Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
99 lines
4.8 KiB
Diff
99 lines
4.8 KiB
Diff
From 589eb3898896c1ac916bc20069ecd5adb8534850 Mon Sep 17 00:00:00 2001
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
Date: Fri, 17 Feb 2023 15:31:08 +0100
|
|
Subject: [PATCH] GCM: Implement explicit FIPS indicator for IV gen
|
|
|
|
Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
|
Verification Program, Section C.H requires guarantees about the
|
|
uniqueness of key/iv pairs, and proposes a few approaches to ensure
|
|
this. Provide an indicator for option 2 "The IV may be generated
|
|
internally at its entirety randomly."
|
|
|
|
Resolves: rhbz#2168289
|
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
---
|
|
include/openssl/core_names.h | 1 +
|
|
include/openssl/evp.h | 4 +++
|
|
.../implementations/ciphers/ciphercommon.c | 4 +++
|
|
.../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
|
|
4 files changed, 34 insertions(+)
|
|
|
|
Index: openssl-3.2.3/include/openssl/evp.h
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/include/openssl/evp.h
|
|
+++ openssl-3.2.3/include/openssl/evp.h
|
|
@@ -753,6 +753,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER
|
|
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
|
|
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
|
|
|
|
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
|
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_APPROVED 1
|
|
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
|
+
|
|
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
|
const unsigned char *key, const unsigned char *iv);
|
|
__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
|
|
Index: openssl-3.2.3/providers/implementations/ciphers/ciphercommon.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/ciphers/ciphercommon.c
|
|
+++ openssl-3.2.3/providers/implementations/ciphers/ciphercommon.c
|
|
@@ -152,6 +152,10 @@ static const OSSL_PARAM cipher_aead_know
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
|
|
+ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does
|
|
+ * not work in ciphercommon.c because it is compiled only once into
|
|
+ * libcommon.a */
|
|
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
|
OSSL_PARAM_END
|
|
};
|
|
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
|
|
Index: openssl-3.2.3/providers/implementations/ciphers/ciphercommon_gcm.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/ciphers/ciphercommon_gcm.c
|
|
+++ openssl-3.2.3/providers/implementations/ciphers/ciphercommon_gcm.c
|
|
@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx,
|
|
break;
|
|
}
|
|
}
|
|
+
|
|
+ /* We would usually hide this under #ifdef FIPS_MODULE, but
|
|
+ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do
|
|
+ * not work here. */
|
|
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR);
|
|
+ if (p != NULL) {
|
|
+ int fips_indicator = EVP_CIPHER_SUSE_FIPS_INDICATOR_APPROVED;
|
|
+
|
|
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
|
+ * Verification Program, Section C.H requires guarantees about the
|
|
+ * uniqueness of key/iv pairs, and proposes a few approaches to ensure
|
|
+ * this. This provides an indicator for option 2 "The IV may be
|
|
+ * generated internally at its entirety randomly." Note that one of the
|
|
+ * conditions of this option is that "The IV length shall be at least
|
|
+ * 96 bits (per SP 800-38D)." We do not specically check for this
|
|
+ * condition here, because gcm_iv_generate will fail in this case. */
|
|
+ if (ctx->enc && !ctx->iv_gen_rand)
|
|
+ fips_indicator = EVP_CIPHER_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
|
+
|
|
+ if (!OSSL_PARAM_set_int(p, fips_indicator)) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
return 1;
|
|
}
|
|
|
|
Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm
|
|
+++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
|
|
@@ -102,6 +102,7 @@ my %params = (
|
|
'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
|
|
# For passing the AlgorithmIdentifier parameter in DER form
|
|
'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string
|
|
+ 'CIPHER_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator",# int
|
|
'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string
|
|
|
|
'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint
|