From ffdf279f1f15f03b13a3335a3790040c840502c2e81e3f70ef4a3a1a5c651607 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Wed, 19 Feb 2020 08:42:05 +0000 Subject: [PATCH 1/3] Accepting request 776093 from home:jsikes:branches:security:tls Finally submitted bsc#1155345. Enjoy! OBS-URL: https://build.opensuse.org/request/show/776093 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=59 --- openssl-1_1.changes | 6 + openssl-fips-add-SHA3-selftest.patch | 347 +++++++++++++++++++++++++++ 2 files changed, 353 insertions(+) create mode 100644 openssl-fips-add-SHA3-selftest.patch diff --git a/openssl-1_1.changes b/openssl-1_1.changes index b333f0b..2ff6e9b 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 18 22:49:46 UTC 2020 - Jason Sikes + +- Added SHA3 FIPS self-tests bsc#1155345 + * openssl-fips-add-SHA3-selftest.patch + ------------------------------------------------------------------- Tue Jan 28 12:14:59 UTC 2020 - Pedro Monreal Gonzalez diff --git a/openssl-fips-add-SHA3-selftest.patch b/openssl-fips-add-SHA3-selftest.patch new file mode 100644 index 0000000..27074c9 --- /dev/null +++ b/openssl-fips-add-SHA3-selftest.patch @@ -0,0 +1,347 @@ +Index: openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c +=================================================================== +--- openssl-1.1.1d.orig/crypto/fips/fips_hmac_selftest.c ++++ openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c +@@ -55,12 +55,23 @@ + #include + + #ifdef OPENSSL_FIPS ++ ++#define MAX_SHA3_KEY_LENGTH 200 ++ + typedef struct { + const EVP_MD *(*alg) (void); + const char *key, *iv; + unsigned char kaval[EVP_MAX_MD_SIZE]; + } HMAC_KAT; + ++typedef struct { ++ const EVP_MD *(*alg) (void); ++ unsigned char key[MAX_SHA3_KEY_LENGTH]; ++ size_t keylen; /* strlen() doesn't work with NIST test vector keys */ ++ const char *iv; ++ unsigned char kaval[EVP_MAX_MD_SIZE]; ++} HMAC_KAT_SHA3; ++ + static const HMAC_KAT vector[] = { + {EVP_sha1, + /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */ +@@ -111,6 +122,289 @@ static const HMAC_KAT vector[] = { + }, + }; + ++static const HMAC_KAT_SHA3 vector_SHA3[] = { ++ /* using SHA3-224 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-224.pdf */ ++ {EVP_sha3_224, ++ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b}, ++ 0x1c, ++ "Sample message for keylenblocklen", ++ {0x07, 0x86, 0x95, 0xee, 0xcc, 0x22, 0x7c, 0x63, ++ 0x6a, 0xd3, 0x1d, 0x06, 0x3a, 0x15, 0xdd, 0x05, ++ 0xa7, 0xe8, 0x19, 0xa6, 0x6e, 0xc6, 0xd8, 0xde, ++ 0x1e, 0x19, 0x3e, 0x59}, ++ }, ++ /* using SHA3-256 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-256.pdf */ ++ {EVP_sha3_256, ++ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, ++ 0x30, ++ "Sample message for keylenblocklen", ++ {0x9b, 0xcf, 0x2c, 0x23, 0x8e, 0x23, 0x5c, 0x3c, ++ 0xe8, 0x84, 0x04, 0xe8, 0x13, 0xbd, 0x2f, 0x3a, ++ 0x97, 0x18, 0x5a, 0xc6, 0xf2, 0x38, 0xc6, 0x3d, ++ 0x62, 0x29, 0xa0, 0x0b, 0x07, 0x97, 0x42, 0x58}, ++ }, ++ /* using SHA3-384 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-384.pdf */ ++ {EVP_sha3_384, ++ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, ++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, ++ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, ++ 0x30, ++ "Sample message for keylenblocklen", ++ {0xe5, 0xae, 0x4c, 0x73, 0x9f, 0x45, 0x52, 0x79, ++ 0x36, 0x8e, 0xbf, 0x36, 0xd4, 0xf5, 0x35, 0x4c, ++ 0x95, 0xaa, 0x18, 0x4c, 0x89, 0x9d, 0x38, 0x70, ++ 0xe4, 0x60, 0xeb, 0xc2, 0x88, 0xef, 0x1f, 0x94, ++ 0x70, 0x05, 0x3f, 0x73, 0xf7, 0xc6, 0xda, 0x2a, ++ 0x71, 0xbc, 0xae, 0xc3, 0x8c, 0xe7, 0xd6, 0xac}, ++ }, ++ ++ ++ ++ /* using SHA3-512 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-512.pdf */ ++ {EVP_sha3_512, ++ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, ++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, ++ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, ++ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, ++ 0x40, ++ "Sample message for keylenblocklen", ++ {0x5f, 0x46, 0x4f, 0x5e, 0x5b, 0x78, 0x48, 0xe3, ++ 0x88, 0x5e, 0x49, 0xb2, 0xc3, 0x85, 0xf0, 0x69, ++ 0x49, 0x85, 0xd0, 0xe3, 0x89, 0x66, 0x24, 0x2d, ++ 0xc4, 0xa5, 0xfe, 0x3f, 0xea, 0x4b, 0x37, 0xd4, ++ 0x6b, 0x65, 0xce, 0xce, 0xd5, 0xdc, 0xf5, 0x94, ++ 0x38, 0xdd, 0x84, 0x0b, 0xab, 0x22, 0x26, 0x9f, ++ 0x0b, 0xa7, 0xfe, 0xbd, 0xb9, 0xfc, 0xf7, 0x46, ++ 0x02, 0xa3, 0x56, 0x66, 0xb2, 0xa3, 0x29, 0x15}, ++ }, ++}; ++ ++ + int FIPS_selftest_hmac() + { + int n; +@@ -118,7 +412,9 @@ int FIPS_selftest_hmac() + unsigned char out[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + const HMAC_KAT *t; ++ const HMAC_KAT_SHA3 *t3; + ++ /* SHA1 and SHA2 */ + for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { + md = (*t->alg) (); + HMAC(md, t->key, strlen(t->key), +@@ -128,6 +424,18 @@ int FIPS_selftest_hmac() + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED); + return 0; + } ++ } ++ ++ /* SHA3 */ ++ for (n = 0, t3 = vector_SHA3; n < sizeof(vector_SHA3) / sizeof(vector_SHA3[0]); n++, t3++) { ++ md = (*t3->alg) (); ++ HMAC(md, t3->key, t3->keylen, ++ (const unsigned char *)t3->iv, strlen(t3->iv), out, &outlen); ++ ++ if (memcmp(out, t3->kaval, outlen)) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } + } + return 1; + } From 97fb15d08d65bbe85dee0abb5916d7aeef43e0259c156c41fd8a48f7916a338d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Wed, 19 Feb 2020 08:57:54 +0000 Subject: [PATCH 2/3] apply the sha3 patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=60 --- openssl-1_1.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-1_1.spec b/openssl-1_1.spec index a98804f..6dba246 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -85,6 +85,7 @@ Patch43: openssl-keep_EVP_KDF_functions_version.patch # PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto) Patch44: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch Patch45: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch +Patch46: openssl-fips-add-SHA3-selftest.patch BuildRequires: pkgconfig Conflicts: ssl Provides: ssl From 92e6fcbee3a1c0552da87f4a667b437de31cdd7117f85d7fc15d77e05a9e17ed Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Fri, 21 Feb 2020 15:33:18 +0000 Subject: [PATCH 3/3] Accepting request 778004 from home:vitezslav_cizek:branches:security:tls - Use the newly build libcrypto shared library when computing the hmac checksums in order to avoid a bootstrapping issue by BuildRequiring libopenssl1_1 (bsc#1164102) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) * add openssl-fips_fix_selftests_return_value.patch OBS-URL: https://build.opensuse.org/request/show/778004 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=61 --- openssl-1_1.changes | 13 +++++++++ openssl-1_1.spec | 19 ++++++++++--- openssl-fips_fix_selftests_return_value.patch | 27 +++++++++++++++++++ 3 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 openssl-fips_fix_selftests_return_value.patch diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 2ff6e9b..9141669 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Feb 21 08:03:05 UTC 2020 - Vítězslav Čížek + +- Use the newly build libcrypto shared library when computing the hmac + checksums in order to avoid a bootstrapping issue by BuildRequiring + libopenssl1_1 (bsc#1164102) + +------------------------------------------------------------------- +Thu Feb 20 13:35:05 UTC 2020 - Vítězslav Čížek + +- Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) + * add openssl-fips_fix_selftests_return_value.patch + ------------------------------------------------------------------- Tue Feb 18 22:49:46 UTC 2020 - Jason Sikes diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 6dba246..8823061 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -82,10 +82,11 @@ Patch40: openssl-fips-selftests_in_nonfips_mode.patch Patch41: openssl-fips-clearerror.patch Patch42: openssl-fips-ignore_broken_atexit_test.patch Patch43: openssl-keep_EVP_KDF_functions_version.patch +Patch44: openssl-fips_fix_selftests_return_value.patch +Patch45: openssl-fips-add-SHA3-selftest.patch # PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto) -Patch44: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch -Patch45: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch -Patch46: openssl-fips-add-SHA3-selftest.patch +Patch50: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch +Patch51: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch BuildRequires: pkgconfig Conflicts: ssl Provides: ssl @@ -269,13 +270,23 @@ cp %{SOURCE5} . # openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs' %{expand:%%global __os_install_post {%__os_install_post +# Point linker to the newly installed libcrypto in order to avoid BuildRequiring itself (libopenssl1_1) +export LD_LIBRARY_PATH="%{buildroot}%{_libdir}" + %{buildroot}%{_bindir}/fips_standalone_hmac \ %{buildroot}%{_libdir}/libssl.so.%{maj_min} > \ %{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac +# As fips_standalone_hmac now uses the very same library it checksums, +# the libcrypto hmac needs to be saved to a temporary file, otherwise +# the library will detect the empty hmac and abort due to a wrong checksum %{buildroot}%{_bindir}/fips_standalone_hmac \ %{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \ - %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac + %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.temphmac + +# rename the temporary checksum to its proper name +mv %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.temphmac %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac +unset LD_LIBRARY_PATH }} diff --git a/openssl-fips_fix_selftests_return_value.patch b/openssl-fips_fix_selftests_return_value.patch new file mode 100644 index 0000000..1598f9a --- /dev/null +++ b/openssl-fips_fix_selftests_return_value.patch @@ -0,0 +1,27 @@ +Index: openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c +=================================================================== +--- openssl-1.1.1d.orig/crypto/fips/fips_dsa_selftest.c 2020-02-17 10:40:18.006796026 +0100 ++++ openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c 2020-02-17 10:40:18.946801354 +0100 +@@ -150,7 +150,7 @@ int FIPS_selftest_dsa() + { + DSA *dsa = NULL; + EVP_PKEY *pk = NULL; +- int ret = -1; ++ int ret = 0; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; + + fips_load_key_component(p, dsa_test_2048); +Index: openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c +=================================================================== +--- openssl-1.1.1d.orig/crypto/fips/fips_ecdh_selftest.c 2020-02-17 10:40:18.006796026 +0100 ++++ openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c 2020-02-17 10:40:18.950801378 +0100 +@@ -221,6 +221,9 @@ int FIPS_selftest_ecdh(void) + } + + err: ++ if (rv == -1) { ++ rv = 0; ++ } + + if (x) + BN_clear_free(x);