Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
109 lines
4.4 KiB
Diff
109 lines
4.4 KiB
Diff
From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
Date: Thu, 17 Nov 2022 18:08:24 +0100
|
|
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
|
|
|
|
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
|
|
specifies key lengths < 112 bytes are disallowed for HMAC generation and
|
|
are legacy use for HMAC verification.
|
|
|
|
Add an explicit indicator that will mark shorter key lengths as
|
|
unsupported. The indicator can be queries from the EVP_MAC_CTX object
|
|
using EVP_MAC_CTX_get_params() with the
|
|
OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR
|
|
parameter.
|
|
|
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
---
|
|
include/crypto/evp.h | 7 +++++++
|
|
include/openssl/evp.h | 3 +++
|
|
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
|
|
4 files changed, 28 insertions(+)
|
|
|
|
Index: openssl-3.2.3/include/crypto/evp.h
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/include/crypto/evp.h
|
|
+++ openssl-3.2.3/include/crypto/evp.h
|
|
@@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_m
|
|
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
|
|
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
|
|
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
|
|
+ * HMAC verification. */
|
|
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
|
|
+#endif
|
|
+
|
|
struct evp_mac_st {
|
|
OSSL_PROVIDER *prov;
|
|
int name_id;
|
|
Index: openssl-3.2.3/include/openssl/evp.h
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/include/openssl/evp.h
|
|
+++ openssl-3.2.3/include/openssl/evp.h
|
|
@@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX
|
|
void *arg);
|
|
|
|
/* MAC stuff */
|
|
+# define EVP_MAC_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
|
+# define EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED 1
|
|
+# define EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
|
|
|
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
|
|
const char *properties);
|
|
Index: openssl-3.2.3/providers/implementations/macs/hmac_prov.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/implementations/macs/hmac_prov.c
|
|
+++ openssl-3.2.3/providers/implementations/macs/hmac_prov.c
|
|
@@ -23,6 +23,8 @@
|
|
|
|
#include "internal/ssl3_cbc.h"
|
|
|
|
+#include "crypto/evp.h"
|
|
+
|
|
#include "prov/implementations.h"
|
|
#include "prov/provider_ctx.h"
|
|
#include "prov/provider_util.h"
|
|
@@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, uns
|
|
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
|
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
|
|
+#ifdef FIPS_MODULE
|
|
+ OSSL_PARAM_int(OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
|
+#endif /* defined(FIPS_MODULE) */
|
|
OSSL_PARAM_END
|
|
};
|
|
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
|
|
@@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vma
|
|
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
|
|
return 0;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR)) != NULL) {
|
|
+ int fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED;
|
|
+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
|
|
+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
|
|
+ * and legacy use for HMAC verification. */
|
|
+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
|
|
+ fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
|
+ }
|
|
+#endif /* defined(FIPS_MODULE) */
|
|
+
|
|
return 1;
|
|
}
|
|
|
|
Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm
|
|
+++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
|
|
@@ -143,6 +143,7 @@ my %params = (
|
|
'MAC_PARAM_SIZE' => "size", # size_t
|
|
'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
|
|
'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
|
|
+ 'MAC_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator", # size_t
|
|
|
|
# KDF / PRF parameters
|
|
'KDF_PARAM_SECRET' => "secret", # octet string
|