Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
99 lines
2.8 KiB
Diff
99 lines
2.8 KiB
Diff
From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
|
Date: Mon, 21 Aug 2023 15:51:55 +0200
|
|
Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch
|
|
|
|
Patch-name: 0085-FIPS-RSA-disable-shake.patch
|
|
Patch-id: 85
|
|
---
|
|
crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
|
|
crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
|
|
2 files changed, 44 insertions(+)
|
|
|
|
Index: openssl-3.1.7/crypto/rsa/rsa_oaep.c
|
|
===================================================================
|
|
--- openssl-3.1.7.orig/crypto/rsa/rsa_oaep.c
|
|
+++ openssl-3.1.7/crypto/rsa/rsa_oaep.c
|
|
@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1
|
|
return 0;
|
|
#endif
|
|
}
|
|
+
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
if (mgf1md == NULL)
|
|
mgf1md = md;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
+
|
|
mdlen = EVP_MD_get_size(md);
|
|
if (mdlen <= 0) {
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
|
|
@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(un
|
|
#endif
|
|
}
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
|
+ return -1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (mgf1md == NULL)
|
|
mgf1md = md;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
|
+ return -1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
mdlen = EVP_MD_get_size(md);
|
|
|
|
if (tlen <= 0 || flen <= 0 || mdlen <= 0)
|
|
Index: openssl-3.1.7/crypto/rsa/rsa_pss.c
|
|
===================================================================
|
|
--- openssl-3.1.7.orig/crypto/rsa/rsa_pss.c
|
|
+++ openssl-3.1.7/crypto/rsa/rsa_pss.c
|
|
@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
|
|
if (mgf1Hash == NULL)
|
|
mgf1Hash = Hash;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
|
+ goto err;
|
|
+
|
|
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
|
+ goto err;
|
|
+#endif
|
|
+
|
|
hLen = EVP_MD_get_size(Hash);
|
|
if (hLen < 0)
|
|
goto err;
|
|
@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *
|
|
if (mgf1Hash == NULL)
|
|
mgf1Hash = Hash;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
|
+ goto err;
|
|
+
|
|
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
|
+ goto err;
|
|
+#endif
|
|
+
|
|
hLen = EVP_MD_get_size(Hash);
|
|
if (hLen < 0)
|
|
goto err;
|