OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); - int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); -diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h -index fd7f7e3331..05464b0655 100644 ---- a/include/internal/sslconf.h -+++ b/include/internal/sslconf.h -@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); - void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg); - -+/* Methods to support disabling all signatures with legacy digests */ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig); - #endif -diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 699ada7c52..e534ad0a5f 100644 ---- a/providers/common/securitycheck.c -+++ b/providers/common/securitycheck.c -@@ -19,6 +19,7 @@ - #include - #include - #include "prov/securitycheck.h" -+#include "internal/sslconf.h" - - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - mdnid = -1; /* disallowed by security checks */ - } - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ /* SHA1 is globally disabled, check whether we want to locally allow -+ * it. */ -+ if (mdnid == NID_sha1 && !sha1_allowed) -+ mdnid = -1; -+#endif -+ - return mdnid; - } - -@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid(md) != NID_undef; - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ } -+#endif -+ - return 1; - } -diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index 246323493e..2ca7a59f39 100644 ---- a/providers/common/securitycheck_default.c -+++ b/providers/common/securitycheck_default.c -@@ -15,6 +15,7 @@ - #include - #include "prov/securitycheck.h" - #include "internal/nelem.h" -+#include "internal/sslconf.h" - - /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) - } - - int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, -- ossl_unused int sha1_allowed) -+ int sha1_allowed) - { - int mdnid; -+ int ldsigs_allowed; - - static const OSSL_ITEM name_to_nid[] = { - { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, - }; - -- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); -+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -+ mdnid = -1; - return mdnid; - } -diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 70d0ea5d24..3c482e0181 100644 ---- a/providers/implementations/signature/dsa_sig.c -+++ b/providers/implementations/signature/dsa_sig.c -@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, - mdprops = ctx->propq; - - if (mdname != NULL) { -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - WPACKET pkt; - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -- sha1_allowed); -+ int md_nid; - size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE -+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -+ sha1_allowed); - - if (md == NULL || md_nid < 0) { - if (md == NULL) -diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 865d49d100..99b228e82c 100644 ---- a/providers/implementations/signature/ecdsa_sig.c -+++ b/providers/implementations/signature/ecdsa_sig.c -@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; - } -+#ifdef FIPS_MODULE - sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ sha1_allowed = 0; -+#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index cd5de6bd51..25a51df878 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -25,6 +25,7 @@ - #include "internal/cryptlib.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -+#include "internal/sslconf.h" - #include "crypto/rsa.h" - #include "prov/providercommon.h" - #include "prov/implementations.h" -@@ -33,6 +34,7 @@ - #include "prov/securitycheck.h" - - #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 -+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 - - static OSSL_FUNC_signature_newctx_fn rsa_newctx; - static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, - - if (mdname != NULL) { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -+ int md_nid; -+ size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); -- size_t mdname_len = strlen(mdname); - - if (md == NULL - || md_nid <= 0 -@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - prsactx->pad_mode = pad_mode; - - if (prsactx->md == NULL && pmdname == NULL -- && pad_mode == RSA_PKCS1_PSS_PADDING) -+ && pad_mode == RSA_PKCS1_PSS_PADDING) { - pmdname = RSA_DEFAULT_DIGEST_NAME; -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { -+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; -+ } -+#endif -+ } -+ - - if (pmgf1mdname != NULL - && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index e6f4bcc045..8bc550ea5b 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" - #include "internal/tlsgroups.h" -@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); - EVP_PKEY *tmpkey = EVP_PKEY_new(); - int ret = 0; -+ int ldsigs_allowed; - - if (cache == NULL || tmpkey == NULL) - goto err; - - ERR_set_mark(); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); - for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { - EVP_PKEY_CTX *pctx; -@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - cache[i].enabled = 0; - continue; - } -+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) -+ && !ldsigs_allowed) { -+ cache[i].enabled = 0; -+ continue; -+ } - - if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { - cache[i].enabled = 0; -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 9cb8a4dda2..feb660d030 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: - BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: - OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: --- -2.40.1 - diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch deleted file mode 100644 index 5dcc34c..0000000 --- a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Tue, 1 Mar 2022 15:44:18 +0100 -Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = - yes - -References: rhbz#2055796 ---- - crypto/x509/x509_vfy.c | 19 ++++++++++- - doc/man5/config.pod | 7 +++- - ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- - test/recipes/25-test_verify.t | 7 ++-- - 4 files changed, 79 insertions(+), 18 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index d19efeaa99..451fa10bf2 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -25,6 +25,7 @@ - #include - #include - #include "internal/dane.h" -+#include "internal/sslconf.h" - #include "crypto/x509.h" - #include "x509_local.h" - -@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) - { - int secbits = -1; - int level = ctx->param->auth_level; -+ int nid; -+ OSSL_LIB_CTX *libctx = NULL; - - if (level <= 0) - return 1; - if (level > NUM_AUTH_LEVELS) - level = NUM_AUTH_LEVELS; - -- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) -+ if (ctx->libctx) -+ libctx = ctx->libctx; -+ else if (cert->libctx) -+ libctx = cert->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) - return 0; - -+ if (nid == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ctx->param->auth_level < 3) -+ /* When rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility. */ -+ return 1; -+ - return secbits >= minbits_table[level - 1]; - } -diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index e5a88d11aa..2d5649f90b 100644 ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod -@@ -305,7 +305,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 - digest will fail. For compatibility with older versions of OpenSSL, set this - option to B. This setting also affects TLS, where signature algorithms - that use SHA1 as digest will no longer be supported if this option is set to --B. -+B. Note that enabling B will allow TLS signature -+algorithms that use SHA1 in security level 2, despite the definition of -+security level 2 of 112 bits of security, which SHA1 does not meet. Because -+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key -+material, disabling B requires the use of TLS 1.2 or -+newer. - - =item B (deprecated) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 8bc550ea5b..a9d21a6a96 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "crypto/x509.h" - #include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); - return 0; - } -- /* -- * Make sure security callback allows algorithm. For historical -- * reasons we have to pass the sigalg as a two byte char array. -- */ -- sigalgstr[0] = (sig >> 8) & 0xff; -- sigalgstr[1] = sig & 0xff; -- secbits = sigalg_security_bits(s->ctx, lu); -- if (secbits == 0 || -- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -- md != NULL ? EVP_MD_get_type(md) : NID_undef, -- (void *)sigalgstr)) { -- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -- return 0; -+ -+ if (lu->hash == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 3) { -+ /* when rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility */ -+ } else { -+ /* -+ * Make sure security callback allows algorithm. For historical -+ * reasons we have to pass the sigalg as a two byte char array. -+ */ -+ sigalgstr[0] = (sig >> 8) & 0xff; -+ sigalgstr[1] = sig & 0xff; -+ secbits = sigalg_security_bits(s->ctx, lu); -+ if (secbits == 0 || -+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -+ md != NULL ? EVP_MD_get_type(md) : NID_undef, -+ (void *)sigalgstr)) { -+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -+ return 0; -+ } - } - /* Store the sigalg the peer uses */ - s->s3.tmp.peer_sigalg = lu; -@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) - } - } - -+ if (lu->hash == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 3) { -+ /* when rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility */ -+ return 1; -+ } -+ - /* Finally see if security callback allows it */ - secbits = sigalg_security_bits(s->ctx, lu); - sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) - { - /* Lookup signature algorithm digest */ - int secbits, nid, pknid; -+ OSSL_LIB_CTX *libctx = NULL; -+ - /* Don't check signature if self signed */ - if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) - return 1; -@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) - /* If digest NID not defined use signature NID */ - if (nid == NID_undef) - nid = pknid; -+ -+ if (x && x->libctx) -+ libctx = x->libctx; -+ else if (ctx && ctx->libctx) -+ libctx = ctx->libctx; -+ else if (s && s->ctx && s->ctx->libctx) -+ libctx = s->ctx->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if (nid == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ((s != NULL && SSL_get_security_level(s) < 3) -+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3) -+ )) -+ /* When rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility. */ -+ return 1; -+ - if (s) - return ssl_security(s, op, secbits, nid, x); - else -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index f69af793e4..a7481254e1 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -29,7 +29,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 175; -+plan tests => 174; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), - "CA with PSS signature using SHA256"); - --ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), -- "Reject PSS signature using SHA1 and auth level 1"); -+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1 -+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), -+# "Reject PSS signature using SHA1 and auth level 1"); - - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), - "PSS signature using SHA256 and auth level 2"); --- -2.40.1 - diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch index a2c8d6e..dac2172 100644 --- a/0056-strcasecmp.patch +++ b/0056-strcasecmp.patch @@ -1,17 +1,26 @@ -diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num ---- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 -+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 -@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex - EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: - BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: - OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP -+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c ---- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 -+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 -@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char +From 8545e0c4c38934fda47b701043dd5ce89c99fe81 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 25/35] 0056-strcasecmp.patch + +Patch-name: 0056-strcasecmp.patch +Patch-id: 56 +Patch-status: | + # https://github.com/openssl/openssl/pull/18103 + # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 + # so the patch should persist +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/o_str.c | 14 ++++++++++++-- + test/recipes/01-test_symbol_presence.t | 1 + + util/libcrypto.num | 2 ++ + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 3354ce0927..95b9538471 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) #endif } @@ -25,7 +34,7 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c { int t; -@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c +@@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2) return t; } @@ -39,10 +48,11 @@ diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c { int t; size_t i; -diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t ---- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 -+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 -@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 5530ade0ad..238a8d762e 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -77,6 +77,7 @@ foreach my $libname (@libnames) { s| .*||; # Drop OpenSSL dynamic version information if there is any s|\@\@.+$||; @@ -50,3 +60,19 @@ diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/ # Return the result $_ } +diff --git a/util/libcrypto.num b/util/libcrypto.num +index feb660d030..639074c5d0 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5435,6 +5435,8 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION: + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.41.0 + diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch index 5f13cc1..ff84edf 100644 --- a/0058-FIPS-limit-rsa-encrypt.patch +++ b/0058-FIPS-limit-rsa-encrypt.patch @@ -1,6 +1,27 @@ -diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c ---- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200 -+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200 +From 7a6ade7947ceea6ca367afa0427f61a9505e37a5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 26/35] 0058-FIPS-limit-rsa-encrypt.patch + +Patch-name: 0058-FIPS-limit-rsa-encrypt.patch +Patch-id: 58 +Patch-status: | + # https://github.com/openssl/openssl/pull/18175 + # Patch57: 0057-strcasecmp-fix.patch + # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + providers/common/securitycheck.c | 1 + + .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++ + .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++- + test/recipes/80-test_cms.t | 5 +- + test/recipes/80-test_ssl_old.t | 27 +++++++-- + 5 files changed, 118 insertions(+), 8 deletions(-) + +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index e534ad0a5f..c017c658e5 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c @@ -27,6 +27,7 @@ * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. @@ -9,10 +30,11 @@ diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/pro int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) { int protect = 0; -diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c ---- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200 -+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200 -@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index d865968058..9cd8904131 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); } @@ -30,7 +52,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen) { -@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u +@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -49,7 +71,7 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa if (out == NULL) { size_t len = RSA_size(prsactx->rsa); -@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u +@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -68,75 +90,11 @@ diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pa if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { if (out == NULL) { *outlen = SSL_MAX_MASTER_KEY_LENGTH; -diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t ---- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200 -+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200 -@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", -+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, -@@ -865,5 +865,8 @@ sub check_availability { - return "$tnam: skipped, DSA disabled\n" - if ($no_dsa && $tnam =~ / DSA/); - -+ return "$tnam: skipped, Red Hat FIPS\n" -+ if ($tnam =~ /no Red Hat FIPS/); -+ - return ""; - } -diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t ---- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200 -+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200 -@@ -483,6 +483,18 @@ sub testssl { - # the default choice if TLSv1.3 enabled - my $flag = $protocol eq "-tls1_3" ? "" : $protocol; - my $ciphersuites = ""; -+ my %redhat_skip_cipher = map {$_ => 1} qw( -+AES256-GCM-SHA384:@SECLEVEL=0 -+AES256-CCM8:@SECLEVEL=0 -+AES256-CCM:@SECLEVEL=0 -+AES128-GCM-SHA256:@SECLEVEL=0 -+AES128-CCM8:@SECLEVEL=0 -+AES128-CCM:@SECLEVEL=0 -+AES256-SHA256:@SECLEVEL=0 -+AES128-SHA256:@SECLEVEL=0 -+AES256-SHA:@SECLEVEL=0 -+AES128-SHA:@SECLEVEL=0 -+ ); - foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; -@@ -494,11 +506,16 @@ sub testssl { - } else { - $cipher = $cipher.':@SECLEVEL=0'; - } -- ok(run(test([@ssltest, @exkeys, "-cipher", -- $cipher, -- "-ciphersuites", $ciphersuites, -- $flag || ()])), -- "Testing $cipher"); -+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { -+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; -+ ok(1); -+ } else { -+ ok(run(test([@ssltest, @exkeys, "-cipher", -+ $cipher, -+ "-ciphersuites", $ciphersuites, -+ $flag || ()])), -+ "Testing $cipher"); -+ } - } - } - next if $protocol eq "-tls1_3"; -diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200 -+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200 -@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index 8680797b90..95d5d51102 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377 Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # RSA decrypt @@ -152,7 +110,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 Output = "Hello World" -@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN +@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 h90qjKHS9PvY4Q== -----END PRIVATE KEY----- @@ -195,7 +153,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-1 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 +@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 eG2e4XlBcKjI6A== -----END PRIVATE KEY----- @@ -238,7 +196,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-2 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W +@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z Ya4qnqZe1onjY5o= -----END PRIVATE KEY----- @@ -281,7 +239,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-3 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ +@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq aD0x7TDrmEvkEro= -----END PRIVATE KEY----- @@ -324,7 +282,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-4 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ +@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B MSwGUGLx60i3nRyDyw== -----END PRIVATE KEY----- @@ -367,7 +325,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-5 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq +@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC Yejn5Ly8mU2q+jBcRQ== -----END PRIVATE KEY----- @@ -410,7 +368,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-6 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 +@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS FMlxv0gq65dqc3DC -----END PRIVATE KEY----- @@ -453,7 +411,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-7 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E +@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM 2MiPa249Z+lh3Luj0A== -----END PRIVATE KEY----- @@ -496,7 +454,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-8 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc +@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo tKo5Eb69iFQvBb4= -----END PRIVATE KEY----- @@ -539,3 +497,74 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips Decrypt=RSA-OAEP-9 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index cbec426137..9ba7fbeed2 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -1022,6 +1022,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index e2dcb68fb5..0775112b40 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -493,6 +493,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -504,11 +516,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +-- +2.41.0 + diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index 85338b9..cc0060e 100644 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -1,39 +1,22 @@ -From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 22 Jul 2022 13:59:37 +0200 -Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed +From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 29/35] + 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -Review by our lab for FIPS 140-3 certification expects the RSA -encryption and decryption tests to use a supported padding mode, not raw -RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. - -The FIPS 140-3 Implementation Guidance specifies in section 10.3.A -"Cryptographic Algorithm Self-Test Requirements" that a self-test may be -a known-answer test, a comparison test, or a fault-detection test. - -Comparison tests are not an option, because they would require -a separate implementation of RSA-OAEP, which we do not have. Fault -detection tests require implementing fault detection mechanisms into the -cryptographic algorithm implementation, we we also do not have. - -As a consequence, a known-answer test must be used to test RSA -encryption and decryption, but RSA encryption with OAEP padding is not -deterministic, and thus encryption will always yield different results -that could not be compared to known answers. For this reason, this -change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1), -which is the source of randomness for RSA-OAEP, to a fixed value. This -setting is only available during self-test execution, and the parameter -set using EVP_PKEY_CTX_set_params() will be ignored otherwise. - -Signed-off-by: Clemens Lang +Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +Patch-id: 73 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- crypto/rsa/rsa_local.h | 8 ++ crypto/rsa/rsa_oaep.c | 34 ++++++-- include/openssl/core_names.h | 3 + - providers/fips/self_test_data.inc | 83 +++++++++++-------- + providers/fips/self_test_data.inc | 79 ++++++++++--------- providers/fips/self_test_kats.c | 7 ++ - .../implementations/asymciphers/rsa_enc.c | 41 ++++++++- - 6 files changed, 133 insertions(+), 43 deletions(-) + .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- + 6 files changed, 128 insertions(+), 44 deletions(-) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index ea70da05ad..dde57a1a0e 100644 @@ -119,10 +102,10 @@ index d9be1a4f98..b2f7f7dc4b 100644 const unsigned char *from, int flen, const unsigned char *param, int plen, diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h -index 59a6e79566..11216fb8f8 100644 +index 5e3c132f5b..c0cce14297 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h -@@ -469,6 +469,9 @@ extern "C" { +@@ -471,6 +471,9 @@ extern "C" { #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" @@ -133,32 +116,26 @@ index 59a6e79566..11216fb8f8 100644 /* * Encoder / decoder parameters diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 4e30ec56dd..0103c87528 100644 +index e0fdc0daa4..aa2012c04a 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { - ST_KAT_PARAM_END() +@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { }; --/*- + /*- - * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the -- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient -- * HP/UX PA-RISC compilers. -- */ --static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; -- -+/*- + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the -+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient -+ * HP/UX PA-RISC compilers. -+ */ + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; +static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; +static const char oaep_fixed_seed[] = { + 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, + 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, + 0x2e, 0x4b, 0x2c, 0xe6 +}; -+ + static const ST_KAT_PARAM rsa_enc_params[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), @@ -167,7 +144,7 @@ index 4e30ec56dd..0103c87528 100644 ST_KAT_PARAM_END() }; -@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { +@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = { 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 }; @@ -245,10 +222,10 @@ index 4e30ec56dd..0103c87528 100644 #ifndef OPENSSL_NO_EC diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index 064794d9bf..b6d5e8e134 100644 +index 74ee25dcb6..a9bc8be7fa 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) return ret; } @@ -271,7 +248,7 @@ index 064794d9bf..b6d5e8e134 100644 } diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 00cf65fcd6..83be3d8ede 100644 +index 9cd8904131..40de5ce8fa 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -30,6 +30,9 @@ @@ -294,7 +271,7 @@ index 00cf65fcd6..83be3d8ede 100644 } PROV_RSA_CTX; static void *rsa_newctx(void *provctx) -@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, } } ret = @@ -318,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644 if (!ret) { OPENSSL_free(tbuf); -@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) +@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) EVP_MD_free(prsactx->oaep_md); EVP_MD_free(prsactx->mgf1_md); OPENSSL_free(prsactx->oaep_label); @@ -328,7 +305,7 @@ index 00cf65fcd6..83be3d8ede 100644 OPENSSL_free(prsactx); } -@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), @@ -338,7 +315,7 @@ index 00cf65fcd6..83be3d8ede 100644 OSSL_PARAM_END }; -@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, +@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, return known_gettable_ctx_params; } @@ -349,7 +326,7 @@ index 00cf65fcd6..83be3d8ede 100644 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->oaep_labellen = tmp_labellen; } @@ -369,5 +346,5 @@ index 00cf65fcd6..83be3d8ede 100644 if (p != NULL) { unsigned int client_version; -- -2.37.1 +2.41.0 diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch deleted file mode 100644 index 30d5465..0000000 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch +++ /dev/null @@ -1,312 +0,0 @@ -From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 15 Jul 2022 17:45:40 +0200 -Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test - -In review for FIPS 140-3, the lack of a self-test for the digest_sign -and digest_verify provider functions was highlighted as a problem. NIST -no longer provides ACVP tests for the RSA SigVer primitive (see -https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 -recommends the use of functions that compute the digest and signature -within the module, we have been advised in our module review that the -self tests should also use the combined digest and signature APIs, i.e. -the digest_sign and digest_verify provider functions. - -Modify the signature self-test to use these instead by switching to -EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to -crypto/evp/m_sigver.c to make these functions usable in the FIPS module. - -Signed-off-by: Clemens Lang ---- - crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ - providers/fips/self_test_kats.c | 37 +++++++++++++++------------- - 2 files changed, 56 insertions(+), 24 deletions(-) - -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index db1a1d7bc3..c94c3c53bd 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) - ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); - return 0; - } -+#endif /* !defined(FIPS_MODULE) */ - - /* - * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); -+#ifndef FIPS_MODULE - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); -+#endif /* !defined(FIPS_MODULE) */ - } - if (ctx->pctx == NULL) - return 0; -@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - locpctx = ctx->pctx; - ERR_set_mark(); - -+#ifndef FIPS_MODULE - if (evp_pkey_ctx_is_legacy(locpctx)) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - /* do not reinitialize if pkey is set or operation is different */ - if (reinit -@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); -+#ifndef FIPS_MODULE - if (signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - break; - } - if (signature == NULL) -@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->fetched_digest != NULL) { - ctx->digest = ctx->reqdigest = ctx->fetched_digest; -+#ifndef FIPS_MODULE - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } -+#endif /* !defined(FIPS_MODULE) */ - } - (void)ERR_pop_to_mark(); - } - } - -+#ifndef FIPS_MODULE - if (ctx->reqdigest != NULL - && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - goto err; - } - } -+#endif /* !defined(FIPS_MODULE) */ - - if (ver) { - if (signature->digest_verify_init == NULL) { -@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - -+#ifndef FIPS_MODULE - legacy: - /* - * If we don't have the full support we need with provided methods, -@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->pctx->flag_call_digest_custom = 1; - - ret = 1; -+#endif /* !defined(FIPS_MODULE) */ - - end: - #ifndef FIPS_MODULE -@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); - } --#endif /* FIPS_MDOE */ - - int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - { -@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - sigret, siglen, - *siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - } - } - return 1; -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, - sig, siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - if (vctx || !r) - return r; - return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - return -1; - return EVP_DigestVerifyFinal(ctx, sigret, siglen); - } --#endif /* FIPS_MODULE */ -diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index b6d5e8e134..77eec075e6 100644 ---- a/providers/fips/self_test_kats.c -+++ b/providers/fips/self_test_kats.c -@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, - int ret = 0; - OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD *bld = NULL; -+ EVP_MD *md = NULL; -+ EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; - EVP_PKEY *pkey = NULL; -- unsigned char sig[256]; - BN_CTX *bnctx = NULL; -+ const char *msg = "Hello World!"; -+ unsigned char sig[256]; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, - || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) - goto err; - -- /* Create a EVP_PKEY_CTX to use for the signing operation */ -- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); -- if (sctx == NULL -- || EVP_PKEY_sign_init(sctx) <= 0) -- goto err; -- -- /* set signature parameters */ -- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, -- t->mdalgorithm, -- strlen(t->mdalgorithm) + 1)) -- goto err; -+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature -+ * parameters and sign */ - params_sig = OSSL_PARAM_BLD_to_param(bld); -- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) -+ md = EVP_MD_fetch(libctx, "SHA256", NULL); -+ ctx = EVP_MD_CTX_new(); -+ if (md == NULL || ctx == NULL) -+ goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 -+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 -+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 -+ || EVP_MD_CTX_reset(ctx) <= 0) - goto err; - -- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 -- || EVP_PKEY_verify_init(sctx) <= 0 -+ /* sctx is not freed automatically inside the FIPS module */ -+ EVP_PKEY_CTX_free(sctx); -+ sctx = NULL; -+ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 - || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) - goto err; - -@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, sig); -- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) -+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) - goto err; - ret = 1; - err: - BN_CTX_free(bnctx); - EVP_PKEY_free(pkey); -- EVP_PKEY_CTX_free(kctx); -+ EVP_MD_free(md); -+ EVP_MD_CTX_free(ctx); -+ /* sctx is not freed automatically inside the FIPS module */ - EVP_PKEY_CTX_free(sctx); -+ EVP_PKEY_CTX_free(kctx); - OSSL_PARAM_free(params); - OSSL_PARAM_free(params_sig); - OSSL_PARAM_BLD_free(bld); --- -2.37.1 - diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch index 6577995..747cf7d 100644 --- a/0076-FIPS-140-3-DRBG.patch +++ b/0076-FIPS-140-3-DRBG.patch @@ -1,6 +1,76 @@ -diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c ---- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 -+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 +From 4b59d71e276243615d8fcc65bab32d83e6a602ad Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 32/35] 0076-FIPS-140-3-DRBG.patch + +Patch-name: 0076-FIPS-140-3-DRBG.patch +Patch-id: 76 +Patch-status: | + # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/rand/prov_seed.c | 9 ++- + providers/implementations/rands/crngt.c | 6 +- + providers/implementations/rands/drbg.c | 3 + + .../implementations/rands/seeding/rand_unix.c | 64 ++----------------- + 4 files changed, 20 insertions(+), 62 deletions(-) + +diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c +index 96c499c957..61c4cd8779 100644 +--- a/crypto/rand/prov_seed.c ++++ b/crypto/rand/prov_seed.c +@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, + size_t entropy_available; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); + return 0; +diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c +index fa4a2db14a..1f13fc759e 100644 +--- a/providers/implementations/rands/crngt.c ++++ b/providers/implementations/rands/crngt.c +@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, + * to the nearest byte. If the entropy is of less than full quality, + * the amount required should be scaled up appropriately here. + */ +- bytes_needed = (entropy + 7) / 8; ++ /* ++ * FIPS 140-3: the yet draft SP800-90C requires requested entropy ++ * + 128 bits during initial seeding ++ */ ++ bytes_needed = (entropy + 128 + 7) / 8; + if (bytes_needed < min_len) + bytes_needed = min_len; + if (bytes_needed > max_len) +diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c +index ea55363bf8..423bb91157 100644 +--- a/providers/implementations/rands/drbg.c ++++ b/providers/implementations/rands/drbg.c +@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, + #endif + } + ++#ifdef FIPS_MODULE ++ prediction_resistance = 1; ++#endif + /* Reseed using our sources in addition */ + entropylen = get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, drbg->max_entropylen, +diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c +index cd02a0236d..98c917b6d8 100644 +--- a/providers/implementations/rands/seeding/rand_unix.c ++++ b/providers/implementations/rands/seeding/rand_unix.c @@ -48,6 +48,8 @@ # include # include @@ -9,8 +79,8 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr +# include static uint64_t get_time_stamp(void); - -@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf, + +@@ -341,66 +343,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. */ @@ -79,51 +149,6 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr } # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ -diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c ---- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 -+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200 -@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb - #endif - } - -+#ifdef FIPS_MODULE -+ prediction_resistance = 1; -+#endif - /* Reseed using our sources in addition */ - entropylen = get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen, -diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c ---- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 -+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 -@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused - size_t entropy_available; - RAND_POOL *pool; - -- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); -+ /* -+ * OpenSSL still implements an internal entropy pool of -+ * some size that is hashed to get seed data. -+ * Note that this is a conditioning step for which SP800-90C requires -+ * 64 additional bits from the entropy source to claim the requested -+ * amount of entropy. -+ */ -+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return 0; -diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c ---- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200 -+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200 -@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG - * to the nearest byte. If the entropy is of less than full quality, - * the amount required should be scaled up appropriately here. - */ -- bytes_needed = (entropy + 7) / 8; -+ /* -+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy -+ * + 128 bits during initial seeding -+ */ -+ bytes_needed = (entropy + 128 + 7) / 8; - if (bytes_needed < min_len) - bytes_needed = min_len; - if (bytes_needed > max_len) +-- +2.41.0 + diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch index f6a50a5..c7ee975 100644 --- a/0077-FIPS-140-3-zeroization.patch +++ b/0077-FIPS-140-3-zeroization.patch @@ -1,7 +1,47 @@ -diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c ---- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200 -+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200 -@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa +From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch + +Patch-name: 0077-FIPS-140-3-zeroization.patch +Patch-id: 77 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_lib.c | 4 ++++ + crypto/ffc/ffc_params.c | 8 ++++---- + crypto/rsa/rsa_lib.c | 4 ++-- + providers/implementations/kdfs/hkdf.c | 2 +- + providers/implementations/kdfs/pbkdf2.c | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 6c37bf78ae..cfbc3c3c1d 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) + + void EC_POINT_free(EC_POINT *point) + { ++#ifdef FIPS_MODULE ++ EC_POINT_clear_free(point); ++#else + if (point == NULL) + return; + + if (point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_free(point); ++#endif + } + + void EC_POINT_clear_free(EC_POINT *point) +diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c +index 3536efd1ad..f3c164b8fc 100644 +--- a/crypto/ffc/ffc_params.c ++++ b/crypto/ffc/ffc_params.c +@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params) void ossl_ffc_params_cleanup(FFC_PARAMS *params) { @@ -16,9 +56,10 @@ diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc OPENSSL_free(params->seed); ossl_ffc_params_init(params); } -diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c ---- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200 -+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200 +diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c +index 9588a75964..76b4aac6fc 100644 +--- a/crypto/rsa/rsa_lib.c ++++ b/crypto/rsa/rsa_lib.c @@ -155,8 +155,8 @@ void RSA_free(RSA *r) CRYPTO_THREAD_lock_free(r->lock); @@ -30,10 +71,11 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rs BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); -diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c ---- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200 -+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200 -@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx) +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index daa619b8af..5304baa6c9 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx) void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); @@ -42,10 +84,11 @@ diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3. OPENSSL_free(ctx->prefix); OPENSSL_free(ctx->label); OPENSSL_clear_free(ctx->data, ctx->data_len); -diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c ---- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200 -+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200 -@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 5c3e7b95ce..349c3dd657 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx) static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) { ossl_prov_digest_reset(&ctx->digest); @@ -54,23 +97,6 @@ diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl- OPENSSL_clear_free(ctx->pass, ctx->pass_len); memset(ctx, 0, sizeof(*ctx)); } -diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c ---- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200 -+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200 -@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g - - void EC_POINT_free(EC_POINT *point) - { -+#ifdef FIPS_MODULE -+ EC_POINT_clear_free(point); -+#else - if (point == NULL) - return; - - if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_free(point); -+#endif - } - - void EC_POINT_clear_free(EC_POINT *point) +-- +2.41.0 + diff --git a/openssl.spec b/openssl.spec index d6cc90f..562fac9 100644 --- a/openssl.spec +++ b/openssl.spec @@ -40,103 +40,84 @@ Source7: renew-dummy-cert Source9: configuration-switch.h Source10: configuration-prefix.h Source14: 0025-for-tests.patch - -# Patches exported from source git -# Aarch64 and ppc64le use lib64 -Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch -# Use more general default values in openssl.cnf -Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch -# Do not install html docs -Patch3: 0003-Do-not-install-html-docs.patch -# Override default paths for the CA directory tree -Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch -# apps/ca: fix md option help text -Patch5: 0005-apps-ca-fix-md-option-help-text.patch -# Disable signature verification with totally unsafe hash algorithms -Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch -# Add support for PROFILE=SYSTEM system default cipherlist -Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -# Add FIPS_mode() compatibility macro -Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch -# Add check to see if fips flag is enabled in kernel -Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so -# that new modifications made to these files by upstream are not lost. -Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch -# remove unsupported EC curves -Patch11: 0011-Remove-EC-curves.patch -# Disable explicit EC curves -# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 -Patch12: 0012-Disable-explicit-ec.patch -#Skipped tests from former 0011-Remove-EC-curves.patch -Patch13: 0013-skipped-tests-EC-curves.patch -# Instructions to load legacy provider in openssl.cnf -Patch24: 0024-load-legacy-prov.patch -# Tmp: test name change -Patch31: 0031-tmp-Fix-test-names.patch -# We load FIPS provider and set FIPS properties implicitly -Patch32: 0032-Force-fips.patch -# Embed HMAC into the fips.so -Patch33: 0033-FIPS-embed-hmac.patch -# Comment out fipsinstall command-line utility -Patch34: 0034.fipsinstall_disable.patch -# Skip unavailable algorithms running `openssl speed` -Patch35: 0035-speed-skip-unavailable-dgst.patch -# Extra public/private key checks required by FIPS-140-3 -Patch44: 0044-FIPS-140-3-keychecks.patch -# Minimize fips services -Patch45: 0045-FIPS-services-minimize.patch -# Execute KATS before HMAC verification -Patch47: 0047-FIPS-early-KATS.patch -%if 0%{?rhel} -# Selectively disallow SHA1 signatures -Patch49: 0049-Selectively-disallow-SHA1-signatures.patch -%else -# Selectively disallow SHA1 signatures rhbz#2070977 -Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch -%endif -%if 0%{?rhel} -# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes -Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch -%else -# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) -Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch -%endif -%if 0%{?rhel} -# no USDT probe instrumentation required -%else -# Instrument with USDT probes related to SHA-1 deprecation -#Patch53: 0053-Add-SHA1-probes.patch -%endif -# https://github.com/openssl/openssl/pull/18103 -# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 -# so the patch should persist -Patch56: 0056-strcasecmp.patch -# https://github.com/openssl/openssl/pull/18175 -# Patch57: 0057-strcasecmp-fix.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 -Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch -Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -%if 0%{?rhel} -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch -%else -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -%endif -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch -# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) -# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -Patch76: 0076-FIPS-140-3-DRBG.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 -Patch77: 0077-FIPS-140-3-zeroization.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 -Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch -# https://github.com/openssl/openssl/pull/13817 +# # Patches exported from source git +# # Aarch64 and ppc64le use lib64 +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +# # Use more general default values in openssl.cnf +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +# # Do not install html docs +Patch3: 0003-Do-not-install-html-docs.patch +# # Override default paths for the CA directory tree +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +# # apps/ca: fix md option help text +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +# # Disable signature verification with totally unsafe hash algorithms +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +# # Add support for PROFILE=SYSTEM system default cipherlist +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +# # Add FIPS_mode() compatibility macro +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +# # Add check to see if fips flag is enabled in kernel +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so +# # that new modifications made to these files by upstream are not lost. +Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch +# # remove unsupported EC curves +Patch11: 0011-Remove-EC-curves.patch +# # Disable explicit EC curves +# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +Patch12: 0012-Disable-explicit-ec.patch +# # Skipped tests from former 0011-Remove-EC-curves.patch +Patch13: 0013-skipped-tests-EC-curves.patch +# # Instructions to load legacy provider in openssl.cnf +Patch24: 0024-load-legacy-prov.patch +# # Tmp: test name change +Patch31: 0031-tmp-Fix-test-names.patch +# # We load FIPS provider and set FIPS properties implicitly +Patch32: 0032-Force-fips.patch +# # Embed HMAC into the fips.so +Patch33: 0033-FIPS-embed-hmac.patch +# # Comment out fipsinstall command-line utility +Patch34: 0034.fipsinstall_disable.patch +# # Skip unavailable algorithms running `openssl speed` +Patch35: 0035-speed-skip-unavailable-dgst.patch +# # Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch +# # Minimize fips services +Patch45: 0045-FIPS-services-minimize.patch +# # Execute KATS before HMAC verification +Patch47: 0047-FIPS-early-KATS.patch +# # Selectively disallow SHA1 signatures rhbz#2070977 +Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch +# # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) +Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +# # https://github.com/openssl/openssl/pull/18103 +# # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 +# # so the patch should persist +Patch56: 0056-strcasecmp.patch +# # https://github.com/openssl/openssl/pull/18175 +# # Patch57: 0057-strcasecmp-fix.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +# 0062-fips-Expose-a-FIPS-indicator.patch +Patch62: 0062-fips-Expose-a-FIPS-indicator.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +# [PATCH 30/35] +# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch +# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +Patch76: 0076-FIPS-140-3-DRBG.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +Patch77: 0077-FIPS-140-3-zeroization.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +# # https://github.com/openssl/openssl/pull/13817 Patch100: 0100-RSA-PKCS15-implicit-rejection.patch License: ASL 2.0