Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
313 lines
11 KiB
Diff
313 lines
11 KiB
Diff
From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001
|
|
From: rpm-build <rpm-build>
|
|
Date: Wed, 6 Mar 2024 19:17:16 +0100
|
|
Subject: [PATCH 28/49]
|
|
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
|
|
|
Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
|
Patch-id: 74
|
|
Patch-status: |
|
|
# [PATCH 29/46]
|
|
# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
|
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
|
|
---
|
|
crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++-----
|
|
providers/fips/self_test_kats.c | 43 +++++++++++++++-----------
|
|
2 files changed, 73 insertions(+), 24 deletions(-)
|
|
|
|
Index: openssl-3.2.3/crypto/evp/m_sigver.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/crypto/evp/m_sigver.c
|
|
+++ openssl-3.2.3/crypto/evp/m_sigver.c
|
|
@@ -86,6 +86,7 @@ static int update(EVP_MD_CTX *ctx, const
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
|
return 0;
|
|
}
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
/*
|
|
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
|
@@ -121,8 +122,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
reinit = 0;
|
|
if (e == NULL)
|
|
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
|
+#ifndef FIPS_MODULE
|
|
else
|
|
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
}
|
|
if (ctx->pctx == NULL)
|
|
return 0;
|
|
@@ -132,8 +135,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
locpctx = ctx->pctx;
|
|
ERR_set_mark();
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if (evp_pkey_ctx_is_legacy(locpctx))
|
|
goto legacy;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
/* do not reinitialize if pkey is set or operation is different */
|
|
if (reinit
|
|
@@ -218,8 +223,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
signature =
|
|
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
supported_sig, locpctx->propquery);
|
|
+#ifndef FIPS_MODULE
|
|
if (signature == NULL)
|
|
goto legacy;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
break;
|
|
}
|
|
if (signature == NULL)
|
|
@@ -303,6 +310,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
|
if (ctx->fetched_digest != NULL) {
|
|
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
|
+#ifndef FIPS_MODULE
|
|
} else {
|
|
/* legacy engine support : remove the mark when this is deleted */
|
|
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
|
@@ -311,11 +319,13 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
goto err;
|
|
}
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
}
|
|
(void)ERR_pop_to_mark();
|
|
}
|
|
}
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if (ctx->reqdigest != NULL
|
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
@@ -327,6 +337,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
goto err;
|
|
}
|
|
}
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
if (ver) {
|
|
if (signature->digest_verify_init == NULL) {
|
|
@@ -359,6 +370,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
return 0;
|
|
|
|
+#ifndef FIPS_MODULE
|
|
legacy:
|
|
/*
|
|
* If we don't have the full support we need with provided methods,
|
|
@@ -430,6 +442,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
|
ctx->pctx->flag_call_digest_custom = 1;
|
|
|
|
ret = 1;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
end:
|
|
#ifndef FIPS_MODULE
|
|
@@ -472,7 +485,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx
|
|
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
|
NULL);
|
|
}
|
|
-#endif /* FIPS_MDOE */
|
|
|
|
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
{
|
|
@@ -544,24 +556,30 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c
|
|
return EVP_DigestUpdate(ctx, data, dsize);
|
|
}
|
|
|
|
-#ifndef FIPS_MODULE
|
|
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
size_t *siglen)
|
|
{
|
|
- int sctx = 0, r = 0;
|
|
- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
|
|
+ int r = 0;
|
|
+#ifndef FIPS_MODULE
|
|
+ int sctx = 0;
|
|
+ EVP_PKEY_CTX *dctx = NULL;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
return 0;
|
|
}
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if (pctx == NULL
|
|
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
|
|| pctx->op.sig.algctx == NULL
|
|
|| pctx->op.sig.signature == NULL)
|
|
goto legacy;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
|
|
/* try dup */
|
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
@@ -576,7 +594,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
|
|
else
|
|
EVP_PKEY_CTX_free(dctx);
|
|
return r;
|
|
+#else
|
|
+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
|
+ sigret, siglen,
|
|
+ sigret == NULL ? 0 : *siglen);
|
|
+ return r;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
+#ifndef FIPS_MODULE
|
|
legacy:
|
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
@@ -649,6 +674,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
|
|
}
|
|
}
|
|
return 1;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
}
|
|
|
|
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
@@ -687,23 +713,29 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi
|
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
size_t siglen)
|
|
{
|
|
- unsigned char md[EVP_MAX_MD_SIZE];
|
|
int r = 0;
|
|
+#ifndef FIPS_MODULE
|
|
+ unsigned char md[EVP_MAX_MD_SIZE];
|
|
unsigned int mdlen = 0;
|
|
int vctx = 0;
|
|
- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
|
|
+ EVP_PKEY_CTX *dctx = NULL;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
|
return 0;
|
|
}
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if (pctx == NULL
|
|
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
|
|| pctx->op.sig.algctx == NULL
|
|
|| pctx->op.sig.signature == NULL)
|
|
goto legacy;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
+#ifndef FIPS_MODULE
|
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
|
|
/* try dup */
|
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
@@ -717,7 +749,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
|
|
else
|
|
EVP_PKEY_CTX_free(dctx);
|
|
return r;
|
|
+#else
|
|
+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
|
+ sig, siglen);
|
|
+ return r;
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
|
|
+#ifndef FIPS_MODULE
|
|
legacy:
|
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
@@ -758,6 +796,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
|
|
if (vctx || !r)
|
|
return r;
|
|
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
|
+#endif /* !defined(FIPS_MODULE) */
|
|
}
|
|
|
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
@@ -790,4 +829,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co
|
|
return -1;
|
|
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
|
}
|
|
-#endif /* FIPS_MODULE */
|
|
Index: openssl-3.2.3/providers/fips/self_test_kats.c
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/providers/fips/self_test_kats.c
|
|
+++ openssl-3.2.3/providers/fips/self_test_kats.c
|
|
@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_S
|
|
int ret = 0;
|
|
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
|
OSSL_PARAM_BLD *bld = NULL;
|
|
+ EVP_MD *md = NULL;
|
|
+ EVP_MD_CTX *ctx = NULL;
|
|
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
|
EVP_PKEY *pkey = NULL;
|
|
- unsigned char sig[256];
|
|
BN_CTX *bnctx = NULL;
|
|
+ const char *msg = "Hello World!";
|
|
+ unsigned char sig[256];
|
|
size_t siglen = sizeof(sig);
|
|
static const unsigned char dgst[] = {
|
|
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_S
|
|
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
|
goto err;
|
|
|
|
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
|
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
|
- if (sctx == NULL
|
|
- || EVP_PKEY_sign_init(sctx) <= 0)
|
|
- goto err;
|
|
-
|
|
- /* set signature parameters */
|
|
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
|
- t->mdalgorithm,
|
|
- strlen(t->mdalgorithm) + 1))
|
|
- goto err;
|
|
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
|
+ * parameters and sign */
|
|
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
|
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
|
+ ctx = EVP_MD_CTX_new();
|
|
+ if (md == NULL || ctx == NULL)
|
|
+ goto err;
|
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
|
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
|
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
|
goto err;
|
|
|
|
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
|
- || EVP_PKEY_verify_init(sctx) <= 0
|
|
+ /* sctx is not freed automatically inside the FIPS module */
|
|
+ EVP_PKEY_CTX_free(sctx);
|
|
+ sctx = NULL;
|
|
+
|
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
goto err;
|
|
|
|
@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_S
|
|
goto err;
|
|
|
|
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
|
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
|
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
|
goto err;
|
|
ret = 1;
|
|
err:
|
|
BN_CTX_free(bnctx);
|
|
EVP_PKEY_free(pkey);
|
|
- EVP_PKEY_CTX_free(kctx);
|
|
+ EVP_MD_free(md);
|
|
+ EVP_MD_CTX_free(ctx);
|
|
+ /* sctx is not freed automatically inside the FIPS module */
|
|
EVP_PKEY_CTX_free(sctx);
|
|
+ EVP_PKEY_CTX_free(kctx);
|
|
OSSL_PARAM_free(params);
|
|
OSSL_PARAM_free(params_sig);
|
|
OSSL_PARAM_BLD_free(bld);
|