diff --git a/.github/workflows/fipsmodule.yml b/.github/workflows/fipsmodule.yml index 6154d0d6..248668ad 100644 --- a/.github/workflows/fipsmodule.yml +++ b/.github/workflows/fipsmodule.yml @@ -38,22 +38,25 @@ jobs: ls -l ./RESULTS # Extract the FIPS module - mkdir RESULTS/{tmp,fips_module} - cd RESULTS/tmp - if [ -z "$DEBUG" ]; then - echo "Extracting FIPS module" - rpm2cpio ../openssl-libs-3*ciqfips*.x86_64.rpm | cpio -idmv ./usr/lib64/\*/fips.so - else - mkdir -p usr/lib64/ossl-modules - echo Creating fake fips module - touch usr/lib64/ossl-modules/fips.so - fi - mv ./usr/lib64/ossl-modules/fips.so ../fips_module/fips.so.x86_64 - cd .. + #mkdir RESULTS/{tmp,fips_module} + #cd RESULTS/tmp + #if [ -z "$DEBUG" ]; then + # echo "Extracting FIPS module" + # rpm2cpio ../openssl-libs-3*ciqfips*.x86_64.rpm | cpio -idmv ./usr/lib64/\*/fips.so + #else + # mkdir -p usr/lib64/ossl-modules + # echo Creating fake fips module + # touch usr/lib64/ossl-modules/fips.so + #fi + #mv ./usr/lib64/ossl-modules/fips.so ../fips_module/fips.so.x86_64 + cd RESULTS RPMVERSION=$(ls ./openssl-libs-3*ciqfips*.x86_64.rpm | sed -e 's/.*openssl-libs-\(3.*\)\.x86_64\.rpm/\1/') - echo "Creating fips module tarball" - tar -czf fips_module-${RPMVERSION}.tar.gz fips_module - sha256sum fips_module-${RPMVERSION}.tar.gz > fips_module-${RPMVERSION}.tar.gz.sha256 + echo "Creating fips provider tarball" + #tar -czf fips_module-${RPMVERSION}.tar.gz fips_module + #sha256sum fips_module-${RPMVERSION}.tar.gz > fips_module-${RPMVERSION}.tar.gz.sha256 + + tar -czf openssl-fips-provider-${RPMVERSION}.tar.gz *.rpm + sha256sum openssl-fips-provider-${RPMVERSION}.tar.gz > openssl-fips-provider-${RPMVERSION}.tar.gz.sha256 - uses: actions/upload-artifact@v4 with: @@ -63,7 +66,7 @@ jobs: RESULTS/*.rpm - uses: actions/upload-artifact@v4 with: - name: fips_module_tarball + name: fips_tarball path: | RESULTS/*.tar.gz RESULTS/*.tar.gz.sha256 diff --git a/SOURCES/rocky_fips_provider.patch b/SOURCES/0137-rocky_fips_provider.patch similarity index 100% rename from SOURCES/rocky_fips_provider.patch rename to SOURCES/0137-rocky_fips_provider.patch diff --git a/SOURCES/rocky_fips_provider-2.patch b/SOURCES/0138-rocky_fips_provider-2.patch similarity index 99% rename from SOURCES/rocky_fips_provider-2.patch rename to SOURCES/0138-rocky_fips_provider-2.patch index 811d3e71..676524a5 100644 --- a/SOURCES/rocky_fips_provider-2.patch +++ b/SOURCES/0138-rocky_fips_provider-2.patch @@ -97,3 +97,4 @@ index dd508ae7..eb68b308 100644 if (indicator == NULL) { fprintf(stderr, "No indicator for operation, probably using implicit" " indicators.\n"); + diff --git a/SOURCES/0139-Add-KAT-and-enable-support-for-ED25519-and-ED448-in-.patch b/SOURCES/0139-Add-KAT-and-enable-support-for-ED25519-and-ED448-in-.patch new file mode 100644 index 00000000..0adb52f6 --- /dev/null +++ b/SOURCES/0139-Add-KAT-and-enable-support-for-ED25519-and-ED448-in-.patch @@ -0,0 +1,320 @@ +From 806556e99d70c8f34c18cd54c23c837cfdad68b9 Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Thu, 31 Oct 2024 15:16:41 -0700 +Subject: [PATCH 1/3] Add KAT and enable support for ED25519 and ED448 in the + FIPS provider. + +Still need a PCT, but this works and is valgrind clean. + +Signed-off-by: Jeremy Allison +--- + include/openssl/self_test.h | 2 + + providers/fips/fipsprov.c | 9 +-- + providers/fips/self_test_data.inc | 93 ++++++++++++++++++++++ + providers/fips/self_test_kats.c | 128 +++++++++++++++++++++++++++++- + 4 files changed, 226 insertions(+), 6 deletions(-) + +diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h +index ee4949e..7ff95eb 100644 +--- a/include/openssl/self_test.h ++++ b/include/openssl/self_test.h +@@ -72,6 +72,8 @@ extern "C" { + # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" + # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" + # define OSSL_SELF_TEST_DESC_RNG "RNG" ++# define OSSL_SELF_TEST_DESC_SIGN_ED25519 "ED25519" ++# define OSSL_SELF_TEST_DESC_SIGN_ED448 "ED448" + + void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, + void *cbarg); +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index dd80c77..5131380 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -411,9 +411,8 @@ static const OSSL_ALGORITHM fips_signature[] = { + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC +- /* We don't certify Edwards curves in our FIPS provider */ +- /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ ++ { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, +@@ -520,11 +519,11 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { + /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, + PROV_DESCS_X25519 }, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, +- PROV_DESCS_X448 }, ++ PROV_DESCS_X448 }, */ + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, + PROV_DESCS_ED25519 }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, +- PROV_DESCS_ED448 }, */ ++ PROV_DESCS_ED448 }, + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, + PROV_DESCS_TLS1_PRF_SIGN }, +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index cc10898..79fec4a 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -1569,6 +1569,85 @@ static const unsigned char ec256v1_kat_sig[] = { + 0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, + 0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 + }; ++ ++/* EDDSA - ED25519 and ED448. */ ++static const uint8_t ed25519_secret_key[] = { ++0xf5, 0xe5, 0x76, 0x7c, 0xf1, 0x53, 0x31, 0x95, ++0x17, 0x63, 0x0f, 0x22, 0x68, 0x76, 0xb8, 0x6c, ++0x81, 0x60, 0xcc, 0x58, 0x3b, 0xc0, 0x13, 0x74, ++0x4c, 0x6b, 0xf2, 0x55, 0xf5, 0xcc, 0x0e, 0xe5 ++}; ++ ++static const uint8_t ed25519_public_key[] = { ++0x27, 0x81, 0x17, 0xfc, 0x14, 0x4c, 0x72, 0x34, ++0x0f, 0x67, 0xd0, 0xf2, 0x31, 0x6e, 0x83, 0x86, ++0xce, 0xff, 0xbf, 0x2b, 0x24, 0x28, 0xc9, 0xc5, ++0x1f, 0xef, 0x7c, 0x59, 0x7f, 0x1d, 0x42, 0x6e ++}; ++ ++static const uint8_t ed25519_sig[] = { ++0xb4, 0x17, 0x80, 0xea, 0x29, 0xc9, 0x3c, 0x19, ++0x52, 0x39, 0xd9, 0x02, 0x4c, 0xd8, 0x80, 0xc0, ++0x4e, 0xbe, 0xc3, 0x2a, 0xc8, 0x1a, 0x39, 0x39, ++0xe7, 0x51, 0xef, 0x80, 0x7a, 0x2c, 0x0a, 0x90, ++0xe6, 0x54, 0xf4, 0x6d, 0xd3, 0xab, 0x4f, 0xdb, ++0xdf, 0x6d, 0xca, 0xbe, 0x75, 0x63, 0xf8, 0x35, ++0xc0, 0xe9, 0x41, 0xe5, 0xcc, 0xca, 0x53, 0xf2, ++0x04, 0x86, 0x07, 0xe2, 0x26, 0xb3, 0xd4, 0x05 ++}; ++ ++static const ST_KAT_PARAM key_ed25519[] = { ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_secret_key), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_public_key), ++ ST_KAT_PARAM_END() ++}; ++ ++static const uint8_t ed448_secret_key[] = { ++0x2e, 0xc5, 0xfe, 0x3c, 0x17, 0x04, 0x5a, 0xbd, ++0xb1, 0x36, 0xa5, 0xe6, 0xa9, 0x13, 0xe3, 0x2a, ++0xb7, 0x5a, 0xe6, 0x8b, 0x53, 0xd2, 0xfc, 0x14, ++0x9b, 0x77, 0xe5, 0x04, 0x13, 0x2d, 0x37, 0x56, ++0x9b, 0x7e, 0x76, 0x6b, 0xa7, 0x4a, 0x19, 0xbd, ++0x61, 0x62, 0x34, 0x3a, 0x21, 0xc8, 0x59, 0x0a, ++0xa9, 0xce, 0xbc, 0xa9, 0x01, 0x4c, 0x63, 0x6d, ++0xf5 ++}; ++ ++static const uint8_t ed448_public_key[] = { ++0x79, 0x75, 0x6f, 0x01, 0x4d, 0xcf, 0xe2, 0x07, ++0x9f, 0x5d, 0xd9, 0xe7, 0x18, 0xbe, 0x41, 0x71, ++0xe2, 0xef, 0x24, 0x86, 0xa0, 0x8f, 0x25, 0x18, ++0x6f, 0x6b, 0xff, 0x43, 0xa9, 0x93, 0x6b, 0x9b, ++0xfe, 0x12, 0x40, 0x2b, 0x08, 0xae, 0x65, 0x79, ++0x8a, 0x3d, 0x81, 0xe2, 0x2e, 0x9e, 0xc8, 0x0e, ++0x76, 0x90, 0x86, 0x2e, 0xf3, 0xd4, 0xed, 0x3a, ++0x00 ++}; ++ ++static const uint8_t ed448_sig[] = { ++0x5c, 0xc7, 0x7d, 0x1e, 0x41, 0x75, 0xc2, 0x38, ++0x5c, 0x76, 0xf2, 0x0f, 0xfe, 0x6e, 0xec, 0xe8, ++0x91, 0x9b, 0x72, 0x9b, 0x8d, 0xad, 0xf8, 0x10, ++0x79, 0xee, 0x7e, 0x73, 0xb4, 0x0f, 0x7e, 0x4a, ++0x13, 0xdc, 0x6e, 0xdd, 0x01, 0x9a, 0x9b, 0xc3, ++0xd7, 0xd4, 0xf1, 0x6e, 0x34, 0x9c, 0x01, 0x0d, ++0xb4, 0xca, 0x2b, 0xb3, 0xd3, 0x46, 0x0c, 0x3f, ++0x80, 0x7d, 0x52, 0x6b, 0xdd, 0xd3, 0x8d, 0x54, ++0x66, 0xea, 0x48, 0xad, 0x11, 0xbb, 0x2d, 0xd5, ++0xab, 0xde, 0x81, 0x08, 0x18, 0x6d, 0x49, 0x64, ++0x04, 0x6c, 0xa3, 0x0e, 0xac, 0xd4, 0xc3, 0xbc, ++0xd3, 0x1c, 0x35, 0x19, 0x61, 0xf8, 0x46, 0xb9, ++0x8a, 0x81, 0xd0, 0x01, 0x86, 0x34, 0x17, 0xe8, ++0x65, 0x04, 0x5f, 0xf5, 0xf2, 0x53, 0xa4, 0xa3, ++0x0e, 0x00 ++}; ++ ++static const ST_KAT_PARAM key_ed448[] = { ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_secret_key), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_public_key), ++ ST_KAT_PARAM_END() ++}; ++ + # ifndef OPENSSL_NO_EC2M + static const char ecd_bin_curve_name[] = "sect233r1"; + static const unsigned char ecd_bin_priv[] = { +@@ -1733,6 +1812,20 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + ITM(rsa_expected_sig) + }, + #ifndef OPENSSL_NO_EC ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ED25519, ++ "ED25519", ++ "SHA-256", ++ key_ed25519, ++ ITM(ed25519_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ED448, ++ "ED448", ++ "SHA-256", ++ key_ed448, ++ ITM(ed448_sig) ++ }, + { + OSSL_SELF_TEST_DESC_SIGN_ECDSA, + "EC", +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index 169460a..6cca054 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -542,6 +542,126 @@ err: + return ret; + } + ++static int self_test_eddsa_sign(const ST_KAT_SIGN *t, ++ OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) ++{ ++ int ret = 0; ++ const char *message = "Hello World!"; ++ unsigned char test_signature[256]; ++ size_t sig_len = sizeof(test_signature); ++ EVP_PKEY *pkey = NULL; ++ EVP_MD_CTX *md_ctx = NULL; ++ EVP_PKEY_CTX *kctx = NULL; ++ EVP_PKEY_CTX *sctx = NULL; ++ const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE; ++ OSSL_PARAM params[3] = { 0 }; ++ ++ OSSL_SELF_TEST_onbegin(st, typ, t->desc); ++ ++ params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, ++ (void *)t->key[0].data, ++ t->key[0].data_len); ++ params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, ++ (void *)t->key[1].data, ++ t->key[1].data_len); ++ params[2] = OSSL_PARAM_construct_end(); ++ ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) { ++ goto err; ++ } ++ ++ kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); ++ if (kctx == NULL) { ++ goto err; ++ } ++ ++ if (!EVP_PKEY_fromdata_init(kctx)) { ++ goto err; ++ } ++ ++ if (!EVP_PKEY_fromdata(kctx, ++ &pkey, ++ EVP_PKEY_KEYPAIR, ++ params)) { ++ goto err; ++ } ++ ++ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ ++ if (EVP_DigestSignInit(md_ctx, ++ &sctx, ++ NULL, ++ NULL, ++ pkey) != 1) { ++ goto err; ++ } ++ ++ if (EVP_DigestSign(md_ctx, ++ test_signature, ++ &sig_len, ++ (uint8_t *)message, ++ strlen(message)) != 1) { ++ goto err; ++ } ++ ++ if (sig_len != t->sig_expected_len) { ++ goto err; ++ } ++ ++ if (memcmp(test_signature, t->sig_expected, sig_len) != 0) { ++ goto err; ++ } ++ ++ /* Now check verify. */ ++ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ ++ if (EVP_DigestVerifyInit(md_ctx, ++ &sctx, ++ NULL, ++ NULL, ++ pkey) != 1) { ++ goto err; ++ } ++ ++ if (EVP_DigestVerify(md_ctx, ++ t->sig_expected, ++ t->sig_expected_len, ++ (uint8_t *)message, ++ strlen(message)) != 1) { ++ goto err; ++ } ++ ++ /* Check a bad signature doesn't match. */ ++ test_signature[0] ^= 0x1; ++ if (EVP_DigestVerify(md_ctx, ++ test_signature, ++ sig_len, ++ (uint8_t *)message, ++ strlen(message)) == 1) { ++ goto err; ++ } ++ ++ ret = 1; ++ ++ err: ++ ++ if (sctx != NULL) { ++ EVP_PKEY_CTX_free(sctx); ++ } ++ if (md_ctx != NULL) { ++ EVP_MD_CTX_free(md_ctx); ++ } ++ if (pkey != NULL) { ++ EVP_PKEY_free(pkey); ++ } ++ if (kctx != NULL) { ++ EVP_PKEY_CTX_free(kctx); ++ } ++ OSSL_SELF_TEST_onend(st, ret); ++ return ret; ++} ++ + /* + * Test an encrypt or decrypt KAT.. + * +@@ -717,8 +837,14 @@ static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + ROCKY_FIPS_signature_st = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { +- if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) ++ if ((strcmp("ED25519", st_kat_sign_tests[i].algorithm)==0) || ++ (strcmp("ED448", st_kat_sign_tests[i].algorithm)==0)) { ++ if (!self_test_eddsa_sign(&st_kat_sign_tests[i], st, libctx)) { ++ ret = 0; ++ } ++ } else if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) { + ret = 0; ++ } + } + ROCKY_FIPS_signature_st = 0; + return ret; +-- +2.43.5 + diff --git a/SOURCES/0140-Add-PCTs-for-key-generation-for-ED25519-and-ED448.patch b/SOURCES/0140-Add-PCTs-for-key-generation-for-ED25519-and-ED448.patch new file mode 100644 index 00000000..ae562916 --- /dev/null +++ b/SOURCES/0140-Add-PCTs-for-key-generation-for-ED25519-and-ED448.patch @@ -0,0 +1,177 @@ +From 2bdd90998d1b99703f56e1cf4b24b7782acccd45 Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Fri, 1 Nov 2024 11:11:10 -0700 +Subject: [PATCH 2/3] Add PCTs for key generation for ED25519 and ED448. + +Signed-off-by: Jeremy Allison +--- + providers/implementations/keymgmt/ecx_kmgmt.c | 141 ++++++++++++++++++ + 1 file changed, 141 insertions(+) + +diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c +index 2a7f867..3386613 100644 +--- a/providers/implementations/keymgmt/ecx_kmgmt.c ++++ b/providers/implementations/keymgmt/ecx_kmgmt.c +@@ -573,6 +573,127 @@ static const OSSL_PARAM *ecx_gen_settable_params(ossl_unused void *genctx, + return settable; + } + ++#ifdef FIPS_MODULE ++static int fips_eddsa_pct(OSSL_LIB_CTX *libctx, ++ ECX_KEY_TYPE type, ++ uint8_t *pubkey, ++ uint8_t *privkey, ++ size_t keylen) ++{ ++ int ret = 0; ++ const char *message = "Hello World!"; ++ unsigned char test_signature[114]; ++ size_t sig_len = sizeof(test_signature); ++ size_t expected_sig_len = (type == ECX_KEY_TYPE_ED25519) ? 64 : 114; ++ EVP_PKEY *pkey = NULL; ++ EVP_MD_CTX *md_ctx = NULL; ++ EVP_PKEY_CTX *kctx = NULL; ++ EVP_PKEY_CTX *sctx = NULL; ++ OSSL_PARAM params[3] = { 0 }; ++ ++ params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, ++ (void *)privkey, ++ keylen); ++ params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, ++ (void *)pubkey, ++ keylen); ++ params[2] = OSSL_PARAM_construct_end(); ++ ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) { ++ goto err; ++ } ++ ++ kctx = EVP_PKEY_CTX_new_from_name(libctx, ++ (type == ECX_KEY_TYPE_ED25519) ? ++ "ED25519" : "ED448", ++ ""); ++ if (kctx == NULL) { ++ goto err; ++ } ++ ++ if (!EVP_PKEY_fromdata_init(kctx)) { ++ goto err; ++ } ++ ++ if (!EVP_PKEY_fromdata(kctx, ++ &pkey, ++ EVP_PKEY_KEYPAIR, ++ params)) { ++ goto err; ++ } ++ ++ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ ++ if (EVP_DigestSignInit(md_ctx, ++ &sctx, ++ NULL, ++ NULL, ++ pkey) != 1) { ++ goto err; ++ } ++ ++ if (EVP_DigestSign(md_ctx, ++ test_signature, ++ &sig_len, ++ (uint8_t *)message, ++ strlen(message)) != 1) { ++ goto err; ++ } ++ ++ if (sig_len != expected_sig_len) { ++ goto err; ++ } ++ ++ /* Now check verify. */ ++ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ ++ if (EVP_DigestVerifyInit(md_ctx, ++ &sctx, ++ NULL, ++ NULL, ++ pkey) != 1) { ++ goto err; ++ } ++ ++ if (EVP_DigestVerify(md_ctx, ++ test_signature, ++ sig_len, ++ (uint8_t *)message, ++ strlen(message)) != 1) { ++ goto err; ++ } ++ ++ /* Check a bad signature doesn't match. */ ++ test_signature[0] ^= 0x1; ++ if (EVP_DigestVerify(md_ctx, ++ test_signature, ++ sig_len, ++ (uint8_t *)message, ++ strlen(message)) == 1) { ++ goto err; ++ } ++ ++ ret = 1; ++ ++ err: ++ ++ if (sctx != NULL) { ++ EVP_PKEY_CTX_free(sctx); ++ } ++ if (md_ctx != NULL) { ++ EVP_MD_CTX_free(md_ctx); ++ } ++ if (pkey != NULL) { ++ EVP_PKEY_free(pkey); ++ } ++ if (kctx != NULL) { ++ EVP_PKEY_CTX_free(kctx); ++ } ++ return ret; ++} ++#endif ++ + static void *ecx_gen(struct ecx_gen_ctx *gctx) + { + ECX_KEY *key; +@@ -612,11 +733,31 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) + if (!ossl_ed25519_public_from_private(gctx->libctx, key->pubkey, privkey, + gctx->propq)) + goto err; ++#ifdef FIPS_MODULE ++ if (!fips_eddsa_pct(gctx->libctx, ++ ECX_KEY_TYPE_ED25519, ++ key->pubkey, ++ privkey, ++ key->keylen)) { ++ /* rsa pct aborts on fail, do the same. */ ++ abort(); ++ } ++#endif + break; + case ECX_KEY_TYPE_ED448: + if (!ossl_ed448_public_from_private(gctx->libctx, key->pubkey, privkey, + gctx->propq)) + goto err; ++#ifdef FIPS_MODULE ++ if (!fips_eddsa_pct(gctx->libctx, ++ ECX_KEY_TYPE_ED448, ++ key->pubkey, ++ privkey, ++ key->keylen)) { ++ /* rsa pct aborts on fail, do the same. */ ++ abort(); ++ } ++#endif + break; + } + key->haspubkey = 1; +-- +2.43.5 + diff --git a/SOURCES/0141-ECX-pubkey-zero.patch b/SOURCES/0141-ECX-pubkey-zero.patch new file mode 100644 index 00000000..ffb78da0 --- /dev/null +++ b/SOURCES/0141-ECX-pubkey-zero.patch @@ -0,0 +1,28 @@ +commit 2525d132b727aa625617013974cf499923459612 +Author: Jeremy Allison +Date: Fri Nov 15 10:28:24 2024 -0800 + + fips: zeroization of ECX public keys + + Upstream commit fa338aa added zeroization of public security parameters as + required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit + overlooked ECX keys, which are used for EdDSA and X25519/X448. + + Written by Joachim Vandersmissen. + + Signed-off-by: Jeremy Allison + +diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c +index dcec26c..ae179de 100644 +--- a/crypto/ec/ecx_key.c ++++ b/crypto/ec/ecx_key.c +@@ -68,6 +68,9 @@ void ossl_ecx_key_free(ECX_KEY *key) + REF_ASSERT_ISNT(i < 0); + + OPENSSL_free(key->propq); ++#ifdef FIPS_MODULE ++ OPENSSL_cleanse(&key->pubkey, sizeof(key->pubkey)); ++#endif + OPENSSL_secure_clear_free(key->privkey, key->keylen); + CRYPTO_THREAD_lock_free(key->lock); + OPENSSL_free(key); diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index f3524848..1144f97f 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.7 -Release: 27%{?dist}.0.2.4 +Release: 27%{?dist}.0.2.5 Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -217,12 +217,14 @@ Patch135: 0135-CVE-2024-0727.patch # https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f Patch136: 0136-CVE-2024-6119.patch #FIPS PROVIDER rebranding -Patch200: rocky_fips_provider.patch -Patch201: rocky_fips_provider-2.patch +Patch200: 0137-rocky_fips_provider.patch +Patch201: 0138-rocky_fips_provider-2.patch # EDDSA patches (ED25519 and ED448). -Patch301: 0001-Add-KAT-and-enable-support-for-ED25519-and-ED448-in-.patch -Patch302: 0002-Add-PCTs-for-key-generation-for-ED25519-and-ED448.patch +Patch301: 0139-Add-KAT-and-enable-support-for-ED25519-and-ED448-in-.patch +Patch302: 0140-Add-PCTs-for-key-generation-for-ED25519-and-ED448.patch +# FIPS - zero ECX keys. +Patch303: 0141-ECX-pubkey-zero.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -361,7 +363,7 @@ export HASHBANGPERL=/usr/bin/perl zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ - shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DROCKY_FIPS_NAME="\"Rocky Linux 9 - OpenSSL FIPS Provider\"" -DROCKY_FIPS_VERSION="\"Rocky9.20241015\""'\ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DROCKY_FIPS_NAME="\"Rocky Linux 9 - OpenSSL FIPS Provider\"" -DROCKY_FIPS_VERSION="\"Rocky9.20241119\""'\ -Wl,--allow-multiple-definition # Do not run this in a production package the FIPS symbols must be patched-in @@ -562,7 +564,11 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco %ldconfig_scriptlets libs %changelog -* Tue Nov 5 2024 Jeremy Allison - 3.0.7-27.0.2.4 +* Mon Nov 19 2024 Jason Rodriguez - 3.0.7-27.0.2.5 +- Renaming patch files to adhear to provider naming convention + +* Mon Nov 18 2024 Jeremy Allison - 3.0.7-27.0.2.4 +- FIPS - zeroization of ECX public keys - Add EDDSA (ED25519 and ED448 curves) * Tue Oct 29 2024 Jason Rodriguez - 3.0.7-27.0.2.3