rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rewire FIPS_drbg API to use the RAND_DRBG

This commit is contained in:
Tomas Mraz 2020-06-22 13:43:12 +02:00
parent ef93cf994d
commit f023424321
3 changed files with 285 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
openssl-1.1.1-fips-dh.patch
View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
--- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-05-25 18:41:00.478262334 +0200
+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-06-05 17:31:28.044776018 +0200
@@ -1,13 +1,17 @@
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
}
diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
--- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-05-25 18:41:00.480262350 +0200
+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-06-05 17:31:28.044776018 +0200
@@ -1,7 +1,7 @@
/*
- * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
+#endif /* OPENSSL_NO_DH */
diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
--- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-05-25 18:41:00.481262359 +0200
+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-06-05 17:31:28.045776027 +0200
@@ -10,6 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
@ -1999,8 +1999,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
if (ctx == NULL)
goto err;
diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-05-25 18:41:00.255260458 +0200
+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-05-25 18:41:00.481262359 +0200
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-06-05 17:31:27.977775462 +0200
+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-06-05 17:31:28.045776027 +0200
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
BN_GENCB *cb)
{
@ -2031,8 +2031,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
if (ctx == NULL)
goto err;
diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-05-25 18:41:00.255260458 +0200
+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-05-25 18:41:00.482262367 +0200
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-06-05 17:31:27.977775462 +0200
+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-06-05 17:31:28.045776027 +0200
@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
BIGNUM *pub_key = NULL, *priv_key = NULL;
@ -2075,8 +2075,16 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
goto err;
diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
--- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-05-25 18:41:00.482262367 +0200
@@ -86,6 +86,8 @@ DH *DH_new_method(ENGINE *engine)
+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-06-18 14:13:33.546892717 +0200
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <openssl/objects.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include <openssl/bn.h>
@@ -86,6 +87,8 @@ DH *DH_new_method(ENGINE *engine)
goto err;
}
@ -2085,7 +2093,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
return ret;
err:
@@ -205,7 +207,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
@@ -205,7 +208,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
dh->g = g;
}
@ -2097,8 +2105,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
}
diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-05-25 18:40:59.396253234 +0200
+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-05-25 18:41:00.482262367 +0200
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-06-05 17:31:27.763773685 +0200
+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-06-05 17:31:28.045776027 +0200
@@ -35,6 +35,7 @@ struct dh_st {
const DH_METHOD *meth;
ENGINE *engine;
@ -2115,7 +2123,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
+void dh_cache_nid(DH *dh);
diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
--- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-05-27 10:05:05.828687005 +0200
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-06-05 17:31:28.045776027 +0200
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@ -2281,7 +2289,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
+}
diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
--- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-05-26 14:51:33.604162226 +0200
+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-06-05 17:31:28.045776027 +0200
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2293,8 +2301,8 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
if (ret)
diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-05-25 18:41:00.452262115 +0200
+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-05-25 18:41:00.485262392 +0200
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-06-05 17:31:28.036775952 +0200
+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-06-05 17:31:28.046776035 +0200
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
};
@ -2357,8 +2365,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
173, /* "name" */
681, /* "onBasis" */
diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-05-25 18:41:00.453262123 +0200
+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-05-25 18:41:00.486262401 +0200
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-06-05 17:31:28.037775960 +0200
+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-06-05 17:31:28.046776035 +0200
@@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit
: ffdhe4096
: ffdhe6144
@ -2374,8 +2382,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-05-25 18:41:00.453262123 +0200
+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-05-25 18:41:00.486262401 +0200
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-06-05 17:31:28.037775960 +0200
+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-06-05 17:31:28.046776035 +0200
@@ -1196,3 +1196,9 @@ sshkdf 1195
kbkdf 1196
krb5kdf 1197
@ -2388,7 +2396,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
+modp_8192 1204
diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
--- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-05-25 18:41:00.487262409 +0200
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-06-05 17:31:28.046776035 +0200
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
#include <openssl/dh.h>
@ -2409,7 +2417,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
any named set. It returns the NID corresponding to the matching parameters or
diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
--- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-05-25 18:41:00.487262409 +0200
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-06-05 17:31:28.046776035 +0200
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
If B<pad> is zero (the default) then no padding is performed.
@ -2428,7 +2436,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
--- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-05-25 18:41:00.488262418 +0200
+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-06-05 17:31:28.047776043 +0200
@@ -1,7 +1,7 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2478,8 +2486,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
+extern const BIGNUM _bignum_modp_6144_q;
+extern const BIGNUM _bignum_modp_8192_q;
diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-05-25 18:41:00.458262165 +0200
+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-05-25 18:41:00.489262426 +0200
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-06-05 17:31:28.038775968 +0200
+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-06-05 17:31:28.047776043 +0200
@@ -5115,6 +5115,24 @@
#define SN_ffdhe8192 "ffdhe8192"
#define NID_ffdhe8192 1130
@ -2506,8 +2514,8 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
#define NID_ISO_UA 1150
#define OBJ_ISO_UA OBJ_member_body,804L
diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-05-25 18:41:00.318260988 +0200
+++ openssl-1.1.1g/ssl/s3_lib.c 2020-05-26 08:52:28.102535244 +0200
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-06-05 17:31:27.996775620 +0200
+++ openssl-1.1.1g/ssl/s3_lib.c 2020-06-05 17:31:28.047776043 +0200
@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
@ -2561,44 +2569,90 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
}
#endif
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh 2020-05-25 18:41:00.470262266 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-26 08:48:55.619713737 +0200
@@ -2482,7 +2482,7 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh 2020-06-05 17:31:28.042776002 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-18 14:18:13.518339214 +0200
@@ -2511,46 +2511,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
#ifndef OPENSSL_NO_DH
DH *ssl_get_auto_dh(SSL *s)
{
+ DH *dhp = NULL;
+ BIGNUM *p = NULL, *g = NULL;
int dh_secbits = 80;
- if (s->cert->dh_tmp_auto == 2)
+ if (!FIPS_mode() && s->cert->dh_tmp_auto == 2)
return DH_get_1024_160();
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256)
@@ -2495,7 +2495,7 @@ DH *ssl_get_auto_dh(SSL *s)
dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
- return DH_get_1024_160();
- if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
- if (s->s3->tmp.new_cipher->strength_bits == 256)
- dh_secbits = 128;
- else
- dh_secbits = 80;
- } else {
- if (s->s3->tmp.cert == NULL)
- return NULL;
- dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+ if (s->cert->dh_tmp_auto != 2) {
+ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+ if (s->s3->tmp.new_cipher->strength_bits == 256)
+ dh_secbits = 128;
+ else
+ dh_secbits = 80;
+ } else {
+ if (s->s3->tmp.cert == NULL)
+ return NULL;
+ dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+ }
}
- if (dh_secbits >= 128) {
+ if (dh_secbits >= 112 || FIPS_mode()) {
DH *dhp = DH_new();
BIGNUM *p, *g;
if (dhp == NULL)
@@ -2508,8 +2508,10 @@ DH *ssl_get_auto_dh(SSL *s)
}
if (dh_secbits >= 192)
p = BN_get_rfc3526_prime_8192(NULL);
- DH *dhp = DH_new();
- BIGNUM *p, *g;
- if (dhp == NULL)
- return NULL;
- g = BN_new();
- if (g == NULL || !BN_set_word(g, 2)) {
- DH_free(dhp);
- BN_free(g);
- return NULL;
- }
- if (dh_secbits >= 192)
- p = BN_get_rfc3526_prime_8192(NULL);
- else
+ else if (dh_secbits >= 128)
p = BN_get_rfc3526_prime_3072(NULL);
+ else
+ p = BN_get_rfc3526_prime_2048(NULL);
if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
DH_free(dhp);
BN_free(p);
@@ -2518,8 +2520,6 @@ DH *ssl_get_auto_dh(SSL *s)
}
return dhp;
- p = BN_get_rfc3526_prime_3072(NULL);
- if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
- DH_free(dhp);
- BN_free(p);
- BN_free(g);
- return NULL;
- }
- return dhp;
+ dhp = DH_new();
+ if (dhp == NULL)
+ return NULL;
+ g = BN_new();
+ if (g == NULL || !BN_set_word(g, 2)) {
+ DH_free(dhp);
+ BN_free(g);
+ return NULL;
+ }
+ if (dh_secbits >= 192)
+ p = BN_get_rfc3526_prime_8192(NULL);
+ else if (dh_secbits >= 152)
+ p = BN_get_rfc3526_prime_4096(NULL);
+ else if (dh_secbits >= 128)
+ p = BN_get_rfc3526_prime_3072(NULL);
+ else if (dh_secbits >= 112 || FIPS_mode())
+ p = BN_get_rfc3526_prime_2048(NULL);
+ else
+ p = BN_get_rfc2409_prime_1024(NULL);
+ if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+ DH_free(dhp);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
- if (dh_secbits >= 112)
- return DH_get_2048_224();
return DH_get_1024_160();
- return DH_get_1024_160();
+ return dhp;
}
#endif

170
openssl-1.1.1-rewire-fips-drbg.patch Normal file
View File

@ -0,0 +1,170 @@
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
int FIPS_drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)adinlen;
+
+ if (len < 0 || (size_t)len != adinlen) {
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+ return 0;
+ }
+ RAND_seed(adin, len);
+ return 1;
+}
+
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
+ const unsigned char *adin, size_t adinlen)
+{
return drbg_reseed(dctx, adin, adinlen, 1);
}
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)outlen;
+
+ if (len < 0 || (size_t)len != outlen) {
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
+ return 0;
+ }
+ return RAND_bytes(out, len);
+}
+
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+ int prediction_resistance,
+ const unsigned char *adin, size_t adinlen)
+{
int r = 0;
if (FIPS_selftest_failed()) {
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200
@@ -57,6 +57,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200
@@ -55,6 +55,8 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
rv = 0;
}
- if (!FIPS_selftest_drbg())
- rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_sha2())
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
int FIPS_rand_seed(const void *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
if (fips_rand_meth && fips_rand_meth->seed)
fips_rand_meth->seed(buf, num);
return 1;
+#else
+ RAND_seed(buf, num);
+ return 1;
+#endif
}
int FIPS_rand_bytes(unsigned char *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
if (fips_rand_meth && fips_rand_meth->bytes)
return fips_rand_meth->bytes(buf, num);
return 0;
+#else
+ return RAND_bytes(buf, num);
+#endif
}
int FIPS_rand_status(void)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
if (fips_rand_meth && fips_rand_meth->status)
return fips_rand_meth->status();
return 0;
+#else
+ return RAND_status();
+#endif
}
/* Return instantiated strength of PRNG. For DRBG this is an internal
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200
@@ -64,6 +64,11 @@ extern "C" {
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
+
+ /*
+ * This function is deprecated as it performs selftest of the old FIPS drbg
+ * implementation that is not validated.
+ */
int FIPS_selftest_drbg_all(void);
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200
@@ -60,6 +60,20 @@
# ifdef __cplusplus
extern "C" {
# endif
+
+/*
+ * IMPORTANT NOTE:
+ * All functions in this header file are deprecated and should not be used
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
+ * anymore.
+ * To provide backwards compatibility for applications that need FIPS compliant
+ * RNG number generation and use FIPS_drbg_generate, this function was
+ * re-wired to call the FIPS validated DRBG instance instead through
+ * the RAND_bytes() call.
+ *
+ * All these functions will be removed in future.
+ */
+
typedef struct drbg_ctx_st DRBG_CTX;
/* DRBG external flags */
/* Flag for CTR mode only: use derivation function ctr_df */

7
openssl.spec
View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1g
Release: 9%{?dist}
Release: 10%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -71,6 +71,7 @@ Patch66: openssl-1.1.1-fips-dh.patch
Patch67: openssl-1.1.1-kdf-selftest.patch
Patch68: openssl-1.1.1-reneg-no-extms.patch
Patch69: openssl-1.1.1-alpn-cb.patch
Patch70: openssl-1.1.1-rewire-fips-drbg.patch
# Backported fixes including security fixes
Patch52: openssl-1.1.1-s390x-update.patch
Patch53: openssl-1.1.1-fips-crng-test.patch
@ -187,6 +188,7 @@ cp %{SOURCE13} test/
%patch67 -p1 -b .kdf-selftest
%patch68 -p1 -b .reneg-no-extms
%patch69 -p1 -b .alpn-cb
%patch70 -p1 -b .rewire-fips-drbg
%build
@ -473,6 +475,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
- Rewire FIPS_drbg API to use the RAND_DRBG
* Fri Jun 5 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-9
- Disallow dropping Extended Master Secret extension
on renegotiation