Merge ~adrien/ubuntu/+source/openssl:fips-avx512-and-lto into ubuntu/+source/openssl:ubuntu/devel
- Git
- lp:~adrien/ubuntu/+source/openssl
- fips-avx512-and-lto
- Merge into ubuntu/devel
Proposed by
Adrien Nader
| Status: | Merged | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Merge reported by: | Adrien Nader | ||||||||
| Merged at revision: | eb649aba51aad5f5a86e4ee9df407fa7d7b661f9 | ||||||||
| Proposed branch: | ~adrien/ubuntu/+source/openssl:fips-avx512-and-lto | ||||||||
| Merge into: | ubuntu/+source/openssl:ubuntu/devel | ||||||||
| Diff against target: |
1037 lines (+971/-4) 9 files modified
debian/changelog (+24/-0) debian/patches/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch (+38/-0) debian/patches/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch (+130/-0) debian/patches/fips/crypto-Add-kernel-FIPS-mode-detection.patch (+154/-0) debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch (+495/-0) debian/patches/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch (+57/-0) debian/patches/intel/002-vaes_gcm_avx512_fix.patch (+63/-0) debian/patches/series (+9/-3) debian/rules (+1/-1) |
||||||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Simon Chopin (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Include patches to reduce the delta of the FIPS-variant package, re-enable AVX512 patch and disable LTO.
All these changes have corresponding bug reports:
- [FFe] FIPS compatibility patches: https:/
- Backport Intel's AVX512 patches on openssl 3.0: https:/
- openssl is not LTO-safe: https:/
There is a granted FFe for the FIPS patches.
The AVX512 is a fix so no FFe request.
I also consider the LTO one to be a fix so no FFe request either even though I provided all the details needed to make one.
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | diff --git a/debian/changelog b/debian/changelog |
| 2 | index 06dd500..b4d551a 100644 |
| 3 | --- a/debian/changelog |
| 4 | +++ b/debian/changelog |
| 5 | @@ -1,3 +1,27 @@ |
| 6 | +openssl (3.0.13-0ubuntu2) noble; urgency=medium |
| 7 | + |
| 8 | + [ Tobias Heider ] |
| 9 | + * Add fips-mode detection and adjust defaults when running in fips mode |
| 10 | + (LP: #2056593): |
| 11 | + - d/p/fips/crypto-Add-kernel-FIPS-mode-detection.patch: |
| 12 | + Detect if kernel fips mode is enabled |
| 13 | + - d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch: |
| 14 | + Load FIPS provider if running in FIPS mode |
| 15 | + - d/p/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch: |
| 16 | + Limit openssl-speed to FIPS compliant algorithms when running in FIPS mode |
| 17 | + - d/p/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch |
| 18 | + Make sure DRBG respects query properties |
| 19 | + - d/p/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch: |
| 20 | + Make sure encoding runs with correct library context and provider |
| 21 | + |
| 22 | + [ Adrien Nader ] |
| 23 | + * Re-enable intel/0002-AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ.patch |
| 24 | + (LP: #2030784) |
| 25 | + Thanks Bun K Tan and Dan Zimmerman |
| 26 | + * Disable LTO with which the codebase is generally incompatible (LP: #2058017) |
| 27 | + |
| 28 | + -- Adrien Nader <adrien.nader@canonical.com> Fri, 15 Mar 2024 09:46:33 +0100 |
| 29 | + |
| 30 | openssl (3.0.13-0ubuntu1) noble; urgency=medium |
| 31 | |
| 32 | * Import 3.0.13 |
| 33 | diff --git a/debian/patches/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch b/debian/patches/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch |
| 34 | new file mode 100644 |
| 35 | index 0000000..fce1415 |
| 36 | --- /dev/null |
| 37 | +++ b/debian/patches/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch |
| 38 | @@ -0,0 +1,38 @@ |
| 39 | +From: Chris Coulson <chris.coulson@canonical.com> |
| 40 | +Date: Thu, 13 Oct 2022 00:02:26 +0100 |
| 41 | +Subject: apps: pass -propquery arg to the libctx DRBG fetches |
| 42 | + |
| 43 | +Forwarded: no |
| 44 | +Applied-Upstream: no |
| 45 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593 |
| 46 | + |
| 47 | +The -propquery argument might be used to define a preference for which provider |
| 48 | +an algorithm is fetched from. Set the query properties for the library context |
| 49 | +DRBG fetches as well so that they are fetched with the same properties. |
| 50 | +--- |
| 51 | + apps/lib/app_libctx.c | 5 +++++ |
| 52 | + 1 file changed, 5 insertions(+) |
| 53 | + |
| 54 | +diff --git a/apps/lib/app_libctx.c b/apps/lib/app_libctx.c |
| 55 | +index 4b9ec40e8527..d1c9909165b4 100644 |
| 56 | +--- a/apps/lib/app_libctx.c |
| 57 | ++++ b/apps/lib/app_libctx.c |
| 58 | +@@ -6,6 +6,7 @@ |
| 59 | + * in the file LICENSE in the source distribution or at |
| 60 | + * https://www.openssl.org/source/license.html |
| 61 | + */ |
| 62 | ++#include <openssl/rand.h> |
| 63 | + #include "app_libctx.h" |
| 64 | + #include "apps.h" |
| 65 | + |
| 66 | +@@ -15,6 +16,10 @@ static const char *app_propq = NULL; |
| 67 | + int app_set_propq(const char *arg) |
| 68 | + { |
| 69 | + app_propq = arg; |
| 70 | ++ if (!RAND_set_DRBG_type(app_libctx, NULL, arg, NULL, NULL)) |
| 71 | ++ return 0; |
| 72 | ++ if (!RAND_set_seed_source_type(app_libctx, NULL, arg)) |
| 73 | ++ return 0; |
| 74 | + return 1; |
| 75 | + } |
| 76 | + |
| 77 | diff --git a/debian/patches/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch b/debian/patches/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch |
| 78 | new file mode 100644 |
| 79 | index 0000000..2aa9810 |
| 80 | --- /dev/null |
| 81 | +++ b/debian/patches/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch |
| 82 | @@ -0,0 +1,130 @@ |
| 83 | +From: Chris Coulson <chris.coulson@canonical.com> |
| 84 | +Date: Thu, 21 Apr 2022 13:11:18 +0100 |
| 85 | +Subject: apps/speed: Omit unavailable algorithms in FIPS mode |
| 86 | + |
| 87 | +Forwarded: no |
| 88 | +Applied-Upstream: no |
| 89 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593 |
| 90 | +--- |
| 91 | + apps/speed.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| 92 | + 1 file changed, 66 insertions(+) |
| 93 | + |
| 94 | +diff --git a/apps/speed.c b/apps/speed.c |
| 95 | +index 1113d775b8ab..9bdab90186b3 100644 |
| 96 | +--- a/apps/speed.c |
| 97 | ++++ b/apps/speed.c |
| 98 | +@@ -1496,6 +1496,9 @@ int speed_main(int argc, char **argv) |
| 99 | + OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0); |
| 100 | + #endif |
| 101 | + |
| 102 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) |
| 103 | ++ evp_mac_mdname = "sha1"; |
| 104 | ++ |
| 105 | + prog = opt_init(argc, argv, speed_options); |
| 106 | + while ((o = opt_next()) != OPT_EOF) { |
| 107 | + switch (o) { |
| 108 | +@@ -1647,6 +1650,8 @@ int speed_main(int argc, char **argv) |
| 109 | + } |
| 110 | + if (strcmp(algo, "des") == 0) { |
| 111 | + doit[D_CBC_DES] = doit[D_EDE3_DES] = 1; |
| 112 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) |
| 113 | ++ doit[D_CBC_DES] = 0; |
| 114 | + continue; |
| 115 | + } |
| 116 | + if (strcmp(algo, "sha") == 0) { |
| 117 | +@@ -1660,6 +1665,8 @@ int speed_main(int argc, char **argv) |
| 118 | + if (strncmp(algo, "rsa", 3) == 0) { |
| 119 | + if (algo[3] == '\0') { |
| 120 | + memset(rsa_doit, 1, sizeof(rsa_doit)); |
| 121 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) |
| 122 | ++ rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = 0; |
| 123 | + continue; |
| 124 | + } |
| 125 | + if (opt_found(algo, rsa_choices, &i)) { |
| 126 | +@@ -1682,6 +1689,10 @@ int speed_main(int argc, char **argv) |
| 127 | + if (strncmp(algo, "dsa", 3) == 0) { |
| 128 | + if (algo[3] == '\0') { |
| 129 | + memset(dsa_doit, 1, sizeof(dsa_doit)); |
| 130 | ++ /* R_DSA_512 and R_DSA_1024 should be disabled in FIPS mode, |
| 131 | ++ * but actually, none of the DSA benchmarks work because the |
| 132 | ++ * compiled-in keys fail the necessary checks. Just return an |
| 133 | ++ * error if the DSA benchmarks are invoked explicitly. */ |
| 134 | + continue; |
| 135 | + } |
| 136 | + if (opt_found(algo, dsa_choices, &i)) { |
| 137 | +@@ -1700,6 +1711,18 @@ int speed_main(int argc, char **argv) |
| 138 | + if (strncmp(algo, "ecdsa", 5) == 0) { |
| 139 | + if (algo[5] == '\0') { |
| 140 | + memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); |
| 141 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) { |
| 142 | ++ ecdsa_doit[R_EC_P160] = ecdsa_doit[R_EC_P192] = 0; |
| 143 | ++#ifndef OPENSSL_NO_EC2M |
| 144 | ++ ecdsa_doit[R_EC_K163] = ecdsa_doit[R_EC_B163] = 0; |
| 145 | ++#endif |
| 146 | ++ ecdsa_doit[R_EC_BRP256R1] = |
| 147 | ++ ecdsa_doit[R_EC_BRP256T1] = |
| 148 | ++ ecdsa_doit[R_EC_BRP384R1] = |
| 149 | ++ ecdsa_doit[R_EC_BRP384T1] = |
| 150 | ++ ecdsa_doit[R_EC_BRP512R1] = |
| 151 | ++ ecdsa_doit[R_EC_BRP512T1] = 0; |
| 152 | ++ } |
| 153 | + continue; |
| 154 | + } |
| 155 | + if (opt_found(algo, ecdsa_choices, &i)) { |
| 156 | +@@ -1710,6 +1733,18 @@ int speed_main(int argc, char **argv) |
| 157 | + if (strncmp(algo, "ecdh", 4) == 0) { |
| 158 | + if (algo[4] == '\0') { |
| 159 | + memset(ecdh_doit, 1, sizeof(ecdh_doit)); |
| 160 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) { |
| 161 | ++ ecdh_doit[R_EC_P160] = ecdh_doit[R_EC_P192] = 0; |
| 162 | ++#ifndef OPENSSL_NO_EC2M |
| 163 | ++ ecdh_doit[R_EC_K163] = ecdh_doit[R_EC_B163] = 0; |
| 164 | ++#endif |
| 165 | ++ ecdh_doit[R_EC_BRP256R1] = |
| 166 | ++ ecdh_doit[R_EC_BRP256T1] = |
| 167 | ++ ecdh_doit[R_EC_BRP384R1] = |
| 168 | ++ ecdh_doit[R_EC_BRP384T1] = |
| 169 | ++ ecdh_doit[R_EC_BRP512R1] = |
| 170 | ++ ecdh_doit[R_EC_BRP512T1] = 0; |
| 171 | ++ } |
| 172 | + continue; |
| 173 | + } |
| 174 | + if (opt_found(algo, ecdh_choices, &i)) { |
| 175 | +@@ -1863,6 +1898,37 @@ int speed_main(int argc, char **argv) |
| 176 | + #ifndef OPENSSL_NO_SM2 |
| 177 | + memset(sm2_doit, 1, sizeof(sm2_doit)); |
| 178 | + #endif |
| 179 | ++ if (EVP_default_properties_is_fips_enabled(app_get0_libctx())) { |
| 180 | ++ rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = 0; |
| 181 | ++ |
| 182 | ++ memset(dsa_doit, 0, sizeof(dsa_doit)); |
| 183 | ++ |
| 184 | ++ ecdsa_doit[R_EC_P160] = ecdsa_doit[R_EC_P192] = 0; |
| 185 | ++#ifndef OPENSSL_NO_EC2M |
| 186 | ++ ecdsa_doit[R_EC_K163] = ecdsa_doit[R_EC_B163] = 0; |
| 187 | ++#endif |
| 188 | ++ ecdsa_doit[R_EC_BRP256R1] = |
| 189 | ++ ecdsa_doit[R_EC_BRP256T1] = |
| 190 | ++ ecdsa_doit[R_EC_BRP384R1] = |
| 191 | ++ ecdsa_doit[R_EC_BRP384T1] = |
| 192 | ++ ecdsa_doit[R_EC_BRP512R1] = |
| 193 | ++ ecdsa_doit[R_EC_BRP512T1] = 0; |
| 194 | ++ |
| 195 | ++ ecdh_doit[R_EC_P160] = ecdh_doit[R_EC_P192] = 0; |
| 196 | ++#ifndef OPENSSL_NO_EC2M |
| 197 | ++ ecdh_doit[R_EC_K163] = ecdh_doit[R_EC_B163] = 0; |
| 198 | ++#endif |
| 199 | ++ ecdh_doit[R_EC_BRP256R1] = |
| 200 | ++ ecdh_doit[R_EC_BRP256T1] = |
| 201 | ++ ecdh_doit[R_EC_BRP384R1] = |
| 202 | ++ ecdh_doit[R_EC_BRP384T1] = |
| 203 | ++ ecdh_doit[R_EC_BRP512R1] = |
| 204 | ++ ecdh_doit[R_EC_BRP512T1] = 0; |
| 205 | ++ |
| 206 | ++#ifndef OPENSSL_NO_SM2 |
| 207 | ++ memset(sm2_doit, 0, sizeof(sm2_doit)); |
| 208 | ++#endif |
| 209 | ++ } |
| 210 | + } |
| 211 | + for (i = 0; i < ALGOR_NUM; i++) |
| 212 | + if (doit[i]) |
| 213 | diff --git a/debian/patches/fips/crypto-Add-kernel-FIPS-mode-detection.patch b/debian/patches/fips/crypto-Add-kernel-FIPS-mode-detection.patch |
| 214 | new file mode 100644 |
| 215 | index 0000000..25c5184 |
| 216 | --- /dev/null |
| 217 | +++ b/debian/patches/fips/crypto-Add-kernel-FIPS-mode-detection.patch |
| 218 | @@ -0,0 +1,154 @@ |
| 219 | +From: Chris Coulson <chris.coulson@canonical.com> |
| 220 | +Date: Thu, 14 Apr 2022 14:57:44 +0100 |
| 221 | +Subject: crypto: Add kernel FIPS mode detection |
| 222 | + |
| 223 | +Forwarded: no |
| 224 | +Applied-Upstream: no |
| 225 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593 |
| 226 | + |
| 227 | +This adds a new internal API to determine whether the kernel has been booted |
| 228 | +in FIPS mode. This can be overridden with the OPENSSL_FORCE_FIPS_MODE |
| 229 | +environment variable. OPENSSL_FIPS_MODE_SWITCH_PATH can be used to specify an |
| 230 | +alternative path for the fips_enabled file and is used in tests. |
| 231 | +The FIPS_MODULE switch can be used to enable build of the the FIPS provider |
| 232 | +module specific parts which are not needed in the OpenSSL library itself. |
| 233 | +--- |
| 234 | + crypto/build.info | 2 +- |
| 235 | + crypto/context.c | 20 ++++++++++++++++++++ |
| 236 | + crypto/fips_mode.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ |
| 237 | + crypto/fips_mode.h | 17 +++++++++++++++++ |
| 238 | + 4 files changed, 84 insertions(+), 1 deletion(-) |
| 239 | + create mode 100644 crypto/fips_mode.c |
| 240 | + create mode 100644 crypto/fips_mode.h |
| 241 | + |
| 242 | +diff --git a/crypto/build.info b/crypto/build.info |
| 243 | +index a45bf8deefd5..a128c645667e 100644 |
| 244 | +--- a/crypto/build.info |
| 245 | ++++ b/crypto/build.info |
| 246 | +@@ -101,7 +101,7 @@ SOURCE[../libcrypto]=$UTIL_COMMON \ |
| 247 | + mem.c mem_sec.c \ |
| 248 | + cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ |
| 249 | + o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \ |
| 250 | +- punycode.c passphrase.c |
| 251 | ++ punycode.c passphrase.c fips_mode.c |
| 252 | + SOURCE[../providers/libfips.a]=$UTIL_COMMON |
| 253 | + |
| 254 | + SOURCE[../libcrypto]=$UPLINKSRC |
| 255 | +diff --git a/crypto/context.c b/crypto/context.c |
| 256 | +index 548665fba265..83e255cb2563 100644 |
| 257 | +--- a/crypto/context.c |
| 258 | ++++ b/crypto/context.c |
| 259 | +@@ -17,6 +17,11 @@ |
| 260 | + #include "crypto/ctype.h" |
| 261 | + #include "crypto/rand.h" |
| 262 | + |
| 263 | ++#ifndef FIPS_MODULE |
| 264 | ++# include "crypto/evp.h" |
| 265 | ++# include "fips_mode.h" |
| 266 | ++#endif |
| 267 | ++ |
| 268 | + struct ossl_lib_ctx_onfree_list_st { |
| 269 | + ossl_lib_ctx_onfree_fn *fn; |
| 270 | + struct ossl_lib_ctx_onfree_list_st *next; |
| 271 | +@@ -69,11 +74,26 @@ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) |
| 272 | + return ctx->ischild; |
| 273 | + } |
| 274 | + |
| 275 | ++#if !defined(FIPS_MODULE) |
| 276 | ++static CRYPTO_ONCE init_fips = CRYPTO_ONCE_STATIC_INIT; |
| 277 | ++ |
| 278 | ++DEFINE_RUN_ONCE_STATIC(do_init_fips) |
| 279 | ++{ |
| 280 | ++ ossl_init_fips(); |
| 281 | ++ return 1; |
| 282 | ++} |
| 283 | ++#endif |
| 284 | ++ |
| 285 | + static int context_init(OSSL_LIB_CTX *ctx) |
| 286 | + { |
| 287 | + size_t i; |
| 288 | + int exdata_done = 0; |
| 289 | + |
| 290 | ++#if !defined(FIPS_MODULE) |
| 291 | ++ if (!RUN_ONCE(&init_fips, do_init_fips)) |
| 292 | ++ return 0; |
| 293 | ++#endif |
| 294 | ++ |
| 295 | + ctx->lock = CRYPTO_THREAD_lock_new(); |
| 296 | + if (ctx->lock == NULL) |
| 297 | + return 0; |
| 298 | +diff --git a/crypto/fips_mode.c b/crypto/fips_mode.c |
| 299 | +new file mode 100644 |
| 300 | +index 000000000000..0131075ed764 |
| 301 | +--- /dev/null |
| 302 | ++++ b/crypto/fips_mode.c |
| 303 | +@@ -0,0 +1,46 @@ |
| 304 | ++#define _GNU_SOURCE |
| 305 | ++#include <errno.h> |
| 306 | ++#include <fcntl.h> |
| 307 | ++#include <stdlib.h> |
| 308 | ++#include <string.h> |
| 309 | ++#include <sys/types.h> |
| 310 | ++#include <sys/stat.h> |
| 311 | ++#include <unistd.h> |
| 312 | ++#include "fips_mode.h" |
| 313 | ++ |
| 314 | ++#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" |
| 315 | ++ |
| 316 | ++static int fips_mode; |
| 317 | ++ |
| 318 | ++int ossl_fips_mode(void) |
| 319 | ++{ |
| 320 | ++ return fips_mode; |
| 321 | ++} |
| 322 | ++ |
| 323 | ++void ossl_init_fips(void) |
| 324 | ++{ |
| 325 | ++ const char *switch_path = FIPS_MODE_SWITCH_FILE; |
| 326 | ++ char *v; |
| 327 | ++ char c; |
| 328 | ++ int fd; |
| 329 | ++ |
| 330 | ++ if ((v = secure_getenv("OPENSSL_FORCE_FIPS_MODE")) != NULL) { |
| 331 | ++ fips_mode = strcmp(v, "0") == 0 ? 0 : 1; |
| 332 | ++ return; |
| 333 | ++ } |
| 334 | ++ |
| 335 | ++ if ((v = secure_getenv("OPENSSL_FIPS_MODE_SWITCH_PATH")) != NULL) { |
| 336 | ++ switch_path = v; |
| 337 | ++ } |
| 338 | ++ |
| 339 | ++ fd = open(switch_path, O_RDONLY); |
| 340 | ++ if (fd < 0) { |
| 341 | ++ fips_mode = 0; |
| 342 | ++ return; |
| 343 | ++ } |
| 344 | ++ |
| 345 | ++ while (read(fd, &c, sizeof(c)) < 0 && errno == EINTR); |
| 346 | ++ close(fd); |
| 347 | ++ |
| 348 | ++ fips_mode = c == '1' ? 1 : 0; |
| 349 | ++} |
| 350 | +diff --git a/crypto/fips_mode.h b/crypto/fips_mode.h |
| 351 | +new file mode 100644 |
| 352 | +index 000000000000..5f0607ba9d70 |
| 353 | +--- /dev/null |
| 354 | ++++ b/crypto/fips_mode.h |
| 355 | +@@ -0,0 +1,17 @@ |
| 356 | ++/* |
| 357 | ++ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
| 358 | ++ * |
| 359 | ++ * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 360 | ++ * this file except in compliance with the License. You can obtain a copy |
| 361 | ++ * in the file LICENSE in the source distribution or at |
| 362 | ++ * https://www.openssl.org/source/license.html |
| 363 | ++ */ |
| 364 | ++ |
| 365 | ++#ifndef OSSL_FIPS_MODE_H |
| 366 | ++# define OSSL_FIPS_MODE_H |
| 367 | ++# pragma once |
| 368 | ++ |
| 369 | ++int ossl_fips_mode(void); |
| 370 | ++void ossl_init_fips(void); |
| 371 | ++ |
| 372 | ++#endif |
| 373 | diff --git a/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch b/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch |
| 374 | new file mode 100644 |
| 375 | index 0000000..4d2eb9d |
| 376 | --- /dev/null |
| 377 | +++ b/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch |
| 378 | @@ -0,0 +1,495 @@ |
| 379 | +From: Chris Coulson <chris.coulson@canonical.com> |
| 380 | +Date: Thu, 14 Apr 2022 15:40:56 +0100 |
| 381 | +Subject: crypto: Automatically use the FIPS provider when the kernel is |
| 382 | + booted in FIPS mode |
| 383 | + |
| 384 | +Forwarded: no |
| 385 | +Applied-Upstream: no |
| 386 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593 |
| 387 | + |
| 388 | +This automatically configures all library contexts to use the FIPS provider when |
| 389 | +the kernel is booted in FIPS mode by: |
| 390 | +- Setting "fips=yes" as the default property for algorithm fetches |
| 391 | +- Loading and activating the FIPS provider as the fallback provider. |
| 392 | + |
| 393 | +If applications load providers via a configuration either because the default |
| 394 | +configuration is modified or they override the default configuration, this |
| 395 | +disables loading of the fallback providers. In this case, the configuration |
| 396 | +must load the FIPS provider when FIPS mode is enabled, else algorithm fetches |
| 397 | +will fail |
| 398 | + |
| 399 | +Applications can choose to use non-FIPS approved algorithms by specifying the |
| 400 | +"-fips" or "fips=no" property for algorithm fetches and loading the default |
| 401 | +provider. |
| 402 | +--- |
| 403 | + crypto/context.c | 5 ++ |
| 404 | + crypto/provider_core.c | 4 +- |
| 405 | + crypto/provider_local.h | 2 +- |
| 406 | + crypto/provider_predefined.c | 25 +++++++- |
| 407 | + doc/man3/EVP_set_default_properties.pod | 3 +- |
| 408 | + doc/man5/config.pod | 8 ++- |
| 409 | + doc/man7/OSSL_PROVIDER-default.pod | 7 ++- |
| 410 | + doc/man7/crypto.pod | 30 +++++++-- |
| 411 | + doc/man7/fips_module.pod | 15 +++++ |
| 412 | + test/build.info | 6 +- |
| 413 | + test/fips_auto_enable_test.c | 106 ++++++++++++++++++++++++++++++++ |
| 414 | + test/recipes/04-test_auto_fips_mode.t | 50 +++++++++++++++ |
| 415 | + test/recipes/04-test_auto_fips_mode/off | 1 + |
| 416 | + test/recipes/04-test_auto_fips_mode/on | 1 + |
| 417 | + test/run_tests.pl | 1 + |
| 418 | + 15 files changed, 247 insertions(+), 17 deletions(-) |
| 419 | + create mode 100644 test/fips_auto_enable_test.c |
| 420 | + create mode 100644 test/recipes/04-test_auto_fips_mode.t |
| 421 | + create mode 100644 test/recipes/04-test_auto_fips_mode/off |
| 422 | + create mode 100644 test/recipes/04-test_auto_fips_mode/on |
| 423 | + |
| 424 | +diff --git a/crypto/context.c b/crypto/context.c |
| 425 | +index 83e255cb2563..457ebb0880b4 100644 |
| 426 | +--- a/crypto/context.c |
| 427 | ++++ b/crypto/context.c |
| 428 | +@@ -122,6 +122,11 @@ static int context_init(OSSL_LIB_CTX *ctx) |
| 429 | + if (!ossl_property_parse_init(ctx)) |
| 430 | + goto err; |
| 431 | + |
| 432 | ++#if !defined(FIPS_MODULE) |
| 433 | ++ if (ossl_fips_mode() == 1 && !evp_default_properties_enable_fips_int(ctx, 1, 0)) |
| 434 | ++ goto err; |
| 435 | ++#endif |
| 436 | ++ |
| 437 | + return 1; |
| 438 | + err: |
| 439 | + if (exdata_done) |
| 440 | +diff --git a/crypto/provider_core.c b/crypto/provider_core.c |
| 441 | +index 4cadb6a9f02e..ecfa1e1dd902 100644 |
| 442 | +--- a/crypto/provider_core.c |
| 443 | ++++ b/crypto/provider_core.c |
| 444 | +@@ -544,7 +544,7 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, |
| 445 | + size_t i; |
| 446 | + |
| 447 | + /* Check if this is a predefined builtin provider */ |
| 448 | +- for (p = ossl_predefined_providers; p->name != NULL; p++) { |
| 449 | ++ for (p = ossl_predefined_providers(); p->name != NULL; p++) { |
| 450 | + if (strcmp(p->name, name) == 0) { |
| 451 | + template = *p; |
| 452 | + break; |
| 453 | +@@ -1305,7 +1305,7 @@ static int provider_activate_fallbacks(struct provider_store_st *store) |
| 454 | + return 1; |
| 455 | + } |
| 456 | + |
| 457 | +- for (p = ossl_predefined_providers; p->name != NULL; p++) { |
| 458 | ++ for (p = ossl_predefined_providers(); p->name != NULL; p++) { |
| 459 | + OSSL_PROVIDER *prov = NULL; |
| 460 | + |
| 461 | + if (!p->is_fallback) |
| 462 | +diff --git a/crypto/provider_local.h b/crypto/provider_local.h |
| 463 | +index e0bcbcb9f94e..bfde4dd7cc25 100644 |
| 464 | +--- a/crypto/provider_local.h |
| 465 | ++++ b/crypto/provider_local.h |
| 466 | +@@ -23,7 +23,7 @@ typedef struct { |
| 467 | + unsigned int is_fallback:1; |
| 468 | + } OSSL_PROVIDER_INFO; |
| 469 | + |
| 470 | +-extern const OSSL_PROVIDER_INFO ossl_predefined_providers[]; |
| 471 | ++const OSSL_PROVIDER_INFO *ossl_predefined_providers(void); |
| 472 | + |
| 473 | + void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info); |
| 474 | + int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, |
| 475 | +diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c |
| 476 | +index 068e0b7cd96a..0ee2158a7c47 100644 |
| 477 | +--- a/crypto/provider_predefined.c |
| 478 | ++++ b/crypto/provider_predefined.c |
| 479 | +@@ -9,6 +9,9 @@ |
| 480 | + |
| 481 | + #include <openssl/core.h> |
| 482 | + #include "provider_local.h" |
| 483 | ++#if !defined(FIPS_MODULE) |
| 484 | ++# include "fips_mode.h" |
| 485 | ++#endif |
| 486 | + |
| 487 | + OSSL_provider_init_fn ossl_default_provider_init; |
| 488 | + OSSL_provider_init_fn ossl_base_provider_init; |
| 489 | +@@ -17,7 +20,7 @@ OSSL_provider_init_fn ossl_fips_intern_provider_init; |
| 490 | + #ifdef STATIC_LEGACY |
| 491 | + OSSL_provider_init_fn ossl_legacy_provider_init; |
| 492 | + #endif |
| 493 | +-const OSSL_PROVIDER_INFO ossl_predefined_providers[] = { |
| 494 | ++const OSSL_PROVIDER_INFO providers[] = { |
| 495 | + #ifdef FIPS_MODULE |
| 496 | + { "fips", NULL, ossl_fips_intern_provider_init, NULL, 1 }, |
| 497 | + #else |
| 498 | +@@ -30,3 +33,23 @@ const OSSL_PROVIDER_INFO ossl_predefined_providers[] = { |
| 499 | + #endif |
| 500 | + { NULL, NULL, NULL, NULL, 0 } |
| 501 | + }; |
| 502 | ++ |
| 503 | ++#if !defined(FIPS_MODULE) |
| 504 | ++const OSSL_PROVIDER_INFO fips_providers[] = { |
| 505 | ++ { "fips", NULL, NULL, NULL, 1 }, |
| 506 | ++ { "base", NULL, ossl_base_provider_init, NULL, 1 }, |
| 507 | ++ { "default", NULL, ossl_default_provider_init, NULL, 0 }, |
| 508 | ++ { "null", NULL, ossl_null_provider_init, NULL, 0 }, |
| 509 | ++ { NULL, NULL, NULL, NULL, 0 } |
| 510 | ++}; |
| 511 | ++#endif |
| 512 | ++ |
| 513 | ++const OSSL_PROVIDER_INFO *ossl_predefined_providers(void) |
| 514 | ++{ |
| 515 | ++#if !defined(FIPS_MODULE) |
| 516 | ++ if (ossl_fips_mode() == 1) |
| 517 | ++ return fips_providers; |
| 518 | ++#endif |
| 519 | ++ |
| 520 | ++ return providers; |
| 521 | ++} |
| 522 | +diff --git a/doc/man3/EVP_set_default_properties.pod b/doc/man3/EVP_set_default_properties.pod |
| 523 | +index 2d862772c251..3ee3f10566dd 100644 |
| 524 | +--- a/doc/man3/EVP_set_default_properties.pod |
| 525 | ++++ b/doc/man3/EVP_set_default_properties.pod |
| 526 | +@@ -34,7 +34,8 @@ query for the given I<libctx>. It merges the fips default property query with an |
| 527 | + existing query strings that have been set via EVP_set_default_properties(). |
| 528 | + |
| 529 | + EVP_default_properties_is_fips_enabled() indicates if 'fips=yes' is a default |
| 530 | +-property for the given I<libctx>. |
| 531 | ++property for the given I<libctx>. This is the default for every I<libctx> on |
| 532 | ++systems that are operaring in FIPS-approved mode. |
| 533 | + |
| 534 | + =head1 NOTES |
| 535 | + |
| 536 | +diff --git a/doc/man5/config.pod b/doc/man5/config.pod |
| 537 | +index 8d312c661fa0..e35368c13da1 100644 |
| 538 | +--- a/doc/man5/config.pod |
| 539 | ++++ b/doc/man5/config.pod |
| 540 | +@@ -275,11 +275,13 @@ available to the provider. |
| 541 | + |
| 542 | + =head3 Default provider and its activation |
| 543 | + |
| 544 | +-If no providers are activated explicitly, the default one is activated implicitly. |
| 545 | +-See L<OSSL_PROVIDER-default(7)> for more details. |
| 546 | ++If no providers are activated explicitly, either the default provider or |
| 547 | ++FIPS provider are activated implicitly depending on the environment. |
| 548 | ++See L<crypto(7)>, L<OSSL_PROVIDER-default(7)> and L<OSSL_PROVIDER-FIPS(7)> for |
| 549 | ++more details. |
| 550 | + |
| 551 | + If you add a section explicitly activating any other provider(s), |
| 552 | +-you most probably need to explicitly activate the default provider, |
| 553 | ++you most probably need to explicitly activate the default or FIPS provider, |
| 554 | + otherwise it becomes unavailable in openssl. It may make the system remotely unavailable. |
| 555 | + |
| 556 | + =head2 EVP Configuration |
| 557 | +diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod |
| 558 | +index e39d76abdbb8..e6ff52241632 100644 |
| 559 | +--- a/doc/man7/OSSL_PROVIDER-default.pod |
| 560 | ++++ b/doc/man7/OSSL_PROVIDER-default.pod |
| 561 | +@@ -9,9 +9,10 @@ OSSL_PROVIDER-default - OpenSSL default provider |
| 562 | + The OpenSSL default provider supplies the majority of OpenSSL's diverse |
| 563 | + algorithm implementations. If an application doesn't specify anything else |
| 564 | + explicitly (e.g. in the application or via config), then this is the |
| 565 | +-provider that will be used as fallback: It is loaded automatically the |
| 566 | +-first time that an algorithm is fetched from a provider or a function |
| 567 | +-acting on providers is called and no other provider has been loaded yet. |
| 568 | ++provider that will be used as fallback on systems that are not operating in |
| 569 | ++FIPS-approved mode: It is loaded automatically the first time that an algorithm |
| 570 | ++is fetched from a provider or a function acting on providers is called and no |
| 571 | ++other provider has been loaded yet. |
| 572 | + |
| 573 | + If an attempt to load a provider has already been made (whether successful |
| 574 | + or not) then the default provider won't be loaded automatically. Therefore |
| 575 | +diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod |
| 576 | +index c31e10ac29a5..40e421583675 100644 |
| 577 | +--- a/doc/man7/crypto.pod |
| 578 | ++++ b/doc/man7/crypto.pod |
| 579 | +@@ -48,8 +48,22 @@ A provider in OpenSSL is a component that collects together algorithm |
| 580 | + implementations. In order to use an algorithm you must have at least one |
| 581 | + provider loaded that contains an implementation of it. OpenSSL comes with a |
| 582 | + number of providers and they may also be obtained from third parties. If you |
| 583 | +-don't load a provider explicitly (either in program code or via config) then the |
| 584 | +-OpenSSL built-in "default" provider will be automatically loaded. |
| 585 | ++don't load a provider explicitly (either in program code or via config) then one |
| 586 | ++of the following OpenSSL providers will be loaded automatically: |
| 587 | ++ |
| 588 | ++=over 4 |
| 589 | ++ |
| 590 | ++=item * |
| 591 | ++ |
| 592 | ++The built-in "default" provider when running on a system that is not operating |
| 593 | ++in FIPS-approved mode. |
| 594 | ++ |
| 595 | ++=item * |
| 596 | ++ |
| 597 | ++The "fips" provider when running on a system that is operating in FIPS-approved |
| 598 | ++mode. |
| 599 | ++ |
| 600 | ++=back |
| 601 | + |
| 602 | + =head2 Library contexts |
| 603 | + |
| 604 | +@@ -364,9 +378,10 @@ algorithms), the property query string "provider=default" can be used as a |
| 605 | + search criterion for these implementations. The default provider includes all |
| 606 | + of the functionality in the base provider below. |
| 607 | + |
| 608 | +-If you don't load any providers at all then the "default" provider will be |
| 609 | +-automatically loaded. If you explicitly load any provider then the "default" |
| 610 | +-provider would also need to be explicitly loaded if it is required. |
| 611 | ++If you don't load any providers at all and the system is not running in |
| 612 | ++FIPS-approved mode, then the "default" provider will be automatically loaded. |
| 613 | ++If you explicitly load any provider then the "default" provider would also need |
| 614 | ++to be explicitly loaded if it is required. |
| 615 | + |
| 616 | + See L<OSSL_PROVIDER-default(7)>. |
| 617 | + |
| 618 | +@@ -397,6 +412,11 @@ provider can also be selected with the property "fips=yes". The FIPS provider |
| 619 | + may also contain non-approved algorithm implementations and these can be |
| 620 | + selected with the property "fips=no". |
| 621 | + |
| 622 | ++If you don't load any providers at all and the system is running in |
| 623 | ++FIPS-approved mode, then the FIPS provider will be automatically loaded. |
| 624 | ++If you explicitly load any provider then the FIPS provider would also need |
| 625 | ++to be explicitly loaded if it is required. |
| 626 | ++ |
| 627 | + See L<OSSL_PROVIDER-FIPS(7)> and L<fips_module(7)>. |
| 628 | + |
| 629 | + =head2 Legacy provider |
| 630 | +diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod |
| 631 | +index d0861a9dcecc..801075d9d05e 100644 |
| 632 | +--- a/doc/man7/fips_module.pod |
| 633 | ++++ b/doc/man7/fips_module.pod |
| 634 | +@@ -45,6 +45,21 @@ All of the above APIs are deprecated in OpenSSL 3.0 - so a simple rule is to |
| 635 | + avoid using all deprecated functions. See L<migration_guide(7)> for a list of |
| 636 | + deprecated functions. |
| 637 | + |
| 638 | ++=head2 Applications running on systems operating in FIPS-approved mode |
| 639 | ++ |
| 640 | ++When running on systems that are operating in FIPS-approved mode and no |
| 641 | ++providers are loaded explicitly via the application or config, the FIPS module |
| 642 | ++is loaded implicitly as a fallback provider whenever an algorithm is fetched |
| 643 | ++for the first time. The "default" provider is not loaded implicitly in this |
| 644 | ++case, and must be loaded explicitly if it is required by an application. |
| 645 | ++ |
| 646 | ++Every L<OSSL_LIB_CTX(3)> is created with "fips=yes" as a default property in |
| 647 | ++this mode so that algorithm fetches will only fetch algorithms that define |
| 648 | ++this property and are FIPS-approved. To use algorithms that are not FIPS |
| 649 | ++approved, either specify "-fips" or "fips=no" as a property query string with |
| 650 | ++fetching functions, or use the L<EVP_default_properties_enable_fips(3)> function |
| 651 | ++to remove the default property for a specific B<OSSL_LIB_CTX>. |
| 652 | ++ |
| 653 | + =head2 Making all applications use the FIPS module by default |
| 654 | + |
| 655 | + One simple approach is to cause all applications that are using OpenSSL to only |
| 656 | +diff --git a/test/build.info b/test/build.info |
| 657 | +index 416c2270771a..02d9f082d072 100644 |
| 658 | +--- a/test/build.info |
| 659 | ++++ b/test/build.info |
| 660 | +@@ -61,7 +61,7 @@ IF[{- !$disabled{tests} -}] |
| 661 | + keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ |
| 662 | + bio_readbuffer_test user_property_test pkcs7_test upcallstest \ |
| 663 | + provfetchtest prov_config_test rand_test fips_version_test \ |
| 664 | +- nodefltctxtest |
| 665 | ++ nodefltctxtest fips_auto_enable_test |
| 666 | + |
| 667 | + IF[{- !$disabled{'deprecated-3.0'} -}] |
| 668 | + PROGRAMS{noinst}=enginetest |
| 669 | +@@ -599,6 +599,10 @@ IF[{- !$disabled{tests} -}] |
| 670 | + INCLUDE[cmp_client_test]=.. ../include ../apps/include |
| 671 | + DEPEND[cmp_client_test]=../libcrypto.a libtestutil.a |
| 672 | + |
| 673 | ++ SOURCE[fips_auto_enable_test]=fips_auto_enable_test.c |
| 674 | ++ INCLUDE[fips_auto_enable_test]=../include ../apps/include |
| 675 | ++ DEPEND[fips_auto_enable_test]=../libcrypto libtestutil.a |
| 676 | ++ |
| 677 | + # Internal test programs. These are essentially a collection of internal |
| 678 | + # test routines. Some of them need to reach internal symbols that aren't |
| 679 | + # available through the shared library (at least on Linux, Solaris, Windows |
| 680 | +diff --git a/test/fips_auto_enable_test.c b/test/fips_auto_enable_test.c |
| 681 | +new file mode 100644 |
| 682 | +index 000000000000..5135ab1b5772 |
| 683 | +--- /dev/null |
| 684 | ++++ b/test/fips_auto_enable_test.c |
| 685 | +@@ -0,0 +1,106 @@ |
| 686 | ++/* |
| 687 | ++ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. |
| 688 | ++ * |
| 689 | ++ * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 690 | ++ * this file except in compliance with the License. You can obtain a copy |
| 691 | ++ * in the file LICENSE in the source distribution or at |
| 692 | ++ * https://www.openssl.org/source/license.html |
| 693 | ++ */ |
| 694 | ++ |
| 695 | ++#include <openssl/evp.h> |
| 696 | ++#include <openssl/provider.h> |
| 697 | ++#include "testutil.h" |
| 698 | ++ |
| 699 | ++static int badfips; |
| 700 | ++static int context; |
| 701 | ++static int fips; |
| 702 | ++ |
| 703 | ++static int test_fips_auto(void) |
| 704 | ++{ |
| 705 | ++ OSSL_LIB_CTX *libctx = NULL; |
| 706 | ++ EVP_MD *sha256 = NULL; |
| 707 | ++ int is_fips_enabled, fips_loaded, default_loaded; |
| 708 | ++ const char *prov_name, *expected_prov_name = fips ? "fips" : "default"; |
| 709 | ++ int testresult = 0; |
| 710 | ++ |
| 711 | ++ if (context) { |
| 712 | ++ if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) |
| 713 | ++ goto err; |
| 714 | ++ } |
| 715 | ++ |
| 716 | ++ is_fips_enabled = EVP_default_properties_is_fips_enabled(libctx); |
| 717 | ++ |
| 718 | ++ if (!TEST_int_eq(is_fips_enabled, fips)) |
| 719 | ++ goto err; |
| 720 | ++ |
| 721 | ++ sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL); |
| 722 | ++ if (!fips || !badfips) { |
| 723 | ++ if (!TEST_ptr(sha256)) |
| 724 | ++ goto err; |
| 725 | ++ |
| 726 | ++ prov_name = OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256)); |
| 727 | ++ if (!TEST_str_eq(prov_name, expected_prov_name)) |
| 728 | ++ goto err; |
| 729 | ++ } else if (!TEST_ptr_null(sha256)) |
| 730 | ++ goto err; |
| 731 | ++ |
| 732 | ++ fips_loaded = OSSL_PROVIDER_available(libctx, "fips"); |
| 733 | ++ default_loaded = OSSL_PROVIDER_available(libctx, "default"); |
| 734 | ++ |
| 735 | ++ if (!TEST_int_eq(fips_loaded, fips && !badfips) || |
| 736 | ++ !TEST_int_eq(default_loaded, !fips && !badfips)) |
| 737 | ++ goto err; |
| 738 | ++ |
| 739 | ++ testresult = 1; |
| 740 | ++ err: |
| 741 | ++ EVP_MD_free(sha256); |
| 742 | ++ OSSL_LIB_CTX_free(libctx); |
| 743 | ++ return testresult; |
| 744 | ++} |
| 745 | ++ |
| 746 | ++typedef enum OPTION_choice { |
| 747 | ++ OPT_ERR = -1, |
| 748 | ++ OPT_EOF = 0, |
| 749 | ++ OPT_FIPS, |
| 750 | ++ OPT_BAD_FIPS, |
| 751 | ++ OPT_CONTEXT, |
| 752 | ++ OPT_TEST_ENUM |
| 753 | ++} OPTION_CHOICE; |
| 754 | ++ |
| 755 | ++const OPTIONS *test_get_options(void) |
| 756 | ++{ |
| 757 | ++ static const OPTIONS options[] = { |
| 758 | ++ OPT_TEST_OPTIONS_DEFAULT_USAGE, |
| 759 | ++ { "fips", OPT_FIPS, '-', "Test library context in FIPS mode" }, |
| 760 | ++ { "badfips", OPT_BAD_FIPS, '-', "Expect FIPS mode not to work correctly" }, |
| 761 | ++ { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, |
| 762 | ++ { NULL } |
| 763 | ++ }; |
| 764 | ++ return options; |
| 765 | ++} |
| 766 | ++ |
| 767 | ++int setup_tests(void) |
| 768 | ++{ |
| 769 | ++ OPTION_CHOICE o; |
| 770 | ++ |
| 771 | ++ while ((o = opt_next()) != OPT_EOF) { |
| 772 | ++ switch (o) { |
| 773 | ++ case OPT_FIPS: |
| 774 | ++ fips = 1; |
| 775 | ++ break; |
| 776 | ++ case OPT_BAD_FIPS: |
| 777 | ++ badfips = 1; |
| 778 | ++ break; |
| 779 | ++ case OPT_CONTEXT: |
| 780 | ++ context = 1; |
| 781 | ++ break; |
| 782 | ++ case OPT_TEST_CASES: |
| 783 | ++ break; |
| 784 | ++ default: |
| 785 | ++ return 0; |
| 786 | ++ } |
| 787 | ++ } |
| 788 | ++ |
| 789 | ++ ADD_TEST(test_fips_auto); |
| 790 | ++ return 1; |
| 791 | ++} |
| 792 | +diff --git a/test/recipes/04-test_auto_fips_mode.t b/test/recipes/04-test_auto_fips_mode.t |
| 793 | +new file mode 100644 |
| 794 | +index 000000000000..fcd4b3d4e8a3 |
| 795 | +--- /dev/null |
| 796 | ++++ b/test/recipes/04-test_auto_fips_mode.t |
| 797 | +@@ -0,0 +1,50 @@ |
| 798 | ++#! /usr/bin/env perl |
| 799 | ++# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. |
| 800 | ++# |
| 801 | ++# Licensed under the Apache License 2.0 (the "License"). You may not use |
| 802 | ++# this file except in compliance with the License. You can obtain a copy |
| 803 | ++# in the file LICENSE in the source distribution or at |
| 804 | ++# https://www.openssl.org/source/license.html |
| 805 | ++ |
| 806 | ++use strict; |
| 807 | ++use warnings; |
| 808 | ++ |
| 809 | ++use File::Spec::Functions qw/curdir/; |
| 810 | ++use OpenSSL::Test qw/:DEFAULT srctop_dir/; |
| 811 | ++use OpenSSL::Test::Utils; |
| 812 | ++use Cwd qw(abs_path); |
| 813 | ++ |
| 814 | ++BEGIN { |
| 815 | ++ setup("test_auto_fips_mode"); |
| 816 | ++} |
| 817 | ++ |
| 818 | ++my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
| 819 | ++ |
| 820 | ++plan tests => ($no_fips ? 5 : 7); |
| 821 | ++ |
| 822 | ++$ENV{OPENSSL_FIPS_MODE_SWITCH_PATH} = abs_path(srctop_dir("test", "recipes", |
| 823 | ++ "04-test_auto_fips_mode", "notexist")); |
| 824 | ++ok(run(test(["fips_auto_enable_test"])), "running fips_auto_enable_test"); |
| 825 | ++ok(run(test(["fips_auto_enable_test", "-context"])), |
| 826 | ++ "running fips_auto_enable_test -context"); |
| 827 | ++ |
| 828 | ++$ENV{OPENSSL_FIPS_MODE_SWITCH_PATH} = abs_path(srctop_dir("test", "recipes", |
| 829 | ++ "04-test_auto_fips_mode", "off")); |
| 830 | ++ok(run(test(["fips_auto_enable_test"])), |
| 831 | ++ "running fips_auto_enable_test with FIPS mode off"); |
| 832 | ++ok(run(test(["fips_auto_enable_test", "-context"])), |
| 833 | ++ "running fips_auto_enable_test -context with FIPS mode off"); |
| 834 | ++ |
| 835 | ++$ENV{OPENSSL_FIPS_MODE_SWITCH_PATH} = abs_path(srctop_dir("test", "recipes", |
| 836 | ++ "04-test_auto_fips_mode", "on")); |
| 837 | ++ |
| 838 | ++unless($no_fips) { |
| 839 | ++ ok(run(test(["fips_auto_enable_test", "-fips"])), |
| 840 | ++ "running fips_auto_enable_test -fips"); |
| 841 | ++ ok(run(test(["fips_auto_enable_test", "-context", "-fips"])), |
| 842 | ++ "running fips_auto_enable_test -context -fips"); |
| 843 | ++} |
| 844 | ++ |
| 845 | ++$ENV{OPENSSL_MODULES} = curdir(); |
| 846 | ++ok(run(test(["fips_auto_enable_test", "-fips", "-badfips"])), |
| 847 | ++ "running fips_auto_enable_test -fips -badfips"); |
| 848 | +diff --git a/test/recipes/04-test_auto_fips_mode/off b/test/recipes/04-test_auto_fips_mode/off |
| 849 | +new file mode 100644 |
| 850 | +index 000000000000..573541ac9702 |
| 851 | +--- /dev/null |
| 852 | ++++ b/test/recipes/04-test_auto_fips_mode/off |
| 853 | +@@ -0,0 +1 @@ |
| 854 | ++0 |
| 855 | +diff --git a/test/recipes/04-test_auto_fips_mode/on b/test/recipes/04-test_auto_fips_mode/on |
| 856 | +new file mode 100644 |
| 857 | +index 000000000000..d00491fd7e5b |
| 858 | +--- /dev/null |
| 859 | ++++ b/test/recipes/04-test_auto_fips_mode/on |
| 860 | +@@ -0,0 +1 @@ |
| 861 | ++1 |
| 862 | +diff --git a/test/run_tests.pl b/test/run_tests.pl |
| 863 | +index 4384ebe28e0d..b52d5b7ee05e 100644 |
| 864 | +--- a/test/run_tests.pl |
| 865 | ++++ b/test/run_tests.pl |
| 866 | +@@ -37,6 +37,7 @@ $ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl.cnf")); |
| 867 | + $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test")); |
| 868 | + $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); |
| 869 | + $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); |
| 870 | ++$ENV{OPENSSL_FIPS_MODE_SWITCH_PATH} = "/nonexistant"; |
| 871 | + $ENV{CTLOG_FILE} = rel2abs(catfile($srctop, "test", "ct", "log_list.cnf")); |
| 872 | + |
| 873 | + my %tapargs = |
| 874 | diff --git a/debian/patches/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch b/debian/patches/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch |
| 875 | new file mode 100644 |
| 876 | index 0000000..3b2b15f |
| 877 | --- /dev/null |
| 878 | +++ b/debian/patches/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch |
| 879 | @@ -0,0 +1,57 @@ |
| 880 | +From: Chris Coulson <chris.coulson@canonical.com> |
| 881 | +Date: Thu, 30 Mar 2023 16:10:16 +0100 |
| 882 | +Subject: test: Ensure encoding runs with the correct context during |
| 883 | + test_encoder_decoder |
| 884 | + |
| 885 | +Forwarded: no |
| 886 | +Applied-Upstream: no |
| 887 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2056593 |
| 888 | + |
| 889 | +This test uses 2 library contexts - one context for creating initial test keys, |
| 890 | +and then another context (or the default context) for running tests. There is an |
| 891 | +issue that during the encoding tests, the OSSL_ENCODER_CTX is created from the |
| 892 | +created EVP_PKEYs, which are associated with the library context used to create |
| 893 | +the keys. This means that encoding tests run with the wrong library context, |
| 894 | +which always uses the default provider. |
| 895 | +--- |
| 896 | + test/endecode_test.c | 15 +++++++++++++-- |
| 897 | + 1 file changed, 13 insertions(+), 2 deletions(-) |
| 898 | + |
| 899 | +diff --git a/test/endecode_test.c b/test/endecode_test.c |
| 900 | +index 5158b39ee41f..ce6febe619a8 100644 |
| 901 | +--- a/test/endecode_test.c |
| 902 | ++++ b/test/endecode_test.c |
| 903 | +@@ -105,11 +105,12 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) |
| 904 | + static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, |
| 905 | + OSSL_PARAM *genparams) |
| 906 | + { |
| 907 | +- EVP_PKEY *pkey = NULL; |
| 908 | ++ EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; |
| 909 | + EVP_PKEY_CTX *ctx = |
| 910 | + template != NULL |
| 911 | + ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) |
| 912 | + : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); |
| 913 | ++ OSSL_PARAM *params = NULL; |
| 914 | + |
| 915 | + /* |
| 916 | + * No real need to check the errors other than for the cascade |
| 917 | +@@ -119,8 +120,18 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, |
| 918 | + && EVP_PKEY_keygen_init(ctx) > 0 |
| 919 | + && (genparams == NULL |
| 920 | + || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) |
| 921 | +- && EVP_PKEY_keygen(ctx, &pkey) > 0); |
| 922 | ++ && EVP_PKEY_keygen(ctx, &tmp_pkey) > 0); |
| 923 | ++ EVP_PKEY_CTX_free(ctx); |
| 924 | ++ |
| 925 | ++ (void)(tmp_pkey != NULL |
| 926 | ++ && ((ctx = EVP_PKEY_CTX_new_from_name(testctx, type, testpropq)) != NULL) |
| 927 | ++ && EVP_PKEY_todata(pkey, EVP_PKEY_KEYPAIR, ¶ms) > 0 |
| 928 | ++ && EVP_PKEY_fromdata_init(ctx) > 0 |
| 929 | ++ && EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) > 0); |
| 930 | ++ OSSL_PARAM_free(params); |
| 931 | + EVP_PKEY_CTX_free(ctx); |
| 932 | ++ EVP_PKEY_free(tmp_pkey); |
| 933 | ++ |
| 934 | + return pkey; |
| 935 | + } |
| 936 | + #endif |
| 937 | diff --git a/debian/patches/intel/002-vaes_gcm_avx512_fix.patch b/debian/patches/intel/002-vaes_gcm_avx512_fix.patch |
| 938 | new file mode 100644 |
| 939 | index 0000000..da94b6f |
| 940 | --- /dev/null |
| 941 | +++ b/debian/patches/intel/002-vaes_gcm_avx512_fix.patch |
| 942 | @@ -0,0 +1,63 @@ |
| 943 | +diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc |
| 944 | +index 8f279d0c7..ec91327fd 100644 |
| 945 | +--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc |
| 946 | ++++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc |
| 947 | +@@ -48,7 +48,6 @@ static int vaes_gcm_setkey(PROV_GCM_CTX *ctx, const unsigned char *key, |
| 948 | + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; |
| 949 | + AES_KEY *ks = &actx->ks.ks; |
| 950 | + |
| 951 | +- ctx->ks = ks; |
| 952 | + aesni_set_encrypt_key(key, keylen * 8, ks); |
| 953 | + memset(gcmctx, 0, sizeof(*gcmctx)); |
| 954 | + gcmctx->key = ks; |
| 955 | +@@ -77,7 +76,7 @@ static int vaes_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, |
| 956 | + if (ivlen > (U64(1) << 61)) |
| 957 | + return 0; |
| 958 | + |
| 959 | +- ossl_aes_gcm_setiv_avx512(ctx->ks, gcmctx, iv, ivlen); |
| 960 | ++ ossl_aes_gcm_setiv_avx512(gcmctx->key, gcmctx, iv, ivlen); |
| 961 | + |
| 962 | + return 1; |
| 963 | + } |
| 964 | +@@ -162,9 +161,9 @@ static int vaes_gcm_cipherupdate(PROV_GCM_CTX *ctx, const unsigned char *in, |
| 965 | + } |
| 966 | + |
| 967 | + if (ctx->enc) |
| 968 | +- ossl_aes_gcm_encrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in, len, out); |
| 969 | ++ ossl_aes_gcm_encrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in, len, out); |
| 970 | + else |
| 971 | +- ossl_aes_gcm_decrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in, len, out); |
| 972 | ++ ossl_aes_gcm_decrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in, len, out); |
| 973 | + |
| 974 | + return 1; |
| 975 | + } |
| 976 | +diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h |
| 977 | +index 7c4a548f9..b482af78d 100644 |
| 978 | +--- a/providers/implementations/include/prov/ciphercommon_gcm.h |
| 979 | ++++ b/providers/implementations/include/prov/ciphercommon_gcm.h |
| 980 | +@@ -75,7 +75,6 @@ typedef struct prov_gcm_ctx_st { |
| 981 | + const PROV_GCM_HW *hw; /* hardware specific methods */ |
| 982 | + GCM128_CONTEXT gcm; |
| 983 | + ctr128_f ctr; |
| 984 | +- const void *ks; |
| 985 | + } PROV_GCM_CTX; |
| 986 | + |
| 987 | + PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, |
| 988 | +@@ -122,7 +121,6 @@ int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, |
| 989 | + size_t len, unsigned char *out); |
| 990 | + |
| 991 | + #define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ |
| 992 | +- ctx->ks = ks; \ |
| 993 | + fn_set_enc_key(key, keylen * 8, ks); \ |
| 994 | + CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ |
| 995 | + ctx->ctr = (ctr128_f)fn_ctr; \ |
| 996 | + |
| 997 | +Subject: Avoid having another copy of key schedule in PROV_GCM_CTX |
| 998 | +Author: Dan Zimmerman |
| 999 | +Forwarded: not-needed, https://github.com/openssl/openssl/pull/22384 |
| 1000 | +Applied-Upstream: yes |
| 1001 | +Acked-by: or Reviewed-by; reviewer as Name and email, can be repeated |
| 1002 | +Bug: https://github.com/openssl/openssl/commit/143ca66cf00c88950d689a8aa0c89888052669f4 |
| 1003 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2030784/comments |
| 1004 | +Origin: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2030784/comments/10 |
| 1005 | +Last-Update: 2024-03-11 |
| 1006 | diff --git a/debian/patches/series b/debian/patches/series |
| 1007 | index 7c3b688..14e11b9 100644 |
| 1008 | --- a/debian/patches/series |
| 1009 | +++ b/debian/patches/series |
| 1010 | @@ -15,6 +15,12 @@ skip_tls1.1_seclevel3_tests.patch |
| 1011 | |
| 1012 | ## AVX512 support patches (LP #2030784) |
| 1013 | intel/0001-Dual-1536-2048-bit-exponentiation-optimization-for-I.patch |
| 1014 | -# Skipped due to issues appearing in the testsuite on 3.0.13 following dupctx |
| 1015 | -# changes in 3.0.13 |
| 1016 | -# intel/0002-AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ.patch |
| 1017 | +intel/0002-AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ.patch |
| 1018 | +intel/002-vaes_gcm_avx512_fix.patch |
| 1019 | + |
| 1020 | +# FIPS patches |
| 1021 | +fips/crypto-Add-kernel-FIPS-mode-detection.patch |
| 1022 | +fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch |
| 1023 | +fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch |
| 1024 | +fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch |
| 1025 | +fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch |
| 1026 | diff --git a/debian/rules b/debian/rules |
| 1027 | index 1e2ba2b..a6eef69 100755 |
| 1028 | --- a/debian/rules |
| 1029 | +++ b/debian/rules |
| 1030 | @@ -11,7 +11,7 @@ |
| 1031 | include /usr/share/dpkg/architecture.mk |
| 1032 | include /usr/share/dpkg/pkg-info.mk |
| 1033 | |
| 1034 | -export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+lfs |
| 1035 | +export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+lfs optimize=-lto |
| 1036 | |
| 1037 | SHELL=/bin/bash |
| 1038 |
Uploaded, with a couple of small fixups in the AVX512 patch. As a result the g-u importer won't be able to close this MP, so could you do it manually Adrien? TIA :)