From bfdbb139b4fc306a5b04e806f8124bee6851c5d9 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Thu, 9 Mar 2023 14:26:19 +0100 Subject: [PATCH] Disable DHX keys completely in FIPS mode Resolves: rhbz#2178030 --- 0093-FIPS-nodhx.patch | 90 +++++++++++++++++++++++++++++++++++++++++++ openssl.spec | 4 ++ 2 files changed, 94 insertions(+) create mode 100644 0093-FIPS-nodhx.patch diff --git a/0093-FIPS-nodhx.patch b/0093-FIPS-nodhx.patch new file mode 100644 index 0000000..1a20aa3 --- /dev/null +++ b/0093-FIPS-nodhx.patch @@ -0,0 +1,90 @@ +diff -up openssl-3.0.7/providers/fips/fipsprov.c.nodhx openssl-3.0.7/providers/fips/fipsprov.c +--- openssl-3.0.7/providers/fips/fipsprov.c.nodhx 2023-03-09 13:02:21.621694715 +0100 ++++ openssl-3.0.7/providers/fips/fipsprov.c 2023-03-09 13:02:34.001791831 +0100 +@@ -486,8 +486,8 @@ static const OSSL_ALGORITHM fips_keymgmt + #ifndef OPENSSL_NO_DH + { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions, + PROV_DESCS_DH }, +- { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, +- PROV_DESCS_DHX }, ++/* { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, ++ PROV_DESCS_DHX }, */ + #endif + #ifndef OPENSSL_NO_DSA + /* We don't certify DSA in our FIPS provider */ +diff -up openssl-3.0.7/test/endecode_test.c.nodhx openssl-3.0.7/test/endecode_test.c +--- openssl-3.0.7/test/endecode_test.c.nodhx 2023-03-09 13:39:10.826000162 +0100 ++++ openssl-3.0.7/test/endecode_test.c 2023-03-09 13:41:26.533073598 +0100 +@@ -1356,7 +1358,9 @@ int setup_tests(void) + #ifndef OPENSSL_NO_DH + TEST_info("Generating DH keys..."); + MAKE_DOMAIN_KEYS(DH, "DH", NULL); ++if (is_fips == 0) { + MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); ++} + #endif + #ifndef OPENSSL_NO_DSA + TEST_info("Generating DSA keys..."); +@@ -1386,8 +1390,10 @@ int setup_tests(void) + #ifndef OPENSSL_NO_DH + ADD_TEST_SUITE(DH); + ADD_TEST_SUITE_PARAMS(DH); ++if (is_fips == 0) { + ADD_TEST_SUITE(DHX); + ADD_TEST_SUITE_PARAMS(DHX); ++} + /* + * DH has no support for PEM_write_bio_PrivateKey_traditional(), + * so no legacy tests. +@@ -1465,7 +1471,9 @@ void cleanup_tests(void) + + #ifndef OPENSSL_NO_DH + FREE_DOMAIN_KEYS(DH); ++if (is_fips == 0) { + FREE_DOMAIN_KEYS(DHX); ++} + #endif + #ifndef OPENSSL_NO_DSA + FREE_DOMAIN_KEYS(DSA); +diff -up openssl-3.0.7/test/recipes/80-test_cms.t.nodhx openssl-3.0.7/test/recipes/80-test_cms.t +--- openssl-3.0.7/test/recipes/80-test_cms.t.nodhx 2023-03-09 13:31:36.851432859 +0100 ++++ openssl-3.0.7/test/recipes/80-test_cms.t 2023-03-09 13:32:35.987888417 +0100 +@@ -869,6 +869,8 @@ sub check_availability { + if ($no_ec2m && $tnam =~ /K-283/); + return "$tnam: skipped, DH disabled\n" + if ($no_dh && $tnam =~ /X9\.42/); ++ return "$tnam: skipped, DHX disabled in RHEL\n" ++ if ($provname eq 'fips' && $tnam =~ /X9\.42/); + return "$tnam: skipped, RC2 disabled\n" + if ($no_rc2 && $tnam =~ /RC2/); + return "$tnam: skipped, DES disabled\n" +diff -up openssl-3.0.7/providers/implementations/exchange/dh_exch.c.nodhx openssl-3.0.7/providers/implementations/exchange/dh_exch.c +--- openssl-3.0.7/providers/implementations/exchange/dh_exch.c.nodhx 2023-03-09 16:33:07.092040809 +0100 ++++ openssl-3.0.7/providers/implementations/exchange/dh_exch.c 2023-03-09 16:42:30.594837565 +0100 +@@ -102,6 +102,11 @@ static int dh_init(void *vpdhctx, void * + || vdh == NULL + || !DH_up_ref(vdh)) + return 0; ++#ifdef FIPS_MODULE ++ if (ossl_ffc_numbers_to_dh_named_group(DH_get0_p(vdh), ++ DH_get0_q(vdh), DH_get0_g(vdh)) == NULL) ++ return 0; ++#endif + DH_free(pdhctx->dh); + pdhctx->dh = vdh; + pdhctx->kdf_type = PROV_DH_KDF_NONE; +diff -up openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c.nodhx openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c +--- openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c.nodhx 2023-03-09 15:38:04.024555943 +0100 ++++ openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c 2023-03-09 16:32:04.142490068 +0100 +@@ -498,6 +499,11 @@ static int dh_gen_set_template(void *gen + + if (!ossl_prov_is_running() || gctx == NULL || dh == NULL) + return 0; ++#ifdef FIPS_MODULE ++ if (ossl_ffc_numbers_to_dh_named_group(DH_get0_p(dh), ++ DH_get0_q(dh), DH_get0_g(dh)) == NULL) ++ return 0; ++#endif + gctx->ffc_params = ossl_dh_get0_params(dh); + return 1; + } diff --git a/openssl.spec b/openssl.spec index e9d0d99..26153ce 100644 --- a/openssl.spec +++ b/openssl.spec @@ -155,6 +155,8 @@ Patch90: 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch Patch91: 0091-FIPS-RSA-encapsulate.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142517 Patch92: 0092-provider-improvements.patch +# FIPS-95 +Patch93: 0093-FIPS-nodhx.patch # OpenSSL 3.0.8 CVEs Patch101: 0101-CVE-2022-4203-nc-match.patch @@ -517,6 +519,8 @@ install -m644 %{SOURCE9} \ Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 +- Forbid DHX keys import in FIPS mode + Resolves: rhbz#2178030 * Wed Mar 08 2023 Dmitry Belyavskiy - 1:3.0.7-6 - Fixes RNG slowdown in FIPS mode