diff --git a/openssl-1.1.1-fips-dh.patch b/openssl-1.1.1-fips-dh.patch index 37efa98..9e15289 100644 --- a/openssl-1.1.1-fips-dh.patch +++ b/openssl-1.1.1-fips-dh.patch @@ -1,6 +1,6 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c --- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-05-25 18:41:00.478262334 +0200 ++++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-06-05 17:31:28.044776018 +0200 @@ -1,13 +1,17 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn } diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c --- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-05-25 18:41:00.480262350 +0200 ++++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-06-05 17:31:28.044776018 +0200 @@ -1,7 +1,7 @@ /* - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh +#endif /* OPENSSL_NO_DH */ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c --- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-05-25 18:41:00.481262359 +0200 ++++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-06-05 17:31:28.045776027 +0200 @@ -10,6 +10,7 @@ #include #include "internal/cryptlib.h" @@ -1999,8 +1999,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh if (ctx == NULL) goto err; diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c ---- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-05-25 18:41:00.255260458 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-05-25 18:41:00.481262359 +0200 +--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-06-05 17:31:27.977775462 +0200 ++++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-06-05 17:31:28.045776027 +0200 @@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i BN_GENCB *cb) { @@ -2031,8 +2031,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g if (ctx == NULL) goto err; diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c ---- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-05-25 18:41:00.255260458 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-05-25 18:41:00.482262367 +0200 +--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-06-05 17:31:27.977775462 +0200 ++++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-06-05 17:31:28.045776027 +0200 @@ -100,10 +100,18 @@ static int generate_key(DH *dh) BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -2075,8 +2075,16 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k goto err; diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c --- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-05-25 18:41:00.482262367 +0200 -@@ -86,6 +86,8 @@ DH *DH_new_method(ENGINE *engine) ++++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-06-18 14:13:33.546892717 +0200 +@@ -8,6 +8,7 @@ + */ + + #include ++#include + #include "internal/cryptlib.h" + #include "internal/refcount.h" + #include +@@ -86,6 +87,8 @@ DH *DH_new_method(ENGINE *engine) goto err; } @@ -2085,7 +2093,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l return ret; err: -@@ -205,7 +207,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU +@@ -205,7 +208,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU dh->g = g; } @@ -2097,8 +2105,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l } diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h ---- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-05-25 18:40:59.396253234 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-05-25 18:41:00.482262367 +0200 +--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-06-05 17:31:27.763773685 +0200 ++++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-06-05 17:31:28.045776027 +0200 @@ -35,6 +35,7 @@ struct dh_st { const DH_METHOD *meth; ENGINE *engine; @@ -2115,7 +2123,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh +void dh_cache_nid(DH *dh); diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c --- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-05-27 10:05:05.828687005 +0200 ++++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-06-05 17:31:28.045776027 +0200 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -2281,7 +2289,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/ +} diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c --- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-05-26 14:51:33.604162226 +0200 ++++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-06-05 17:31:28.045776027 +0200 @@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) @@ -2293,8 +2301,8 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l if (ret) diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h ---- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-05-25 18:41:00.452262115 +0200 -+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-05-25 18:41:00.485262392 +0200 +--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-06-05 17:31:28.036775952 +0200 ++++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-06-05 17:31:28.046776035 +0200 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ }; @@ -2357,8 +2365,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o 173, /* "name" */ 681, /* "onBasis" */ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt ---- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-05-25 18:41:00.453262123 +0200 -+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-05-25 18:41:00.486262401 +0200 +--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-06-05 17:31:28.037775960 +0200 ++++ openssl-1.1.1g/crypto/objects/objects.txt 2020-06-05 17:31:28.046776035 +0200 @@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit : ffdhe4096 : ffdhe6144 @@ -2374,8 +2382,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17) diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num ---- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-05-25 18:41:00.453262123 +0200 -+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-05-25 18:41:00.486262401 +0200 +--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-06-05 17:31:28.037775960 +0200 ++++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-06-05 17:31:28.046776035 +0200 @@ -1196,3 +1196,9 @@ sshkdf 1195 kbkdf 1196 krb5kdf 1197 @@ -2388,7 +2396,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto +modp_8192 1204 diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod --- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-05-25 18:41:00.487262409 +0200 ++++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-06-05 17:31:28.046776035 +0200 @@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find #include @@ -2409,7 +2417,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma any named set. It returns the NID corresponding to the matching parameters or diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod --- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-05-25 18:41:00.487262409 +0200 ++++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-06-05 17:31:28.046776035 +0200 @@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets If B is zero (the default) then no padding is performed. @@ -2428,7 +2436,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h --- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-05-25 18:41:00.488262418 +0200 ++++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-06-05 17:31:28.047776043 +0200 @@ -1,7 +1,7 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -2478,8 +2486,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr +extern const BIGNUM _bignum_modp_6144_q; +extern const BIGNUM _bignum_modp_8192_q; diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h ---- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-05-25 18:41:00.458262165 +0200 -+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-05-25 18:41:00.489262426 +0200 +--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-06-05 17:31:28.038775968 +0200 ++++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-06-05 17:31:28.047776043 +0200 @@ -5115,6 +5115,24 @@ #define SN_ffdhe8192 "ffdhe8192" #define NID_ffdhe8192 1130 @@ -2506,8 +2514,8 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include #define NID_ISO_UA 1150 #define OBJ_ISO_UA OBJ_member_body,804L diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c ---- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-05-25 18:41:00.318260988 +0200 -+++ openssl-1.1.1g/ssl/s3_lib.c 2020-05-26 08:52:28.102535244 +0200 +--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-06-05 17:31:27.996775620 +0200 ++++ openssl-1.1.1g/ssl/s3_lib.c 2020-06-05 17:31:28.047776043 +0200 @@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey EVP_PKEY *ssl_dh_to_pkey(DH *dh) { @@ -2561,44 +2569,90 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c } #endif diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c ---- openssl-1.1.1g/ssl/t1_lib.c.fips-dh 2020-05-25 18:41:00.470262266 +0200 -+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-26 08:48:55.619713737 +0200 -@@ -2482,7 +2482,7 @@ int SSL_check_chain(SSL *s, X509 *x, EVP +--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh 2020-06-05 17:31:28.042776002 +0200 ++++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-18 14:18:13.518339214 +0200 +@@ -2511,46 +2511,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP + #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { ++ DH *dhp = NULL; ++ BIGNUM *p = NULL, *g = NULL; int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) -+ if (!FIPS_mode() && s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) -@@ -2495,7 +2495,7 @@ DH *ssl_get_auto_dh(SSL *s) - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); +- return DH_get_1024_160(); +- if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { +- if (s->s3->tmp.new_cipher->strength_bits == 256) +- dh_secbits = 128; +- else +- dh_secbits = 80; +- } else { +- if (s->s3->tmp.cert == NULL) +- return NULL; +- dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); ++ if (s->cert->dh_tmp_auto != 2) { ++ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { ++ if (s->s3->tmp.new_cipher->strength_bits == 256) ++ dh_secbits = 128; ++ else ++ dh_secbits = 80; ++ } else { ++ if (s->s3->tmp.cert == NULL) ++ return NULL; ++ dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); ++ } } - if (dh_secbits >= 128) { -+ if (dh_secbits >= 112 || FIPS_mode()) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) -@@ -2508,8 +2508,10 @@ DH *ssl_get_auto_dh(SSL *s) - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); +- DH *dhp = DH_new(); +- BIGNUM *p, *g; +- if (dhp == NULL) +- return NULL; +- g = BN_new(); +- if (g == NULL || !BN_set_word(g, 2)) { +- DH_free(dhp); +- BN_free(g); +- return NULL; +- } +- if (dh_secbits >= 192) +- p = BN_get_rfc3526_prime_8192(NULL); - else -+ else if (dh_secbits >= 128) - p = BN_get_rfc3526_prime_3072(NULL); -+ else -+ p = BN_get_rfc3526_prime_2048(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); -@@ -2518,8 +2520,6 @@ DH *ssl_get_auto_dh(SSL *s) - } - return dhp; +- p = BN_get_rfc3526_prime_3072(NULL); +- if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { +- DH_free(dhp); +- BN_free(p); +- BN_free(g); +- return NULL; +- } +- return dhp; ++ dhp = DH_new(); ++ if (dhp == NULL) ++ return NULL; ++ g = BN_new(); ++ if (g == NULL || !BN_set_word(g, 2)) { ++ DH_free(dhp); ++ BN_free(g); ++ return NULL; ++ } ++ if (dh_secbits >= 192) ++ p = BN_get_rfc3526_prime_8192(NULL); ++ else if (dh_secbits >= 152) ++ p = BN_get_rfc3526_prime_4096(NULL); ++ else if (dh_secbits >= 128) ++ p = BN_get_rfc3526_prime_3072(NULL); ++ else if (dh_secbits >= 112 || FIPS_mode()) ++ p = BN_get_rfc3526_prime_2048(NULL); ++ else ++ p = BN_get_rfc2409_prime_1024(NULL); ++ if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { ++ DH_free(dhp); ++ BN_free(p); ++ BN_free(g); ++ return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); +- return DH_get_1024_160(); ++ return dhp; } #endif + diff --git a/openssl-1.1.1-rewire-fips-drbg.patch b/openssl-1.1.1-rewire-fips-drbg.patch new file mode 100644 index 0000000..4d04d37 --- /dev/null +++ b/openssl-1.1.1-rewire-fips-drbg.patch @@ -0,0 +1,170 @@ +diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 ++++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200 +@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx, + int FIPS_drbg_reseed(DRBG_CTX *dctx, + const unsigned char *adin, size_t adinlen) + { ++ int len = (int)adinlen; ++ ++ if (len < 0 || (size_t)len != adinlen) { ++ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); ++ return 0; ++ } ++ RAND_seed(adin, len); ++ return 1; ++} ++ ++int FIPS_drbg_reseed_internal(DRBG_CTX *dctx, ++ const unsigned char *adin, size_t adinlen) ++{ + return drbg_reseed(dctx, adin, adinlen, 1); + } + +@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u + int prediction_resistance, + const unsigned char *adin, size_t adinlen) + { ++ int len = (int)outlen; ++ ++ if (len < 0 || (size_t)len != outlen) { ++ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG); ++ return 0; ++ } ++ return RAND_bytes(out, len); ++} ++ ++int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen, ++ int prediction_resistance, ++ const unsigned char *adin, size_t adinlen) ++{ + int r = 0; + + if (FIPS_selftest_failed()) { +diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 ++++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200 +@@ -57,6 +57,8 @@ + #include + #include + #include ++#define FIPS_DRBG_generate FIPS_DRBG_generate_internal ++#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal + #include + #include "fips_rand_lcl.h" + +diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200 ++++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200 +@@ -55,6 +55,8 @@ + #include + #include + #include ++#define FIPS_DRBG_generate FIPS_DRBG_generate_internal ++#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal + #include + #include "fips_rand_lcl.h" + #include "fips_locl.h" +diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c +--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 ++++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200 +@@ -79,8 +79,6 @@ int FIPS_selftest(void) + ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); + rv = 0; + } +- if (!FIPS_selftest_drbg()) +- rv = 0; + if (!FIPS_selftest_sha1()) + rv = 0; + if (!FIPS_selftest_sha2()) +diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200 ++++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200 +@@ -120,6 +120,7 @@ void FIPS_rand_reset(void) + + int FIPS_rand_seed(const void *buf, int num) + { ++#if 0 + if (!fips_approved_rand_meth && FIPS_module_mode()) { + FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); + return 0; +@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int + if (fips_rand_meth && fips_rand_meth->seed) + fips_rand_meth->seed(buf, num); + return 1; ++#else ++ RAND_seed(buf, num); ++ return 1; ++#endif + } + + int FIPS_rand_bytes(unsigned char *buf, int num) + { ++#if 0 + if (!fips_approved_rand_meth && FIPS_module_mode()) { + FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); + return 0; +@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf, + if (fips_rand_meth && fips_rand_meth->bytes) + return fips_rand_meth->bytes(buf, num); + return 0; ++#else ++ return RAND_bytes(buf, num); ++#endif + } + + int FIPS_rand_status(void) + { ++#if 0 + if (!fips_approved_rand_meth && FIPS_module_mode()) { + FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); + return 0; +@@ -149,6 +159,9 @@ int FIPS_rand_status(void) + if (fips_rand_meth && fips_rand_meth->status) + return fips_rand_meth->status(); + return 0; ++#else ++ return RAND_status(); ++#endif + } + + /* Return instantiated strength of PRNG. For DRBG this is an internal +diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h +--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 ++++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200 +@@ -64,6 +64,11 @@ extern "C" { + + int FIPS_selftest(void); + int FIPS_selftest_failed(void); ++ ++ /* ++ * This function is deprecated as it performs selftest of the old FIPS drbg ++ * implementation that is not validated. ++ */ + int FIPS_selftest_drbg_all(void); + + int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, +diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h +--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200 ++++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200 +@@ -60,6 +60,20 @@ + # ifdef __cplusplus + extern "C" { + # endif ++ ++/* ++ * IMPORTANT NOTE: ++ * All functions in this header file are deprecated and should not be used ++ * as they use the old FIPS_drbg implementation that is not FIPS validated ++ * anymore. ++ * To provide backwards compatibility for applications that need FIPS compliant ++ * RNG number generation and use FIPS_drbg_generate, this function was ++ * re-wired to call the FIPS validated DRBG instance instead through ++ * the RAND_bytes() call. ++ * ++ * All these functions will be removed in future. ++ */ ++ + typedef struct drbg_ctx_st DRBG_CTX; + /* DRBG external flags */ + /* Flag for CTR mode only: use derivation function ctr_df */ diff --git a/openssl.spec b/openssl.spec index d4111ad..9ad568b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1g -Release: 9%{?dist} +Release: 10%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -71,6 +71,7 @@ Patch66: openssl-1.1.1-fips-dh.patch Patch67: openssl-1.1.1-kdf-selftest.patch Patch68: openssl-1.1.1-reneg-no-extms.patch Patch69: openssl-1.1.1-alpn-cb.patch +Patch70: openssl-1.1.1-rewire-fips-drbg.patch # Backported fixes including security fixes Patch52: openssl-1.1.1-s390x-update.patch Patch53: openssl-1.1.1-fips-crng-test.patch @@ -187,6 +188,7 @@ cp %{SOURCE13} test/ %patch67 -p1 -b .kdf-selftest %patch68 -p1 -b .reneg-no-extms %patch69 -p1 -b .alpn-cb +%patch70 -p1 -b .rewire-fips-drbg %build @@ -473,6 +475,9 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Mon Jun 22 2020 Tomáš Mráz 1.1.1g-10 +- Rewire FIPS_drbg API to use the RAND_DRBG + * Fri Jun 5 2020 Tomáš Mráz 1.1.1g-9 - Disallow dropping Extended Master Secret extension on renegotiation