From f1c4ba61a3c49079c62cb3cdfbac660d46012b6f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 3 Oct 2019 17:43:23 +0200 Subject: [PATCH] Multiple fixes re-enable the stitched AES-CBC-SHA implementations make AES-GCM work in FIPS mode again enable TLS-1.2 AES-CCM ciphers in FIPS mode fix openssl speed errors in FIPS mode --- openssl-1.1.1-aes-asm.patch | 58 ++++++++++++++++++ openssl-1.1.1-fips.patch | 118 +++++++++++++++++++++++++++++++++--- openssl.spec | 10 ++- 3 files changed, 178 insertions(+), 8 deletions(-) create mode 100644 openssl-1.1.1-aes-asm.patch diff --git a/openssl-1.1.1-aes-asm.patch b/openssl-1.1.1-aes-asm.patch new file mode 100644 index 0000000..65b8213 --- /dev/null +++ b/openssl-1.1.1-aes-asm.patch @@ -0,0 +1,58 @@ +commit 61cc715240d2d3f9511ca88043a3e9797c11482f +Author: Richard Levitte +Date: Thu Oct 3 08:28:31 2019 +0200 + + Define AESNI_ASM if AESNI assembler is included, and use it + + Because we have cases where basic assembler support isn't present, but + AESNI asssembler support is, we need a separate macro that indicates + that, and use it. + + Reviewed-by: Tomas Mraz + Reviewed-by: Paul Dale + (Merged from https://github.com/openssl/openssl/pull/10080) + +diff --git a/Configure b/Configure +index 811bee81f5..f498ac2f81 100755 +--- a/Configure ++++ b/Configure +@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) { + } + if ($target{aes_asm_src}) { + push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; ++ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; + # aes-ctr.fake is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); +diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c +index c9f5969162..27c36b46e7 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -33,7 +33,7 @@ typedef struct { + + #define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c +index d5178313ae..cc622b6faa 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha256.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c +@@ -34,7 +34,7 @@ typedef struct { + + # define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) + { + return NULL; + } +-#endif ++#endif /* AESNI_ASM */ diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index fd6633d..9063069 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -11,8 +11,8 @@ diff -up openssl-1.1.1d/apps/pkcs12.c.fips openssl-1.1.1d/apps/pkcs12.c int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; # endif diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c ---- openssl-1.1.1d/apps/speed.c.fips 2019-09-13 15:13:11.008525884 +0200 -+++ openssl-1.1.1d/apps/speed.c 2019-09-13 15:13:11.022525640 +0200 +--- openssl-1.1.1d/apps/speed.c.fips 2019-10-03 16:51:22.019915908 +0200 ++++ openssl-1.1.1d/apps/speed.c 2019-10-03 17:40:09.909994582 +0200 @@ -1595,7 +1595,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { @@ -60,7 +60,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c eddsa_doit[i] = 2; continue; } -@@ -1737,23 +1742,30 @@ int speed_main(int argc, char **argv) +@@ -1737,23 +1742,31 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -87,16 +87,18 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) ecdsa_doit[loop] = 1; for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) - ecdh_doit[loop] = 1; +- ecdh_doit[loop] = 1; - for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) - eddsa_doit[loop] = 1; ++ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448)) ++ ecdh_doit[loop] = 1; + if (!FIPS_mode()) + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) -@@ -1801,30 +1813,46 @@ int speed_main(int argc, char **argv) +@@ -1801,30 +1814,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -153,7 +155,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -2122,6 +2150,7 @@ int speed_main(int argc, char **argv) +@@ -2122,6 +2151,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -461,7 +463,7 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips openssl-1.1.1d/crypto/dsa/dsa_ + goto err; + } + -+ if (FIPS_mode() && (L != 1024 || N != 160) && ++ if (FIPS_mode() && + (L != 2048 || N != 224) && (L != 2048 || N != 256) && + (L != 3072 || N != 256)) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID); @@ -11368,6 +11370,108 @@ diff -up openssl-1.1.1d/include/openssl/rsaerr.h.fips openssl-1.1.1d/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 +diff -up openssl-1.1.1d/ssl/s3_lib.c.fips openssl-1.1.1d/ssl/s3_lib.c +--- openssl-1.1.1d/ssl/s3_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/s3_lib.c 2019-10-03 16:53:51.140362311 +0200 +@@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, +@@ -58,7 +58,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384, + 256, + 256, +@@ -92,7 +92,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, +@@ -634,7 +634,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -650,7 +650,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -666,7 +666,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -682,7 +682,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -794,7 +794,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -810,7 +810,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -890,7 +890,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -906,7 +906,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, diff -up openssl-1.1.1d/ssl/ssl_ciph.c.fips openssl-1.1.1d/ssl/ssl_ciph.c --- openssl-1.1.1d/ssl/ssl_ciph.c.fips 2019-09-13 15:13:11.019525692 +0200 +++ openssl-1.1.1d/ssl/ssl_ciph.c 2019-09-13 15:13:11.068524836 +0200 diff --git a/openssl.spec b/openssl.spec index 2f6fdfc..859f4ea 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1d -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -67,6 +67,7 @@ Patch51: openssl-1.1.1-upstream-sync.patch Patch52: openssl-1.1.1-s390x-update.patch Patch53: openssl-1.1.1-fips-crng-test.patch Patch54: openssl-1.1.1-regression-fixes.patch +Patch55: openssl-1.1.1-aes-asm.patch License: OpenSSL URL: http://www.openssl.org/ @@ -168,6 +169,7 @@ cp %{SOURCE13} test/ %patch52 -p1 -b .s390x-update %patch53 -p1 -b .crng-test %patch54 -p1 -b .regression +%patch55 -p1 -b .aes-asm %build @@ -454,6 +456,12 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Thu Oct 3 2019 Tomáš Mráz 1.1.1d-2 +- re-enable the stitched AES-CBC-SHA implementations +- make AES-GCM work in FIPS mode again +- enable TLS-1.2 AES-CCM ciphers in FIPS mode +- fix openssl speed errors in FIPS mode + * Fri Sep 13 2019 Tomáš Mráz 1.1.1d-1 - update to the 1.1.1d release