forked from pool/openssl-3
Pedro Monreal Gonzalez
6bc57d937f
* SHA-1 is not allowed anymore in FIPS 186-5 for signature
verification operations. After 12/31/2030, NIST will disallow
SHA-1 for all of its usages.
* Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
- FIPS: RSA keygen PCT requirements.
* Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the
self-test requirements are covered by do_rsa_pct() for both
RSA-OAEP and RSA signatures [bsc#1221760]
* Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753]
* Add openssl-3-FIPS-PCT_rsa_keygen.patch
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode. [bsc#1220523]
* Rebase openssl-Force-FIPS.patch
- FIPS: Port openssl to use jitterentropy [bsc#1220523]
* Set the module in error state if the jitter RNG fails either on
initialization or entropy gathering because health tests failed.
* Add jitterentropy as a seeding source output also in crypto/info.c
* Move the jitter entropy collector and the associated lock out
of the header file to avoid redefinitions.
* Add the fips_local.cnf symlink to the spec file. This simlink
points to the openssl_fips.config file that is provided by the
crypto-policies package.
* Rebase openssl-3-jitterentropy-3.4.0.patch
* Rebase openssl-FIPS-enforce-EMS-support.patch
- FIPS: Block non-Approved Elliptic Curves [bsc#1221786]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=110
117 lines
4.7 KiB
Diff
117 lines
4.7 KiB
Diff
Index: openssl-3.1.4/providers/implementations/rands/drbg.c
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/providers/implementations/rands/drbg.c
|
|
+++ openssl-3.1.4/providers/implementations/rands/drbg.c
|
|
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
|
|
#endif
|
|
}
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ prediction_resistance = 1;
|
|
+#endif
|
|
/* Reseed using our sources in addition */
|
|
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
|
drbg->min_entropylen, drbg->max_entropylen,
|
|
@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d
|
|
reseed_required = 1;
|
|
}
|
|
if (drbg->parent != NULL
|
|
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
|
|
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
|
|
+#ifdef FIPS_MODULE
|
|
+ /* SUSE patches provide chain reseeding when necessary so just sync counters*/
|
|
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
|
|
+#else
|
|
reseed_required = 1;
|
|
+#endif
|
|
+ }
|
|
|
|
if (reseed_required || prediction_resistance) {
|
|
if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0,
|
|
Index: openssl-3.1.4/crypto/rand/prov_seed.c
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/crypto/rand/prov_seed.c
|
|
+++ openssl-3.1.4/crypto/rand/prov_seed.c
|
|
@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused
|
|
size_t entropy_available;
|
|
RAND_POOL *pool;
|
|
|
|
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
|
|
return 0;
|
|
Index: openssl-3.1.4/providers/implementations/rands/crngt.c
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/providers/implementations/rands/crngt.c
|
|
+++ openssl-3.1.4/providers/implementations/rands/crngt.c
|
|
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
|
|
* to the nearest byte. If the entropy is of less than full quality,
|
|
* the amount required should be scaled up appropriately here.
|
|
*/
|
|
- bytes_needed = (entropy + 7) / 8;
|
|
+ /*
|
|
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
|
|
+ * + 128 bits during initial seeding
|
|
+ */
|
|
+ bytes_needed = (entropy + 128 + 7) / 8;
|
|
if (bytes_needed < min_len)
|
|
bytes_needed = min_len;
|
|
if (bytes_needed > max_len)
|
|
Index: openssl-3.1.4/providers/implementations/rands/drbg_local.h
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/providers/implementations/rands/drbg_local.h
|
|
+++ openssl-3.1.4/providers/implementations/rands/drbg_local.h
|
|
@@ -38,7 +38,7 @@
|
|
*
|
|
* The value is in bytes.
|
|
*/
|
|
-#define CRNGT_BUFSIZ 16
|
|
+#define CRNGT_BUFSIZ 32
|
|
|
|
/*
|
|
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
|
Index: openssl-3.1.4/providers/implementations/rands/seed_src.c
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/providers/implementations/rands/seed_src.c
|
|
+++ openssl-3.1.4/providers/implementations/rands/seed_src.c
|
|
@@ -104,7 +104,14 @@ static int seed_src_generate(void *vseed
|
|
return 0;
|
|
}
|
|
|
|
- pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
|
return 0;
|
|
@@ -184,7 +191,14 @@ static size_t seed_get_seed(void *vseed,
|
|
size_t i;
|
|
RAND_POOL *pool;
|
|
|
|
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
|
+ /*
|
|
+ * OpenSSL still implements an internal entropy pool of
|
|
+ * some size that is hashed to get seed data.
|
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
+ * 64 additional bits from the entropy source to claim the requested
|
|
+ * amount of entropy.
|
|
+ */
|
|
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
|
if (pool == NULL) {
|
|
ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
|
|
return 0;
|