Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
138 lines
5.4 KiB
Diff
138 lines
5.4 KiB
Diff
Index: openssl-3.2.3/crypto/rand/prov_seed.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/crypto/rand/prov_seed.c
|
|
+++ openssl-3.2.3/crypto/rand/prov_seed.c
|
|
@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused
|
|
size_t entropy_available;
|
|
RAND_POOL *pool;
|
|
|
|
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
|
|
return 0;
|
|
Index: openssl-3.2.3/crypto/rand/rand_lib.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/crypto/rand/rand_lib.c
|
|
+++ openssl-3.2.3/crypto/rand/rand_lib.c
|
|
@@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB
|
|
return ret;
|
|
}
|
|
|
|
-#ifndef FIPS_MODULE
|
|
- if (dgbl->seed == NULL) {
|
|
- ERR_set_mark();
|
|
- dgbl->seed = rand_new_seed(ctx);
|
|
- ERR_pop_to_mark();
|
|
- }
|
|
-#endif
|
|
-
|
|
- ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed,
|
|
+ ret = dgbl->primary = rand_new_drbg(ctx, NULL,
|
|
PRIMARY_RESEED_INTERVAL,
|
|
PRIMARY_RESEED_TIME_INTERVAL, 1);
|
|
/*
|
|
Index: openssl-3.2.3/providers/implementations/rands/crngt.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/rands/crngt.c
|
|
+++ openssl-3.2.3/providers/implementations/rands/crngt.c
|
|
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
|
|
* to the nearest byte. If the entropy is of less than full quality,
|
|
* the amount required should be scaled up appropriately here.
|
|
*/
|
|
- bytes_needed = (entropy + 7) / 8;
|
|
+ /*
|
|
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
|
|
+ * + 128 bits during initial seeding
|
|
+ */
|
|
+ bytes_needed = (entropy + 128 + 7) / 8;
|
|
if (bytes_needed < min_len)
|
|
bytes_needed = min_len;
|
|
if (bytes_needed > max_len)
|
|
Index: openssl-3.2.3/providers/implementations/rands/drbg.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/rands/drbg.c
|
|
+++ openssl-3.2.3/providers/implementations/rands/drbg.c
|
|
@@ -569,6 +569,9 @@ static int ossl_prov_drbg_reseed_unlocke
|
|
#endif
|
|
}
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ prediction_resistance = 1;
|
|
+#endif
|
|
/* Reseed using our sources in addition */
|
|
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
|
drbg->min_entropylen, drbg->max_entropylen,
|
|
@@ -690,8 +693,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d
|
|
reseed_required = 1;
|
|
}
|
|
if (drbg->parent != NULL
|
|
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
|
|
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
|
|
+#ifdef FIPS_MODULE
|
|
+ /* SUSE patches provide chain reseeding when necessary so just sync counters*/
|
|
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
|
|
+#else
|
|
reseed_required = 1;
|
|
+#endif
|
|
+ }
|
|
|
|
if (reseed_required || prediction_resistance) {
|
|
if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
|
|
Index: openssl-3.2.3/providers/implementations/rands/drbg_local.h
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/rands/drbg_local.h
|
|
+++ openssl-3.2.3/providers/implementations/rands/drbg_local.h
|
|
@@ -38,7 +38,7 @@
|
|
*
|
|
* The value is in bytes.
|
|
*/
|
|
-#define CRNGT_BUFSIZ 16
|
|
+#define CRNGT_BUFSIZ 32
|
|
|
|
/*
|
|
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
|
Index: openssl-3.2.3/providers/implementations/rands/seed_src.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/rands/seed_src.c
|
|
+++ openssl-3.2.3/providers/implementations/rands/seed_src.c
|
|
@@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed
|
|
return 0;
|
|
}
|
|
|
|
- pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
|
|
return 0;
|
|
@@ -182,7 +189,14 @@ static size_t seed_get_seed(void *vseed,
|
|
size_t i;
|
|
RAND_POOL *pool;
|
|
|
|
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
|
|
return 0;
|