Alright, 0046-signature-Clamp-PSS-salt-len-to-MD-len.patch has been merged upstream for openssl 3.1: https://github.com/openssl/openssl/commit/6c73ca4a2f4ea71f4a880670624e7b2fdb6f32da
No concern for OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX and RSA_PSS_SALTLEN_AUTO_DIGEST_MAX in openssl >= 3.1 and therefore Oracular. This would need more careful examination for an SRU to Noble. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2073991 Title: Add FIPS defines to Noble OpenSSL header files Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Noble: Confirmed Status in openssl source package in Oracular: Won't Fix Bug description: Release: Noble OpenSSL version: 3.0.13-0ubuntu3.1 The Noble FIPS release only produces the FIPS provider library. In previous versions, like Jammy, the FIPS release also produced a libssl-dev that contained the FIPS changes to the header files needed for compiling against the FIPS library. For Noble, it was planned to rely on the standard libssl-dev release and to have all of the needed defines already present in that standard release. In the Atsec review of the Noble FIPS release, it was discovered that the FIPS patches make changes to three header files which did not get included in the standard Noble libssl-dev release. The request is to add these changes into the Noble OpenSSL release: From 0010-providers-Add-a-FIPS-status-indicator.patch: include/openssl/fips_names.h /* * The module status indicator for the FIPS provider. This is queried from * the provider. * Type: OSSL_PARAM_INTEGER */ # define UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE "ubuntu.fips-unapproved-usage" From 0046-signature-Clamp-PSS-salt-len-to-MD-len.patch include/openssl/core_names.h: #define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" include/openssl/rsa.h /* Auto-detect on verify, set salt length to min(maximum possible, digest * length) on sign */ # define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4 From 0049-crypto-dh-perform-a-PCT-during-key-generation.patch include/openssl/self_test.h # define UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH "DH" Atsec is asking for the "UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE" define so that is the priority. The other defines were found by searching the FIPS openssl patches for changes to files in the include/openssl directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2073991/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
