rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop long ago obsolete part of the FIPS patch

This commit is contained in:
Tomas Mraz 2020-06-23 15:55:16 +02:00
parent f023424321
commit 7f27ca925c
2 changed files with 4 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
openssl-1.1.1-fips.patch
View File

@ -879,128 +879,6 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm
pkey_ec_init,
pkey_ec_copy,
pkey_ec_cleanup,
diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c
--- openssl-1.1.1e/crypto/evp/c_allc.c.fips 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/c_allc.c 2020-03-17 17:30:52.027567375 +0100
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode()) {
+#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_chacha20_poly1305());
# endif
#endif
+#ifdef OPENSSL_FIPS
+ } else {
+# ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_ede3_cfb());
+
+ EVP_add_cipher(EVP_des_ede3_ofb());
+
+ EVP_add_cipher(EVP_des_ede3_cbc());
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+ EVP_add_cipher(EVP_des_ede3());
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
+ EVP_add_cipher(EVP_des_ede3_wrap());
+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
+# endif
+
+# ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_ecb());
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_128_cfb());
+ EVP_add_cipher(EVP_aes_128_cfb1());
+ EVP_add_cipher(EVP_aes_128_cfb8());
+ EVP_add_cipher(EVP_aes_128_ofb());
+ EVP_add_cipher(EVP_aes_128_ctr());
+ EVP_add_cipher(EVP_aes_128_gcm());
+ EVP_add_cipher(EVP_aes_128_xts());
+ EVP_add_cipher(EVP_aes_128_ccm());
+ EVP_add_cipher(EVP_aes_128_wrap());
+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+ EVP_add_cipher(EVP_aes_128_wrap_pad());
+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+ EVP_add_cipher(EVP_aes_192_ecb());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_192_cfb());
+ EVP_add_cipher(EVP_aes_192_cfb1());
+ EVP_add_cipher(EVP_aes_192_cfb8());
+ EVP_add_cipher(EVP_aes_192_ofb());
+ EVP_add_cipher(EVP_aes_192_ctr());
+ EVP_add_cipher(EVP_aes_192_gcm());
+ EVP_add_cipher(EVP_aes_192_ccm());
+ EVP_add_cipher(EVP_aes_192_wrap());
+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+ EVP_add_cipher(EVP_aes_192_wrap_pad());
+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+ EVP_add_cipher(EVP_aes_256_ecb());
+ EVP_add_cipher(EVP_aes_256_cbc());
+ EVP_add_cipher(EVP_aes_256_cfb());
+ EVP_add_cipher(EVP_aes_256_cfb1());
+ EVP_add_cipher(EVP_aes_256_cfb8());
+ EVP_add_cipher(EVP_aes_256_ofb());
+ EVP_add_cipher(EVP_aes_256_ctr());
+ EVP_add_cipher(EVP_aes_256_gcm());
+ EVP_add_cipher(EVP_aes_256_xts());
+ EVP_add_cipher(EVP_aes_256_ccm());
+ EVP_add_cipher(EVP_aes_256_wrap());
+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+ EVP_add_cipher(EVP_aes_256_wrap_pad());
+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+# endif
+ }
+#endif
}
diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c
--- openssl-1.1.1e/crypto/evp/c_alld.c.fips 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/c_alld.c 2020-03-17 17:30:52.027567375 +0100
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
{
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode()) {
+#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void)
EVP_add_digest(EVP_sha3_512());
EVP_add_digest(EVP_shake128());
EVP_add_digest(EVP_shake256());
+#ifdef OPENSSL_FIPS
+ } else {
+ EVP_add_digest(EVP_md5_sha1());
+ EVP_add_digest(EVP_sha1());
+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+ EVP_add_digest(EVP_sha512_224());
+ EVP_add_digest(EVP_sha512_256());
+ EVP_add_digest(EVP_sha3_224());
+ EVP_add_digest(EVP_sha3_256());
+ EVP_add_digest(EVP_sha3_384());
+ EVP_add_digest(EVP_sha3_512());
+ EVP_add_digest(EVP_shake128());
+ EVP_add_digest(EVP_shake256());
+ }
+#endif
}
diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c
--- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100

5
openssl.spec
View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1g
Release: 10%{?dist}
Release: 11%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
- Drop long ago obsolete part of the FIPS patch
* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
- Rewire FIPS_drbg API to use the RAND_DRBG