|
|
|
|
@ -151,7 +151,7 @@ index b86b27d236f3..b881f46f36ad 100644
|
|
|
|
|
fgbl->fips_security_checks = 1;
|
|
|
|
|
fgbl->fips_security_check_option = "1";
|
|
|
|
|
|
|
|
|
|
+ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled */
|
|
|
|
|
+ fgbl->fips_tls1_prf_ems_check = 1; /* Enabled by default */
|
|
|
|
|
+ fgbl->fips_tls1_prf_ems_check_option = "1";
|
|
|
|
|
+
|
|
|
|
|
return fgbl;
|
|
|
|
|
@ -161,7 +161,7 @@ index b86b27d236f3..b881f46f36ad 100644
|
|
|
|
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
|
|
|
|
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
|
|
|
|
|
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0),
|
|
|
|
|
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0), /* Ignored in RHEL */
|
|
|
|
|
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0),
|
|
|
|
|
OSSL_PARAM_END
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
@ -182,10 +182,10 @@ index b86b27d236f3..b881f46f36ad 100644
|
|
|
|
|
OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS,
|
|
|
|
|
(char **)&fgbl->fips_security_check_option,
|
|
|
|
|
sizeof(fgbl->fips_security_check_option));
|
|
|
|
|
+ /* *p++ = OSSL_PARAM_construct_utf8_ptr(
|
|
|
|
|
+ *p++ = OSSL_PARAM_construct_utf8_ptr(
|
|
|
|
|
+ OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
|
|
|
|
|
+ (char **)&fgbl->fips_tls1_prf_ems_check_option,
|
|
|
|
|
+ sizeof(fgbl->fips_tls1_prf_ems_check_option)); */ /* Ignored in RHEL */
|
|
|
|
|
+ sizeof(fgbl->fips_tls1_prf_ems_check_option));
|
|
|
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
|
|
if (!c_get_params(fgbl->handle, core_params)) {
|
|
|
|
|
@ -199,12 +199,14 @@ index b86b27d236f3..b881f46f36ad 100644
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -703,6 +718,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
|
|
|
|
@@ -703,6 +718,11 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
|
|
|
|
&& strcmp(fgbl->fips_security_check_option, "0") == 0)
|
|
|
|
|
fgbl->fips_security_checks = 0;
|
|
|
|
|
|
|
|
|
|
+ /* Enable the ems check. */
|
|
|
|
|
+ fgbl->fips_tls1_prf_ems_check = 1;
|
|
|
|
|
+ /* Disable the ems check if it's disabled in the fips config file. */
|
|
|
|
|
+ if (fgbl->fips_tls1_prf_ems_check_option != NULL
|
|
|
|
|
+ && strcmp(fgbl->fips_tls1_prf_ems_check_option, "0") == 0)
|
|
|
|
|
+ fgbl->fips_tls1_prf_ems_check = 0;
|
|
|
|
|
+
|
|
|
|
|
ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
|
|
|
|
|
|
|
|
|
|
@ -268,8 +270,8 @@ index 8a3807308408..2c2dbf31cc0b 100644
|
|
|
|
|
|
|
|
|
|
if (!ossl_prov_is_running() || !kdf_tls1_prf_set_ctx_params(ctx, params))
|
|
|
|
|
return 0;
|
|
|
|
|
@@ -181,6 +192,21 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
|
|
|
|
ctx->output_keylen_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
|
|
|
@@ -181,6 +192,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
|
|
|
|
ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
|
|
|
#endif /* defined(FIPS_MODULE) */
|
|
|
|
|
|
|
|
|
|
+ /*
|
|
|
|
|
@ -278,6 +280,12 @@ index 8a3807308408..2c2dbf31cc0b 100644
|
|
|
|
|
+ * We do the check this way since the PRF is used for other purposes, as well
|
|
|
|
|
+ * as "extended master secret".
|
|
|
|
|
+ */
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
|
|
|
|
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
|
|
|
|
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
|
|
|
|
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
|
|
|
+#endif /* defined(FIPS_MODULE) */
|
|
|
|
|
+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
|
|
|
|
|
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
|
|
|
|
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
|
|
|
|
@ -462,7 +470,7 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat
|
|
|
|
|
{
|
|
|
|
|
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
|
|
|
|
|
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
|
|
|
|
|
+ if (FIPS_mode()) {
|
|
|
|
|
+ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
|
|
|
|
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
|
|
|
|
+ return EXT_RETURN_FAIL;
|
|
|
|
|
+ }
|
|
|
|
|
@ -471,3 +479,61 @@ diff -up openssl-3.0.7/ssl/statem/extensions_srvr.c.noems openssl-3.0.7/ssl/stat
|
|
|
|
|
|
|
|
|
|
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|
|
|
|
|
|| !WPACKET_put_bytes_u16(pkt, 0)) {
|
|
|
|
|
diff -up openssl-3.0.7/include/openssl/ssl.h.in.fipsems openssl-3.0.7/include/openssl/ssl.h.in
|
|
|
|
|
--- openssl-3.0.7/include/openssl/ssl.h.in.fipsems 2023-07-11 12:35:27.951610366 +0200
|
|
|
|
|
+++ openssl-3.0.7/include/openssl/ssl.h.in 2023-07-11 12:36:25.234754680 +0200
|
|
|
|
|
@@ -412,6 +412,7 @@ typedef int (*SSL_async_callback_fn)(SSL
|
|
|
|
|
* interoperability with CryptoPro CSP 3.x
|
|
|
|
|
*/
|
|
|
|
|
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
|
|
|
|
|
+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Option "collections."
|
|
|
|
|
diff -up openssl-3.0.7/ssl/ssl_conf.c.fipsems openssl-3.0.7/ssl/ssl_conf.c
|
|
|
|
|
--- openssl-3.0.7/ssl/ssl_conf.c.fipsems 2023-07-11 12:36:51.465278672 +0200
|
|
|
|
|
+++ openssl-3.0.7/ssl/ssl_conf.c 2023-07-11 12:44:53.365675720 +0200
|
|
|
|
|
@@ -387,6 +387,7 @@ static const ssl_conf_cmd_tbl ssl_conf_c
|
|
|
|
|
SSL_FLAG_TBL("ClientRenegotiation",
|
|
|
|
|
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
|
|
|
|
|
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
|
|
|
|
|
+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
|
|
|
|
|
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
|
|
|
|
|
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
|
|
|
|
|
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
|
|
|
|
|
diff -up openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod
|
|
|
|
|
--- openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod.fipsems 2023-07-12 13:54:22.508235187 +0200
|
|
|
|
|
+++ openssl-3.0.7/doc/man3/SSL_CONF_cmd.pod 2023-07-12 13:56:51.089613902 +0200
|
|
|
|
|
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended ma
|
|
|
|
|
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
|
|
|
|
|
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
|
|
|
|
|
|
|
|
|
|
+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
|
|
|
|
|
+This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
|
|
|
|
|
+
|
|
|
|
|
B<CANames>: use CA names extension, enabled by
|
|
|
|
|
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
|
|
|
|
|
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
|
|
|
|
|
diff -up openssl-3.0.7/doc/man5/fips_config.pod.fipsems openssl-3.0.7/doc/man5/fips_config.pod
|
|
|
|
|
--- openssl-3.0.7/doc/man5/fips_config.pod.fipsems 2023-07-12 15:39:57.732206731 +0200
|
|
|
|
|
+++ openssl-3.0.7/doc/man5/fips_config.pod 2023-07-12 15:53:45.722885419 +0200
|
|
|
|
|
@@ -11,6 +11,19 @@ automatically loaded when the system is
|
|
|
|
|
environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
|
|
|
|
|
for more information.
|
|
|
|
|
|
|
|
|
|
+Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
|
|
|
|
|
+OpenSSL configuration directory and managed by crypto policies. If present, it
|
|
|
|
|
+should have format
|
|
|
|
|
+
|
|
|
|
|
+ [fips_sect]
|
|
|
|
|
+ tls1-prf-ems-check = 0
|
|
|
|
|
+ activate = 1
|
|
|
|
|
+
|
|
|
|
|
+The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
|
|
|
|
|
+presence of extended master secret or not.
|
|
|
|
|
+
|
|
|
|
|
+The B<activate> option enforces FIPS provider activation.
|
|
|
|
|
+
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
|
|
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
|
MSVSphere Packaging Team
1 year ago