Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
openssl-1_1
openssl-1_1-fips-list-only-approved-digest-and-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch of Package openssl-1_1
--- crypto/asn1/ameth_lib.c | 18 ++++++++++++++++++ crypto/asn1/standard_methods.h | 29 +++++++++++++++++++++++++++++ crypto/evp/c_alld.c | 27 +++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -35,7 +35,11 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_P int EVP_PKEY_asn1_get_count(void) { +#ifdef OPENSSL_FIPS + int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods); +#else int num = OSSL_NELEM(standard_methods); +#endif if (app_methods) num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); return num; @@ -43,11 +47,19 @@ int EVP_PKEY_asn1_get_count(void) const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) { +#ifdef OPENSSL_FIPS + int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods); +#else int num = OSSL_NELEM(standard_methods); +#endif if (idx < 0) return NULL; if (idx < num) +#ifdef OPENSSL_FIPS + return FIPS_mode() ? standard_fips_methods[idx] : standard_methods[idx]; +#else return standard_methods[idx]; +#endif idx -= num; return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); } @@ -63,7 +75,13 @@ static const EVP_PKEY_ASN1_METHOD *pkey_ if (idx >= 0) return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); } +#ifdef OPENSSL_FIPS + ret = FIPS_mode() ? \ + OBJ_bsearch_ameth(&t, standard_fips_methods, OSSL_NELEM(standard_fips_methods)) : \ + OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); +#else ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); +#endif if (!ret || !*ret) return NULL; return *ret; --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -59,3 +59,32 @@ static const EVP_PKEY_ASN1_METHOD *stand #endif }; +static const EVP_PKEY_ASN1_METHOD *standard_fips_methods[] = { +#ifndef OPENSSL_NO_RSA + &rsa_asn1_meths[0], + &rsa_asn1_meths[1], +#endif +#ifndef OPENSSL_NO_DH + &dh_asn1_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_asn1_meths[0], + &dsa_asn1_meths[1], + &dsa_asn1_meths[2], + &dsa_asn1_meths[3], + &dsa_asn1_meths[4], +#endif +#ifndef OPENSSL_NO_EC + &eckey_asn1_meth, +#endif + &hmac_asn1_meth, +#ifndef OPENSSL_NO_CMAC + &cmac_asn1_meth, +#endif +#ifndef OPENSSL_NO_RSA + &rsa_pss_asn1_meth, +#endif +#ifndef OPENSSL_NO_DH + &dhx_asn1_meth, +#endif +}; --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -16,6 +16,13 @@ void openssl_add_all_digests_int(void) { +#ifdef OPENSSL_FIPS + /* + * This function is called from FIPS_selftest_ecdsa() before FIPS mode is + * turned on. That is the reason why we need to also check fips_in_post(). + */ + if (!FIPS_mode() && !fips_in_post()) { +#endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif @@ -57,4 +64,24 @@ void openssl_add_all_digests_int(void) EVP_add_digest(EVP_sha3_512()); EVP_add_digest(EVP_shake128()); EVP_add_digest(EVP_shake256()); +#ifdef OPENSSL_FIPS + } else { + EVP_add_digest(EVP_md5_sha1()); + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); + EVP_add_digest(EVP_sha512_224()); + EVP_add_digest(EVP_sha512_256()); + EVP_add_digest(EVP_sha3_224()); + EVP_add_digest(EVP_sha3_256()); + EVP_add_digest(EVP_sha3_384()); + EVP_add_digest(EVP_sha3_512()); + EVP_add_digest(EVP_shake128()); + EVP_add_digest(EVP_shake256()); + } +#endif }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor