public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Do not try to use EC groups disallowed in FIPS mode in TLS
Date: Tue, 09 Jun 2026 12:44:32 GMT [thread overview]
Message-ID: <178100907280.1.4638807084979026682.rpms-openssl-8419f769c73f@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 8419f769c73f8e1825473fc94e56221841bf0eda
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2019-06-24T15:13:12+02:00
Stats : +138/-18 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/8419f769c73f8e1825473fc94e56221841bf0eda?branch=rebase_40beta
Log:
Do not try to use EC groups disallowed in FIPS mode in TLS
Also fix Valgrind regression with constant-time code
---
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index d59c440..3ff5aa4 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -11673,6 +11673,45 @@ diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c
}
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
+diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h
+--- openssl-1.1.1c/ssl/ssl_locl.h.fips 2019-06-03 16:44:58.963560101 +0200
++++ openssl-1.1.1c/ssl/ssl_locl.h 2019-06-24 14:43:19.547353076 +0200
+@@ -1507,6 +1507,7 @@ typedef struct tls_group_info_st {
+ # define TLS_CURVE_PRIME 0x0
+ # define TLS_CURVE_CHAR2 0x1
+ # define TLS_CURVE_CUSTOM 0x2
++# define TLS_CURVE_FIPS 0x80
+
+ typedef struct cert_pkey_st CERT_PKEY;
+
+diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c
+--- openssl-1.1.1c/ssl/t1_lib.c.fips 2019-05-28 15:12:21.000000000 +0200
++++ openssl-1.1.1c/ssl/t1_lib.c 2019-06-24 14:49:00.638576235 +0200
+@@ -156,11 +156,11 @@ static const TLS_GROUP_INFO nid_list[] =
+ {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+ {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+- {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
++ {NID_secp224r1, 112, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp224r1 (21) */
+ {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+- {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+- {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+- {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
++ {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp256r1 (23) */
++ {NID_secp384r1, 192, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp384r1 (24) */
++ {NID_secp521r1, 256, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp521r1 (25) */
+ {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+@@ -255,6 +255,8 @@ int tls_curve_allowed(SSL *s, uint16_t c
+ if (cinfo->flags & TLS_CURVE_CHAR2)
+ return 0;
+ # endif
++ if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS))
++ return 0;
+ ctmp[0] = curve >> 8;
+ ctmp[1] = curve & 0xff;
+ return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c
--- openssl-1.1.1b/test/dsatest.c.fips 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/test/dsatest.c 2019-02-28 11:30:06.824745335 +0100
diff --git a/openssl-1.1.1-upstream-sync.patch b/openssl-1.1.1-upstream-sync.patch
index 1603155..7e03b8d 100644
--- a/openssl-1.1.1-upstream-sync.patch
+++ b/openssl-1.1.1-upstream-sync.patch
@@ -24,7 +24,7 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
# define NUM_SYS_STR_REASONS 127
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-@@ -219,26 +219,30 @@ static void build_SYS_str_reasons(void)
+@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void)
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
@@ -35,8 +35,7 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
+ */
+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
-- size_t l = strlen(cur);
-+ size_t l = strlen(cur) + 1;
+ size_t l = strlen(cur);
str->string = cur;
cnt += l;
@@ -50,21 +49,10 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
+ * some (most? all?) messages. Lets trim them off.
*/
- while (ossl_isspace(cur[-1])) {
-- cur--;
-- cnt--;
-+ if (cur > strerror_pool && ossl_isspace(cur[-1])) {
-+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
-+ cur--;
-+ cnt--;
-+ }
-+ *cur++ = '\0';
-+ cnt++;
++ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
+ cur--;
+ cnt--;
}
-- *cur++ = '\0';
-- cnt++;
- }
- }
- if (str->string == NULL)
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
@@ -456,3 +444,91 @@ index fa19e7d80d..56e323f5bc 100644
--
2.20.1
+diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h
+--- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200
++++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200
+@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+ }
+
++/* Returns the value unmodified, but avoids optimizations. */
++static ossl_inline unsigned int value_barrier(unsigned int a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ unsigned int r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile unsigned int r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for uint32_t. */
++static ossl_inline uint32_t value_barrier_32(uint32_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ uint32_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile uint32_t r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for uint64_t. */
++static ossl_inline uint64_t value_barrier_64(uint64_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ uint64_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile uint64_t r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for size_t. */
++static ossl_inline size_t value_barrier_s(size_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ size_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile size_t r = a;
++#endif
++ return r;
++}
++
+ static ossl_inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a,
+ unsigned int b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
+ }
+
+ static ossl_inline size_t constant_time_select_s(size_t mask,
+ size_t a,
+ size_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
+ }
+
+ static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel
+ static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+ uint32_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
+ }
+
+ static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+ uint64_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
+ }
+
+ /*
diff --git a/openssl.spec b/openssl.spec
index ce289c9..d2a5a74 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1c
-Release: 3%{?dist}
+Release: 4%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -454,6 +454,11 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-4
+- do not try to use EC groups disallowed in FIPS mode
+ in TLS
+- fix Valgrind regression with constant-time code
+
* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-3
- add upstream patch to defer sending KeyUpdate after
pending writes are complete
reply other threads:[~2026-06-09 12:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100907280.1.4638807084979026682.rpms-openssl-8419f769c73f@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox