diff --git a/.crypto-policies.metadata b/.crypto-policies.metadata new file mode 100644 index 0000000..f297cc6 --- /dev/null +++ b/.crypto-policies.metadata @@ -0,0 +1 @@ +fde6f5eef3fa66d2b12ad3291cfef680727fdc42 SOURCES/crypto-policies-git9a35207.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..03f5faa --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/crypto-policies-git9a35207.tar.gz diff --git a/SOURCES/crypto-policies-java-fix.patch b/SOURCES/crypto-policies-java-fix.patch new file mode 100644 index 0000000..debb3a4 --- /dev/null +++ b/SOURCES/crypto-policies-java-fix.patch @@ -0,0 +1,71 @@ +commit 2ff4c6d3791a0ad581181997ee5a04b83b7c7341 +Author: Tomas Mraz +Date: Thu Jan 31 16:23:52 2019 +0100 + + java: Allow incorrectly disabled RSA certificates in TLS + + The FUTURE and NEXT policies incorrectly disabled RSA certificates, + allow them. + +diff --git a/back-ends/java.pl b/back-ends/java.pl +index 0789251..325544a 100644 +--- a/back-ends/java.pl ++++ b/back-ends/java.pl +@@ -72,7 +72,7 @@ my %key_exchange_not_map = ( + 'EXPORT' => 'RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT', + 'DH' => 'DH_RSA, DH_DSS', + 'ANON' => 'DH_anon, ECDH_anon', +- 'RSA' => 'RSA', ++ 'RSA' => 'TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256', + 'DHE-RSA' => 'DHE_RSA', + 'DHE-DSS' => 'DHE_DSS', + 'ECDHE' => 'ECDHE', +diff --git a/tests/outputs/EMPTY-java.txt b/tests/outputs/EMPTY-java.txt +index 0011734..3cf0e2a 100644 +--- a/tests/outputs/EMPTY-java.txt ++++ b/tests/outputs/EMPTY-java.txt +@@ -1,4 +1,4 @@ + jdk.tls.ephemeralDHKeySize=0 + jdk.certpath.disabledAlgorithms=MD2, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512, SHA1, MD5, DSA, RSA keySize < 0 +-jdk.tls.disabledAlgorithms=DH keySize < 0, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, ECDHE, RSA, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5 ++jdk.tls.disabledAlgorithms=DH keySize < 0, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, ECDHE, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5 + jdk.tls.legacyAlgorithms= +diff --git a/tests/outputs/FIPS-java.txt b/tests/outputs/FIPS-java.txt +index 808778c..d9fe8aa 100644 +--- a/tests/outputs/FIPS-java.txt ++++ b/tests/outputs/FIPS-java.txt +@@ -1,4 +1,4 @@ + jdk.tls.ephemeralDHKeySize=2048 + jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=DH keySize < 2048, SSLv2, SSLv3, TLSv1, TLSv1.1, RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacMD5 ++jdk.tls.disabledAlgorithms=DH keySize < 2048, SSLv2, SSLv3, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacMD5 + jdk.tls.legacyAlgorithms= +diff --git a/tests/outputs/FUTURE-java.txt b/tests/outputs/FUTURE-java.txt +index fd2db04..9d57348 100644 +--- a/tests/outputs/FUTURE-java.txt ++++ b/tests/outputs/FUTURE-java.txt +@@ -1,4 +1,4 @@ + jdk.tls.ephemeralDHKeySize=3072 + jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 3072 +-jdk.tls.disabledAlgorithms=DH keySize < 3072, SSLv2, SSLv3, TLSv1, TLSv1.1, RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_128_GCM, AES_128_CCM, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacSHA1, HmacMD5 ++jdk.tls.disabledAlgorithms=DH keySize < 3072, SSLv2, SSLv3, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_128_GCM, AES_128_CCM, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacSHA1, HmacMD5 + jdk.tls.legacyAlgorithms= +diff -up crypto-policies/tests/java.pl.java-fix crypto-policies/tests/java.pl +--- crypto-policies/tests/java.pl.java-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/tests/java.pl 2019-02-08 10:05:28.152358692 +0100 +@@ -45,14 +45,7 @@ foreach my $policy (@profiles::common::p + } + + my $lines=`cat $TMPFILE2|wc -l`; +- if ("$policy" eq "EMPTY") { +- if ($lines >= 2) { # we allow the SCSV +- print "Empty policy has ciphersuites!\n"; +- print "Policy: $tmp\n"; +- system("cat $TMPFILE2"); +- exit 1; +- } +- } else { ++ if ("$policy" ne "EMPTY") { + system("grep \"TLS_EMPTY_RENEGOTIATION_INFO_SCSV\" $TMPFILE2 >/dev/null 2>&1"); + + if ($? != 0) { diff --git a/SOURCES/crypto-policies-libreswan-fix.patch b/SOURCES/crypto-policies-libreswan-fix.patch new file mode 100644 index 0000000..8b15c7e --- /dev/null +++ b/SOURCES/crypto-policies-libreswan-fix.patch @@ -0,0 +1,232 @@ +diff -up crypto-policies/back-ends/libreswan.pl.libreswan-fix crypto-policies/back-ends/libreswan.pl +--- crypto-policies/back-ends/libreswan.pl.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/back-ends/libreswan.pl 2019-02-18 10:34:57.525777928 +0100 +@@ -26,7 +26,9 @@ sub append { + + my %group_map = ( + 'X448' => '', +- 'X25519' => '', #dh31 - not in f28 ++ 'X25519' => '', ++# Disabled for now as it cannot be prioritized over others ++# 'X25519' => 'dh31', + 'SECP256R1' => 'dh19', + 'SECP384R1' => 'dh20', + 'SECP521R1' => 'dh21', +@@ -38,31 +40,42 @@ my %group_map = ( + 'FFDHE-8192' => 'dh18' + ); + ++my %cipher_map = ( ++ 'AES-256-CBC' => 'aes256', ++ 'AES-128-CBC' => 'aes128', ++ 'AES-256-GCM' => 'aes_gcm256', ++ 'AES-128-GCM' => 'aes_gcm128', ++ 'CHACHA20-POLY1305' => 'chacha20_poly1305', ++# Unused for IKEv2 ++# '3DES-CBC' => '3des', ++); ++ + my %cipher_prf_map = ( +- 'AES-256-CBC-HMAC-SHA2-512' => 'aes256-sha2_512', +- 'AES-256-CBC-HMAC-SHA2-256' => 'aes256-sha2_256', +- 'AES-128-CBC-HMAC-SHA2-256' => 'aes128-sha2_256', +- 'AES-256-CBC-HMAC-SHA1' => 'aes256-sha1', +- 'AES-128-CBC-HMAC-SHA1' => 'aes128-sha1', +- 'AES-256-GCM-HMAC-SHA2-512' => 'aes_gcm256-sha2_512', +- 'AES-256-GCM-HMAC-SHA2-256' => 'aes_gcm256-sha2_256', +- 'AES-128-GCM-HMAC-SHA2-512' => 'aes_gcm128-sha2_512', +- 'AES-128-GCM-HMAC-SHA2-256' => 'aes_gcm128-sha2_256', +- 'CHACHA20-POLY1305-HMAC-SHA2-512' => 'chacha20_poly1305-sha2_512', +- 'CHACHA20-POLY1305-HMAC-SHA2-256' => 'chacha20_poly1305-sha2_256', +- '3DES-CBC-HMAC-SHA1' => '3des-sha1', ++ 'AES-256-CBC-HMAC-SHA2-512' => 'sha2_512', ++ 'AES-256-CBC-HMAC-SHA2-256' => 'sha2_256', ++ 'AES-128-CBC-HMAC-SHA2-256' => 'sha2_256', ++# Not needed for IKEv2 ++# 'AES-256-CBC-HMAC-SHA1' => 'sha1', ++# 'AES-128-CBC-HMAC-SHA1' => 'sha1', ++ 'AES-256-GCM-HMAC-SHA2-512' => 'sha2_512', ++ 'AES-256-GCM-HMAC-SHA2-256' => 'sha2_256', ++ 'AES-128-GCM-HMAC-SHA2-512' => 'sha2_512', ++ 'AES-128-GCM-HMAC-SHA2-256' => 'sha2_256', ++ 'CHACHA20-POLY1305-HMAC-SHA2-512' => 'sha2_512', ++ 'CHACHA20-POLY1305-HMAC-SHA2-256' => 'sha2_256', ++# '3DES-CBC-HMAC-SHA1' => 'sha1', + ); + + my %cipher_mac_map = ( +- 'AES-256-CBC-HMAC-SHA2-512' => 'aes256-sha2_512', +- 'AES-256-CBC-HMAC-SHA2-256' => 'aes256-sha2_256', +- 'AES-128-CBC-HMAC-SHA2-256' => 'aes128-sha2_256', +- 'AES-256-CBC-HMAC-SHA1' => 'aes256-sha1', +- 'AES-128-CBC-HMAC-SHA1' => 'aes128-sha1', +- 'AES-256-GCM-AEAD' => 'aes_gcm256', +- 'AES-128-GCM-AEAD' => 'aes_gcm128', +- 'CHACHA20-POLY1305-AEAD' => 'chacha20_poly1305', +- '3DES-CBC-HMAC-SHA1' => '3des-sha1', ++ 'AES-256-CBC-HMAC-SHA2-512' => 'sha2_512', ++ 'AES-256-CBC-HMAC-SHA2-256' => 'sha2_256', ++ 'AES-128-CBC-HMAC-SHA2-256' => 'sha2_256', ++ 'AES-256-CBC-HMAC-SHA1' => 'sha1', ++ 'AES-128-CBC-HMAC-SHA1' => 'sha1', ++ 'AES-256-GCM-AEAD' => '', ++ 'AES-128-GCM-AEAD' => '', ++ 'CHACHA20-POLY1305-AEAD' => '', ++# '3DES-CBC-HMAC-SHA1' => '3des-sha1', + ); + + my %protocol_map = ( +@@ -147,35 +160,52 @@ sub generate_temp_policy() { + $tmp = ''; + + my $cipher; ++ my $cm; + my $group; + my $mac; ++ my $mm; + my $combo; + + %mac_prio_map = %mac_ike_prio_map; + my @sorted_mac_list = sort compare @mac_list; + +- foreach (@group_list) { +- $group = $group_map{$_}; +- if (!defined($group) || $group eq '') { ++ ++ foreach (@cipher_list) { ++ $cipher = $_; ++ $cm = $cipher_map{$cipher}; ++ if (!defined($cm)) { ++# print STDERR "libreswan: unknown cipher: $cipher\n"; + next; + } ++ $combo = $cm."-"; ++ foreach (@sorted_mac_list) { ++ $mac = $_; + +- foreach (@cipher_list) { +- $cipher = $_; +- foreach (@sorted_mac_list) { +- $mac = $_; +- +- my $cm=$cipher."-".$mac; +- $combo = $cipher_prf_map{$cm}; +- +- if (!defined($combo)) { +-# print STDERR "libreswan: unknown combo: $cipher-$mac\n"; +- next; +- } ++ $mm = $cipher_prf_map{$cipher."-".$mac}; + +- append("${combo};${group}", \$tmp); ++ if (!defined($mm)) { ++# print STDERR "libreswan: unknown combo: $cipher-$mac\n"; ++ next; + } ++ ++ $combo = $combo.$mm."+"; + } ++ ++ my $lastc = substr($combo, -1); ++ if ($lastc eq "-") { ++ next; ++ } ++ # Replace the last + with - ++ substr($combo, -1) = "-"; ++ foreach (@group_list) { ++ $group = $group_map{$_}; ++ if (!defined($group) || $group eq '') { ++ next; ++ } ++ $combo = $combo.$group."+"; ++ } ++ substr($combo, -1) = ''; ++ append("${combo}", \$tmp); + } + + if ($tmp ne '') { +@@ -189,20 +219,35 @@ sub generate_temp_policy() { + $tmp = ''; + foreach (@cipher_list) { + $cipher = $_; ++ $cm = $cipher_map{$cipher}; ++ if (!defined($cm)) { ++# print STDERR "libreswan: unknown cipher: $cipher\n"; ++ next; ++ } ++ $combo = $cm."-"; + foreach (@sorted_mac_list) { + $mac = $_; + +- my $cm=$cipher."-".$mac; +- $combo = $cipher_mac_map{$cm}; ++ $mm = $cipher_mac_map{$cipher."-".$mac}; + +- if (!defined($combo)) { ++ if (!defined($mm)) { + next; + } + +- if ($tmp !~ $combo) { +- append("${combo}", \$tmp); ++ if ($mm eq '') { ++ # Special handling for AEAD ++ substr($combo, -1) = '+'; ++ } else { ++ $combo = $combo.$mm."+"; + } + } ++ ++ my $lastc = substr($combo, -1); ++ if ($lastc eq "-") { ++ next; ++ } ++ substr($combo, -1) = ''; ++ append("${combo}", \$tmp); + } + + if ($tmp ne '') { +diff -up crypto-policies/tests/outputs/DEFAULT-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/DEFAULT-libreswan.txt +--- crypto-policies/tests/outputs/DEFAULT-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/tests/outputs/DEFAULT-libreswan.txt 2019-02-18 10:34:57.526777910 +0100 +@@ -1,5 +1,5 @@ + conn %default + ikev2=insist + pfs=yes +- ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,chacha20_poly1305-sha2_512;dh14,chacha20_poly1305-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18 +- esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256 ++ ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18 ++ esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 +diff -up crypto-policies/tests/outputs/FIPS-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/FIPS-libreswan.txt +--- crypto-policies/tests/outputs/FIPS-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/tests/outputs/FIPS-libreswan.txt 2019-02-18 10:34:57.526777910 +0100 +@@ -1,5 +1,5 @@ + conn %default + ikev2=insist + pfs=yes +- ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18 +- esp=aes_gcm256,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256 ++ ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18 ++ esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 +diff -up crypto-policies/tests/outputs/FUTURE-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/FUTURE-libreswan.txt +--- crypto-policies/tests/outputs/FUTURE-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/tests/outputs/FUTURE-libreswan.txt 2019-02-18 10:34:57.527777893 +0100 +@@ -1,5 +1,5 @@ + conn %default + ikev2=insist + pfs=yes +- ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18 +- esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha2_256 ++ ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18 ++ esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha2_256 +diff -up crypto-policies/tests/outputs/LEGACY-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/LEGACY-libreswan.txt +--- crypto-policies/tests/outputs/LEGACY-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 ++++ crypto-policies/tests/outputs/LEGACY-libreswan.txt 2019-02-18 10:34:57.527777893 +0100 +@@ -1,5 +1,5 @@ + conn %default + ikev2=insist + pfs=yes +- ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,3des-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,3des-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,3des-sha1;dh21,aes_gcm256-sha2_512;dh5,aes_gcm256-sha2_256;dh5,chacha20_poly1305-sha2_512;dh5,chacha20_poly1305-sha2_256;dh5,aes256-sha2_512;dh5,aes256-sha2_256;dh5,aes256-sha1;dh5,aes_gcm128-sha2_512;dh5,aes_gcm128-sha2_256;dh5,aes128-sha2_256;dh5,aes128-sha1;dh5,3des-sha1;dh5,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,chacha20_poly1305-sha2_512;dh14,chacha20_poly1305-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,3des-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,3des-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,3des-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18,3des-sha1;dh18 +- esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256,3des-sha1 ++ ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18 ++ esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 diff --git a/SOURCES/crypto-policies-manpage.patch b/SOURCES/crypto-policies-manpage.patch new file mode 100644 index 0000000..75cb539 --- /dev/null +++ b/SOURCES/crypto-policies-manpage.patch @@ -0,0 +1,55 @@ +diff --git a/update-crypto-policies.8.txt b/update-crypto-policies.8.txt +index 7a1564c..3655ba8 100644 +--- a/update-crypto-policies.8.txt ++++ b/update-crypto-policies.8.txt +@@ -32,24 +32,13 @@ SYNOPSIS + + DESCRIPTION + ----------- +-update-crypto-policies(8) is used to set the policy applicable for the ++*update-crypto-policies(8)* is used to set the policy applicable for the + various cryptographic back-ends, such as SSL/TLS libraries. That will + be the default policy used by these back-ends unless the application user + configures them otherwise. + +-The available policies are restricted to the following profiles. +- +-* LEGACY: Ensures maximum compatibility with legacy systems (64-bit +- security) +- +-* DEFAULT: A reasonable default for today's standards (80-bit security). +- +-* FUTURE: A level that will provide security on a conservative level that is +- believed to withstand any near-term future attacks (112-bit security). +- +-* FIPS: Policy that enables only FIPS 140-2 approved or allowed algorithms. +- +-* EMPTY: All cryptographic algorithms are disabled (used for debugging only) ++The available policies are described in the *crypto-policies(7)* manual ++page. + + The desired system policy is selected in /etc/crypto-policies/config + and this tool will generate the individual policy requirements for +@@ -201,10 +190,11 @@ In case of a parsing error no policies will be updated. + FILES + ----- + /etc/crypto-policies/config:: +- The file contains the current system policy. It should contain a string of one of the profiles listed above (e.g., DEFAULT). ++ The file contains the current system policy. It should contain a string of one of the ++ profiles listed in the *crypto-policies(7)* page (e.g., DEFAULT). + + /etc/crypto-policies/back-ends:: +- Contains the generated policies in separated files, and in a format readable by the supported back-ends. ++ Contains the generated policies in separated files, and in a format readable by the supported back ends. + + /etc/crypto-policies/local.d:: + Contains additional files to be appended to the generated policy +@@ -218,7 +208,7 @@ FILES + + SEE ALSO + -------- +-fips-mode-setup(8) ++crypto-policies(7), fips-mode-setup(8) + + AUTHOR + ------ diff --git a/SOURCES/crypto-policies.7 b/SOURCES/crypto-policies.7 new file mode 100644 index 0000000..10addca --- /dev/null +++ b/SOURCES/crypto-policies.7 @@ -0,0 +1,1024 @@ +'\" t +.\" Title: crypto-policies +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 02/08/2019 +.\" Manual: \ \& +.\" Source: crypto-policies +.\" Language: English +.\" +.TH "CRYPTO\-POLICIES" "7" "02/08/2019" "crypto\-policies" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +crypto-policies \- system\-wide crypto policies overview +.SH "DESCRIPTION" +.sp +The security of cryptographic components of the operating system does not remain constant over time\&. Algorithms, such as cryptographic hashing and encryption, typically have a lifetime, after which they are considered either too risky to use or plain insecure\&. That means, we need to phase out such algorithms from the default settings or completely disable them if they could cause an irreparable problem\&. +.sp +While in the past the algorithms were not disabled in a consistent way and different applications applied different policies, the system\-wide crypto\-policies followed by the crypto core components allow consistently deprecating and disabling algorithms system\-wide\&. +.sp +The individual policy levels (\fBDEFAULT\fR, \fBLEGACY\fR, \fBFUTURE\fR, and \fBFIPS\fR) are included in the \fBcrypto\-policies(7)\fR package\&. In the future, there will be also a mechanism for easy creation and deployment of policies defined by the system administrator or a third party vendor\&. +.sp +For rationale, see \fBRFC 7457\fR for a list of attacks taking advantage of legacy crypto algorithms\&. +.SH "COVERED APPLICATIONS" +.sp +Crypto\-policies apply to the configuration of the core cryptographic subsystems, covering \fBTLS\fR, \fBIKE\fR, \fBIPSec\fR, \fBDNSSec\fR, and \fBKerberos\fR protocols; i\&.e\&., the supported secure communications protocols on the base operating system\&. +.sp +Once an application runs in the operating system, it follows the default or selected policy and refuses to fall back to algorithms and protocols not within the policy, unless the user has explicitly requested the application to do so\&. That is, the policy applies to the default behavior of applications when running with the system\-provided configuration but the user can override it on an application\-specific basis\&. +.sp +The policies currently provide settings for these applications and libraries: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBBIND\fR +DNS name server daemon +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBGnuTLS\fR +TLS library +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBOpenJDK\fR +runtime environment +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBKerberos 5\fR +library +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBLibreswan\fR +IPsec and IKE protocol implementation +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBNSS\fR +TLS library +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBOpenSSH\fR +SSH2 protocol implementation +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBOpenSSL\fR +TLS library +.RE +.sp +Applications using the above libraries and tools are covered by the cryptographic policies unless they are explicitly configured not to be so\&. +.SH "PROVIDED POLICY LEVELS" +.PP +\fBLEGACY\fR +.RS 4 +This policy ensures maximum compatibility with legacy systems; it is less secure and it includes support for +\fBTLS 1\&.0\fR, +\fBTLS 1\&.1\fR, and +\fBSSH2\fR +protocols or later\&. The algorithms +\fBDSA\fR, +\fB3DES\fR, and +\fBRC4\fR +are allowed, while +\fBRSA\fR +and +\fBDiffie\-Hellman\fR +parameters are accepted if larger than 1023 bits\&. The level provides at least 64\-bit security\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MACs: all +\fBHMAC\fR +with +\fBSHA\-1\fR +or better + all modern MACs (\fBPoly1305\fR +etc\&.) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Curves: all prime >= 255 bits (including Bernstein curves) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Signature algorithms: with +\fBSHA1\fR +hash or better (\fBDSA\fR +allowed) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +Ciphers: all available >= 112\-bit key, >= 128\-bit block (including +\fBRC4\fR +and +\fB3DES\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Non\-TLS Ciphers: same as +\fBTLS\fR +ciphers with added +\fBCamellia\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Key exchange: +\fBECDHE\fR, +\fBRSA\fR, +\fBDHE\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDH\fR +params size: >= 1023 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBRSA\fR +keys size: >= 1023 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDSA\fR +params size: >= 1023 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +protocols: +\fBTLS\fR +>= 1\&.0, +\fBDTLS\fR +>= 1\&.0 +.RE +.RE +.PP +\fBDEFAULT\fR +.RS 4 +The +\fBDEFAULT\fR +policy is a reasonable default policy for today\(cqs standards, compatible with +\fBPCI\-DSS\fR +requirements\&. It allows the +\fBTLS 1\&.2\fR +and +\fBTLS 1\&.3\fR +protocols, as well as +\fBIKEv2\fR +and +\fBSSH2\fR\&. The +\fBRSA\fR +and +\fBDiffie\-Hellman\fR +parameters are accepted if larger than 2047 bits\&. The level provides at least 112\-bit security with the exception of +\fBSHA\-1\fR +signatures needed for +\fBDNSSec\fR +and other still prevalent legacy use of +\fBSHA\-1\fR +signatures\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MACs: all +\fBHMAC\fR +with +\fBSHA\-1\fR +or better + all modern MACs (\fBPoly1305\fR +etc\&.) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Curves: all prime >= 255 bits (including Bernstein curves) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Signature algorithms: with +\fBSHA\-1\fR +hash or better (no +\fBDSA\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +Ciphers: >= 128\-bit key, >= 128\-bit block (\fBAES\fR, +\fBChaCha20\fR, including +\fBAES\-CBC\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +non\-TLS Ciphers: as +\fBTLS\fR +Ciphers with added +\fBCamellia\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +key exchange: +\fBECDHE\fR, +\fBRSA\fR, +\fBDHE\fR +(no +\fBDHE\-DSS\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDH\fR +params size: >= 2048 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBRSA\fR +keys size: >= 2048 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +protocols: +\fBTLS\fR +>= 1\&.2, +\fBDTLS\fR +>= 1\&.2 +.RE +.RE +.PP +\fBFUTURE\fR +.RS 4 +A conservative security level that is believed to withstand any near\-term future attacks\&. This level does not allow the use of +\fBSHA\-1\fR +in signature algorithms\&. The level also provides some (not complete) preparation for post\-quantum encryption support in form of 256\-bit symmetric encryption requirement\&. The +\fBRSA\fR +and +\fBDiffie\-Hellman\fR +parameters are accepted if larger than 3071 bits\&. The level provides at least 128\-bit security\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MACs: all +\fBHMAC\fR +with +\fBSHA\-256\fR +or better + all modern MACs (\fBPoly1305\fR +etc\&.) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Curves: all prime >= 255 bits (including Bernstein curves) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Signature algorithms: with +\fBSHA\-256\fR +hash or better (no +\fBDSA\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +Ciphers: >= 256\-bit key, >= 128\-bit block, only Authenticated Encryption (AE) ciphers +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +non\-TLS Ciphers: same as +\fBTLS\fR +ciphers with added non AE ciphers and +\fBCamellia\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +key exchange: +\fBECDHE\fR, +\fBDHE\fR +(no +\fBDHE\-DSS\fR, no +\fBRSA\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDH\fR +params size: >= 3072 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBRSA\fR +keys size: >= 3072 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +protocols: +\fBTLS\fR +>= 1\&.2, +\fBDTLS\fR +>= 1\&.2 +.RE +.RE +.PP +\fBFIPS\fR +.RS 4 +A level that conforms to the +\fBFIPS 140\-2\fR +requirements\&. This policy is used internally by the +\fBfips\-mode\-setup(8)\fR +tool which can switch the system into the +\fBFIPS 140\-2\fR +compliance mode\&. The level provides at least 112\-bit security\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MACs: all +\fBHMAC\fR +with +\fBSHA1\fR +or better +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Curves: all prime >= 256 bits +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Signature algorithms: with +\fBSHA\-256\fR +hash or better (no +\fBDSA\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +Ciphers: >= 128\-bit key, >= 128\-bit block (\fBAES\fR, including +\fBAES\-CBC\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +non\-TLS Ciphers: same as +\fBTLS\fR +Ciphers +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +key exchange: +\fBECDHE\fR, +\fBDHE\fR +(no +\fBDHE\-DSS\fR, no +\fBRSA\fR) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDH\fR +params size: >= 2048 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBRSA\fR +params size: >= 2048 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +protocols: +\fBTLS\fR +>= 1\&.2, +\fBDTLS\fR +>= 1\&.2 +.RE +.RE +.PP +\fBEMPTY\fR +.RS 4 +All cryptographic algorithms are disabled (used for debugging only, do not use)\&. +.RE +.SH "COMMANDS" +.PP +\fBupdate\-crypto\-policies(8)\fR +.RS 4 +This command manages the policies available to the various cryptographic back ends and allows the system administrator to change the active cryptographic policy level\&. +.RE +.PP +\fBfips\-mode\-setup(8)\fR +.RS 4 +This command allows the system administrator to enable, or disable the system FIPS mode and also apply the +\fBFIPS\fR +cryptographic policy level which limits the allowed algorithms and protocols to these allowed by the FIPS 140\-2 requirements\&. +.RE +.SH "NOTES" +.sp +\fBExceptions:\fR +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBGo\-language\fR +applications do not yet follow the system\-wide policy\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBLibssh\fR +applications do not yet follow the system\-wide policy\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBGnuPG\-2\fR +application does not follow the system\-wide policy\&. +.RE +.sp +In general only the data\-in\-transit is currently covered by the system\-wide policy\&. +.sp +If the system administrator changes the system\-wide policy level with the \fBupdate\-crypto\-policies(8)\fR command it is advisable to restart the system as the individual back\-end libraries read the configuration files usually during their initialization\&. The changes in the policy level thus take place in most cases only when the applications using the back\-end libraries are restarted\&. +.sp +\fBRemoved cipher suites and protocols\fR +.sp +The following cipher suites and protocols are completely removed from the core cryptographic libraries listed above: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDES\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +All export grade cipher suites +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBMD5\fR +in signatures +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBSSLv2\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBSSLv3\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +All +\fBECC\fR +curves smaller than 224 bits +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +All binary field +\fBECC\fR +curves +.RE +.sp +\fBCipher suites and protocols disabled in all policy levels\fR +.sp +The following ciphersuites and protocols are available but disabled in all crypto policy levels\&. They can be enabled only by explicit configuration of individual applications: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBDH\fR +with parameters < 1024 bits +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBRSA\fR +with key size < 1024 bits +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBCamellia\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBARIA\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBSEED\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBIDEA\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Integrity only ciphersuites +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBTLS\fR +\fBCBC mode\fR +ciphersuites using +\fBSHA\-384\fR +HMAC +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBAES\-CCM8\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +all +\fBECC\fR +curves incompatible with +\fBTLS 1\&.3\fR, including secp256k1 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBIKEv1\fR +.RE +.SH "FILES" +.PP +/etc/crypto\-policies/back\-ends +.RS 4 +The individual cryptographical back\-end configuration files\&. Usually linked to the configuration shipped in the crypto\-policies package unless a configuration from +\fBlocal\&.d\fR +is added\&. +.RE +.PP +/etc/crypto\-policies/config +.RS 4 +The active crypto\-policies level set on the system\&. +.RE +.PP +/etc/crypto\-policies/local\&.d +.RS 4 +Additional configuration shipped by other packages or created by the system administrator\&. The contents of the +\fB\-file\&.config\fR +is appended to the configuration from the policy back end as shipped in the crypto\-policies package\&. +.RE +.SH "SEE ALSO" +.sp +update\-crypto\-policies(8), fips\-mode\-setup(8) +.SH "AUTHOR" +.sp +Written by Tomáš Mráz\&. diff --git a/SOURCES/crypto-policies.7.txt b/SOURCES/crypto-policies.7.txt new file mode 100644 index 0000000..f4f0f61 --- /dev/null +++ b/SOURCES/crypto-policies.7.txt @@ -0,0 +1,254 @@ +//// +Copyright (C) 2019 Red Hat, Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. +//// + + +crypto-policies(7) +================== +:doctype: manpage +:man source: crypto-policies + + +NAME +---- +crypto-policies - system-wide crypto policies overview + + +DESCRIPTION +----------- +The security of cryptographic components of the operating system +does not remain constant over time. Algorithms, such as +cryptographic hashing and encryption, typically have a lifetime, +after which they are considered either too risky to use or plain insecure. +That means, we need to phase out such algorithms from the default +settings or completely disable them if they could cause an irreparable problem. + +While in the past the algorithms were not disabled in a consistent way +and different applications applied different policies, the system-wide +crypto-policies followed by the crypto core components allow consistently +deprecating and disabling algorithms system-wide. + +The individual policy levels (*DEFAULT*, *LEGACY*, *FUTURE*, and *FIPS*) +are included in the *crypto-policies(7)* package. In the future, there will +be also a mechanism for easy creation and deployment of policies defined +by the system administrator or a third party vendor. + +For rationale, see *RFC 7457* for a list of attacks taking advantage of +legacy crypto algorithms. + +COVERED APPLICATIONS +-------------------- + +Crypto-policies apply to the configuration of the core cryptographic subsystems, +covering *TLS*, *IKE*, *IPSec*, *DNSSec*, and *Kerberos* protocols; i.e., the +supported secure communications protocols on the base operating system. + +Once an application runs in the operating system, it follows the default +or selected policy and refuses to fall back to algorithms and protocols not +within the policy, unless the user has explicitly requested the application +to do so. That is, the policy applies to the default behavior of applications +when running with the system-provided configuration but the user can override +it on an application-specific basis. + +The policies currently provide settings for these applications and libraries: + +* *BIND* DNS name server daemon +* *GnuTLS* TLS library +* *OpenJDK* runtime environment +* *Kerberos 5* library +* *Libreswan* IPsec and IKE protocol implementation +* *NSS* TLS library +* *OpenSSH* SSH2 protocol implementation +* *OpenSSL* TLS library + +Applications using the above libraries and tools are covered by the +cryptographic policies unless they are explicitly configured not to be so. + +PROVIDED POLICY LEVELS +---------------------- + +*LEGACY*:: + This policy ensures maximum compatibility with legacy systems; it is + less secure and it includes support for *TLS 1.0*, *TLS 1.1*, and *SSH2* + protocols or later. The algorithms *DSA*, *3DES*, and *RC4* are allowed, + while *RSA* and *Diffie-Hellman* parameters are accepted if larger than 1023 bits. + The level provides at least 64-bit security. + + * MACs: all *HMAC* with *SHA-1* or better + all modern MACs (*Poly1305* + etc.) + * Curves: all prime >= 255 bits (including Bernstein curves) + * Signature algorithms: with *SHA1* hash or better (*DSA* allowed) + * *TLS* Ciphers: all available >= 112-bit key, >= 128-bit block (including + *RC4* and *3DES*) + * Non-TLS Ciphers: same as *TLS* ciphers with added *Camellia* + * Key exchange: *ECDHE*, *RSA*, *DHE* + * *DH* params size: >= 1023 + * *RSA* keys size: >= 1023 + * *DSA* params size: >= 1023 + * *TLS* protocols: *TLS* >= 1.0, *DTLS* >= 1.0 + +*DEFAULT*:: + The *DEFAULT* policy is a reasonable default policy for today's standards, + compatible with *PCI-DSS* requirements. It allows the *TLS 1.2* and + *TLS 1.3* protocols, as well as *IKEv2* and *SSH2*. The *RSA* and + *Diffie-Hellman* parameters are accepted if larger than 2047 bits. + The level provides at least 112-bit security with the exception of *SHA-1* + signatures needed for *DNSSec* and other still prevalent legacy use of + *SHA-1* signatures. + + * MACs: all *HMAC* with *SHA-1* or better + all modern MACs (*Poly1305* + etc.) + * Curves: all prime >= 255 bits (including Bernstein curves) + * Signature algorithms: with *SHA-1* hash or better (no *DSA*) + * *TLS* Ciphers: >= 128-bit key, >= 128-bit block (*AES*, *ChaCha20*, + including *AES-CBC*) + * non-TLS Ciphers: as *TLS* Ciphers with added *Camellia* + * key exchange: *ECDHE*, *RSA*, *DHE* (no *DHE-DSS*) + * *DH* params size: >= 2048 + * *RSA* keys size: >= 2048 + * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 + +*FUTURE*:: + A conservative security level that is believed to withstand any near-term + future attacks. This level does not allow the use of *SHA-1* in signature + algorithms. The level also provides some (not complete) preparation for + post-quantum encryption support in form of 256-bit symmetric encryption + requirement. The *RSA* and *Diffie-Hellman* parameters are accepted if + larger than 3071 bits. The level provides at least 128-bit security. + + * MACs: all *HMAC* with *SHA-256* or better + all modern MACs (*Poly1305* + etc.) + * Curves: all prime >= 255 bits (including Bernstein curves) + * Signature algorithms: with *SHA-256* hash or better (no *DSA*) + * *TLS* Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated + Encryption (AE) ciphers + * non-TLS Ciphers: same as *TLS* ciphers with added non AE ciphers and + *Camellia* + * key exchange: *ECDHE*, *DHE* (no *DHE-DSS*, no *RSA*) + * *DH* params size: >= 3072 + * *RSA* keys size: >= 3072 + * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 + + +*FIPS*:: + A level that conforms to the *FIPS 140-2* requirements. This policy is used + internally by the *fips-mode-setup(8)* tool which can switch the system + into the *FIPS 140-2* compliance mode. + The level provides at least 112-bit security. + + * MACs: all *HMAC* with *SHA1* or better + * Curves: all prime >= 256 bits + * Signature algorithms: with *SHA-256* hash or better (no *DSA*) + * *TLS* Ciphers: >= 128-bit key, >= 128-bit block (*AES*, + including *AES-CBC*) + * non-TLS Ciphers: same as *TLS* Ciphers + * key exchange: *ECDHE*, *DHE* (no *DHE-DSS*, no *RSA*) + * *DH* params size: >= 2048 + * *RSA* params size: >= 2048 + * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 + +*EMPTY*:: + All cryptographic algorithms are disabled (used for debugging only, do not + use). + +COMMANDS +-------- + +*update-crypto-policies(8)*:: + This command manages the policies available to the various cryptographic + back ends and allows the system administrator to change the active + cryptographic policy level. + +*fips-mode-setup(8)*:: + This command allows the system administrator to enable, or disable the + system FIPS mode and also apply the *FIPS* cryptographic policy level + which limits the allowed algorithms and protocols to these allowed by + the FIPS 140-2 requirements. + + +NOTES +----- + +*Exceptions:* + +* *Go-language* applications do not yet follow the system-wide policy. +* *Libssh* applications do not yet follow the system-wide policy. +* *GnuPG-2* application does not follow the system-wide policy. + +In general only the data-in-transit is currently covered by the system-wide +policy. + +If the system administrator changes the system-wide policy level with +the *update-crypto-policies(8)* command it is advisable to restart the +system as the individual back-end libraries read the configuration files +usually during their initialization. The changes in the policy level +thus take place in most cases only when the applications using the back-end +libraries are restarted. + +*Removed cipher suites and protocols* + +The following cipher suites and protocols are completely removed from the +core cryptographic libraries listed above: + +* *DES* +* All export grade cipher suites +* *MD5* in signatures +* *SSLv2* +* *SSLv3* +* All *ECC* curves smaller than 224 bits +* All binary field *ECC* curves + +*Cipher suites and protocols disabled in all policy levels* + +The following ciphersuites and protocols are available but disabled in all +crypto policy levels. They can be enabled only by explicit configuration +of individual applications: + +* *DH* with parameters < 1024 bits +* *RSA* with key size < 1024 bits +* *Camellia* +* *ARIA* +* *SEED* +* *IDEA* +* Integrity only ciphersuites +* *TLS* *CBC mode* ciphersuites using *SHA-384* HMAC +* *AES-CCM8* +* all *ECC* curves incompatible with *TLS 1.3*, including secp256k1 +* *IKEv1* + + +FILES +----- +/etc/crypto-policies/back-ends:: + The individual cryptographical back-end configuration files. + Usually linked to the configuration shipped in the crypto-policies + package unless a configuration from *local.d* is added. + +/etc/crypto-policies/config:: + The active crypto-policies level set on the system. + +/etc/crypto-policies/local.d:: + Additional configuration shipped by other packages or created by + the system administrator. The contents of the *-file.config* + is appended to the configuration from the policy back end as + shipped in the crypto-policies package. + + +SEE ALSO +-------- +update-crypto-policies(8), fips-mode-setup(8) + + +AUTHOR +------ +Written by Tomáš Mráz. diff --git a/SPECS/crypto-policies.spec b/SPECS/crypto-policies.spec new file mode 100644 index 0000000..d2b1ef7 --- /dev/null +++ b/SPECS/crypto-policies.spec @@ -0,0 +1,379 @@ +%global git_date 20181217 +%global git_commit_hash 9a35207 + +Name: crypto-policies +Version: %{git_date} +Release: 6.git%{git_commit_hash}%{?dist} +Summary: Systemwide crypto policies + +License: LGPLv2+ +URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies + +# This is a tarball of the git repository without the .git/ +# directory. +# For RHEL-8 we use the upstream branch next-default. +Source0: crypto-policies-git%{git_commit_hash}.tar.gz +Source1: crypto-policies.7.txt +Source2: crypto-policies.7 +Patch1: crypto-policies-manpage.patch +Patch2: crypto-policies-java-fix.patch +Patch3: crypto-policies-libreswan-fix.patch + +BuildArch: noarch +BuildRequires: asciidoc +BuildRequires: libxslt +BuildRequires: openssl +BuildRequires: gnutls-utils >= 3.6.0 +BuildRequires: java-1.8.0-openjdk-devel +BuildRequires: bind +BuildRequires: perl-interpreter +BuildRequires: perl-generators +BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy) +BuildRequires: perl(File::Which) +BuildRequires: python3-devel + +# used by update-crypto-policies +Requires: coreutils +Requires: grep +Requires: sed +Requires(post): coreutils +Requires(post): grep +Requires(post): sed +# used by fips-mode-setup +Recommends: grubby + +%description +This package provides a tool update-crypto-policies, which sets +the policy applicable for the various cryptographic back-ends, such as +SSL/TLS libraries. The policy set by the tool will be the default policy +used by these back-ends unless the application user configures them otherwise. + +The package also provides a tool fips-mode-setup, which can be used +to enable or disable the system FIPS mode. + +%prep +%setup -q -n %{name} +%patch1 -p1 -b .manpage +%patch2 -p1 -b .java-fix +%patch3 -p1 -b .libreswan-fix + +%build +make %{?_smp_mflags} + +%install +mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/ +mkdir -p -m 755 %{buildroot}%{_mandir}/man7 +mkdir -p -m 755 %{buildroot}%{_mandir}/man8 +mkdir -p -m 755 %{buildroot}%{_bindir} + +make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir}/man8 %{?_smp_mflags} install +install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config +install -p -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man7/crypto-policies.7 + +%check +make check %{?_smp_mflags} + +%post +%{_bindir}/update-crypto-policies --no-check >/dev/null + + +%files + +%dir %{_sysconfdir}/crypto-policies/ +%dir %{_sysconfdir}/crypto-policies/back-ends/ +%dir %{_sysconfdir}/crypto-policies/local.d/ +%dir %{_datarootdir}/crypto-policies/ + +%config(noreplace) %{_sysconfdir}/crypto-policies/config + +%ghost %{_sysconfdir}/crypto-policies/back-ends/gnutls.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/openssl.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/openssh.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/nss.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/bind.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/java.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/krb5.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/openjdk.config +%ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config + +%{_bindir}/update-crypto-policies +%{_bindir}/fips-mode-setup +%{_bindir}/fips-finish-install +%{_mandir}/man7/crypto-policies.7.gz +%{_mandir}/man8/update-crypto-policies.8.gz +%{_mandir}/man8/fips-mode-setup.8.gz +%{_mandir}/man8/fips-finish-install.8.gz +%{_datarootdir}/crypto-policies/LEGACY/* +%{_datarootdir}/crypto-policies/DEFAULT/* +%{_datarootdir}/crypto-policies/FUTURE/* +%{_datarootdir}/crypto-policies/FIPS/* +%{_datarootdir}/crypto-policies/EMPTY/* +%{_datarootdir}/crypto-policies/default-config +%{_datarootdir}/crypto-policies/reload-cmds.sh + +%{!?_licensedir:%global license %%doc} +%license COPYING.LESSER + +%changelog +* Mon Feb 18 2019 Tomáš Mráz - 20181217-6.git9a35207 +- libreswan: Allow coalescing the IKE/IPSEC proposals + +* Fri Feb 8 2019 Tomáš Mráz - 20181217-5.git9a35207 +- cleanups of the crypto-policies.7 manual page + +* Fri Feb 1 2019 Tomáš Mráz - 20181217-4.git9a35207 +- Java: Fix FIPS and FUTURE policy to allow RSA certificates in TLS + +* Tue Jan 22 2019 Tomáš Mráz - 20181217-3.git9a35207 +- cleanup duplicate and incorrect information from update-crypto-policies.8 + manual page + +* Mon Jan 21 2019 Tomáš Mráz - 20181217-2.git9a35207 +- add crypto-policies.7 manual page + +* Mon Dec 17 2018 Tomáš Mráz - 20181217-1.git9a35207 +- update-crypto-policies: Fix endless loop +- update-crypto-policies: Add warning about the need of system restart +- fips-mode-setup: Use grub2-editenv to modify the kernelopts for BLS + +* Thu Nov 22 2018 Tomáš Mráz - 20181122-1.git70769d9 +- update-crypto-policies: fix error on multiple matches in local.d +- Print warning when update-crypto-policies --set is used in the FIPS mode +- Java: Add 3DES and RC4 to legacy algorithms in LEGACY policy +- OpenSSL: Properly disable non AEAD and AES128 ciphersuites in FUTURE +- libreswan: Add chacha20_poly1305 to all policies and drop ikev1 from LEGACY + +* Fri Oct 26 2018 Tomáš Mráz - 20181026-1.gitcc78cb7 +- Fix regression in discovery of additional configuration +- NSS: add DSA keyword to LEGACY policy +- GnuTLS: Add 3DES and RC4 to LEGACY policy + +* Tue Sep 25 2018 Tomáš Mráz - 20180925-2.git3ce363a +- Improve the package description + +* Tue Sep 25 2018 Tomáš Mráz - 20180925-1.git3ce363a +- Use Recommends instead of Requires for grubby +- Revert setting of HostKeyAlgorithms for ssh client for now + +* Fri Sep 21 2018 Tomáš Mráz - 20180921-1.git62bafde +- OpenSSH: Generate policy for sign algorithms +- Enable >= 255 bits EC curves in FUTURE policy +- OpenSSH: Add group1 key exchanges in LEGACY policy +- NSS: Add SHA224 to hash lists +- Print warning when update-crypto-policies --set FIPS is used +- fips-mode-setup: Kernel boot options are now modified with grubby + +* Mon Aug 13 2018 Tomáš Mráz - 20180801-2.git2b95ede +- Fix build to use the system python + +* Wed Aug 1 2018 Tomáš Mráz - 20180801-1.git2b95ede +- Add OpenSSL configuration file include support +- Disable TLS-1.0, 1.1 and DH with less than 2048 bits in DEFAULT policy + +* Tue Jul 24 2018 Tomáš Mráz - 20180723-1.gitdb825c0 +- Initial FIPS mode setup support +- NSS: Add tests for the generated policy +- Enable TLS-1.3 if available in the respective TLS library +- Enable SHA1 in certificates in LEGACY policy +- Disable CAMELLIA +- libreswan: Multiple bug fixes in policies + +* Wed Apr 25 2018 Tomáš Mráz - 20180425-1.git6ad4018 +- Restart/reload only enabled services +- Do not enable PSK ciphersuites by default in gnutls and openssl +- krb5: fix when more than 2048 bits keys are required +- Fix discovery of additional configurations #1564595 +- Fix incorrect ciphersuite setup for libreswan + +* Tue Mar 6 2018 Nikos Mavrogiannopoulos - 20180306-1.gitaea6928 +- Updated policy to reduce DH parameter size on DEFAULT level, taking into + account feedback in #1549242,1#534532. +- Renamed openssh-server.config to opensshserver.config to reduce conflicts + when local.d/ appending is used. + +* Tue Feb 27 2018 Nikos Mavrogiannopoulos - 20180227-1.git0ce1729 +- Updated to include policies for libreswan + +* Mon Feb 12 2018 Nikos Mavrogiannopoulos - 20180112-1.git386e3fe +- Updated to apply the settings as in StrongCryptoSettings project. The restriction + to TLS1.2, is not yet applied as we have no method to impose that in openssl. + https://fedoraproject.org/wiki/Changes/StrongCryptoSettings + +* Fri Feb 09 2018 Igor Gnatenko - 20171115-3.git921600e +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 20171115-2.git921600e +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Nov 15 2017 Nikos Mavrogiannopoulos - 20171115-1.git921600e +- Updated openssh policies for new openssh without rc4 +- Removed policies for compat-gnutls28 + +* Wed Aug 23 2017 Nikos Mavrogiannopoulos - 20170823-1.git8d18c27 +- Updated gnutls policies for 3.6.0 + +* Wed Aug 16 2017 Nikos Mavrogiannopoulos - 20170816-1.git2618a6c +- Updated to latest upstream +- Restarts openssh server on policy update + +* Wed Aug 2 2017 Nikos Mavrogiannopoulos - 20170802-1.git9300620 +- Updated to latest upstream +- Reloads openssh server on policy update + +* Wed Jul 26 2017 Fedora Release Engineering - 20170606-4.git7c32281 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Igor Gnatenko - 20170606-3.git7c32281 +- Restore Requires(post) + +* Mon Jul 24 2017 Troy Dawson 20170606-2.git7c32281 +- perl dependency renamed to perl-interpreter +- remove useless Requires(post) +- Fix path of libdir in generate-policies.pl (#1474442) + +* Tue Jun 6 2017 Nikos Mavrogiannopoulos - 20170606-1.git7c32281 +- Updated to latest upstream +- Allows gnutls applications in LEGACY mode, to use certificates of 768-bits + +* Wed May 31 2017 Nikos Mavrogiannopoulos - 20170531-1.gitce0df7b +- Updated to latest upstream +- Added new kerberos key types + +* Sat Apr 01 2017 Björn Esser - 20170330-3.git55b66da +- Add Requires for update-crypto-policies in %%post + +* Fri Mar 31 2017 Petr Šabata - 20170330-2.git55b66da +- update-crypto-policies uses gred and sed, require them + +* Thu Mar 30 2017 Nikos Mavrogiannopoulos - 20170330-1-git55b66da +- GnuTLS policies include RC4 in legacy mode (#1437213) + +* Fri Feb 17 2017 Nikos Mavrogiannopoulos - 20160214-2-gitf3018dd +- Added openssh file + +* Tue Feb 14 2017 Nikos Mavrogiannopoulos - 20160214-1-gitf3018dd +- Updated policies for BIND to address #1421875 + +* Fri Feb 10 2017 Fedora Release Engineering - 20161111-2.gita2363ce +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Nov 11 2016 Nikos Mavrogiannopoulos - 20161111-1-gita2363ce +- Include OpenJDK documentation. + +* Tue Sep 27 2016 Nikos Mavrogiannopoulos - 20160926-2-git08b5501 +- Improved messages on error. + +* Mon Sep 26 2016 Nikos Mavrogiannopoulos - 20160926-1-git08b5501 +- Added support for openssh client policy + +* Wed Sep 21 2016 Nikos Mavrogiannopoulos - 20160921-1-git75b9b04 +- Updated with latest upstream. + +* Thu Jul 21 2016 Nikos Mavrogiannopoulos - 20160718-2-gitdb5ca59 +- Added support for administrator overrides in generated policies in local.d + +* Thu Jul 21 2016 Nikos Mavrogiannopoulos - 20160718-1-git340cb69 +- Fixed NSS policy generation to include allowed hash algorithms + +* Wed Jul 20 2016 Nikos Mavrogiannopoulos - 20160718-1-gitcaa4a8d +- Updated to new version with auto-generated policies + +* Mon May 16 2016 Nikos Mavrogiannopoulos - 20160516-1-git8f69c35 +- Generate policies for NSS +- OpenJDK policies were updated for opendjk 8 + +* Wed Feb 03 2016 Fedora Release Engineering - 20151104-2.gitf1cba5f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Nov 4 2015 Nikos Mavrogiannopoulos - 20151104-1-gitcf1cba5f +- Generate policies for compat-gnutls28 (#1277790) + +* Fri Oct 23 2015 Nikos Mavrogiannopoulos - 20151005-2-gitc8452f8 +- Generated files are put in a %%ghost directive + +* Mon Oct 5 2015 Nikos Mavrogiannopoulos - 20151005-1-gitc8452f8 +- Updated policies from upstream +- Added support for the generation of libkrb5 policy +- Added support for the generation of openjdk policy + +* Wed Jun 17 2015 Fedora Release Engineering - 20150518-2.gitffe885e +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon May 18 2015 Nikos Mavrogiannopoulos - 20150518-1-gitffe885e +- Updated policies to remove SSL 3.0 and RC4 (#1220679) + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos - 20150305-3-git2eeb03b +- Added make check + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos - 20150305-2-git44afaa1 +- Removed support for SECLEVEL (#1199274) + +* Thu Mar 5 2015 Nikos Mavrogiannopoulos - 20150305-1-git098a8a6 +- Include AEAD ciphersuites in gnutls (#1198979) + +* Sun Jan 25 2015 Peter Robinson 20150115-3-git9ef7493 +- Bump release so lastest git snapshot is newer NVR + +* Thu Jan 15 2015 Nikos Mavrogiannopoulos - 20150115-2-git9ef7493 +- Updated to newest upstream version. +- Includes bind policies (#1179925) + +* Tue Dec 16 2014 Nikos Mavrogiannopoulos - 20141124-2-gitd4aa178 +- Corrected typo in gnutls' future policy (#1173886) + +* Mon Nov 24 2014 Nikos Mavrogiannopoulos - 20141124-1-gitd4aa178 +- re-enable SSL 3.0 (until its removal is coordinated with a Fedora change request) + +* Thu Nov 20 2014 Nikos Mavrogiannopoulos - 20141120-1-git9a26a5b +- disable SSL 3.0 (doesn't work in openssl) + +* Fri Sep 05 2014 Nikos Mavrogiannopoulos - 20140905-1-git4649b7d +- enforce the acceptable TLS versions in openssl + +* Wed Aug 27 2014 Nikos Mavrogiannopoulos - 20140827-1-git4e06f1d +- fix issue with RC4 being disabled in DEFAULT settings for openssl + +* Thu Aug 14 2014 Nikos Mavrogiannopoulos - 20140814-1-git80e1e98 +- fix issue in post script run on upgrade (#1130074) + +* Tue Aug 12 2014 Nikos Mavrogiannopoulos - 20140812-1-gitb914bfd +- updated crypto-policies from repository + +* Fri Jul 11 2014 Tom Callaway - 20140708-2-git3a7ae3f +- fix license handling + +* Tue Jul 08 2014 Nikos Mavrogiannopoulos - 20140708-1-git3a7ae3f +- updated crypto-policies from repository + +* Fri Jun 20 2014 Nikos Mavrogiannopoulos - 20140620-1-gitdac1524 +- updated crypto-policies from repository +- changed versioning + +* Thu Jun 12 2014 Nikos Mavrogiannopoulos - 0.9-7-20140612gita2fa0c6 +- updated crypto-policies from repository + +* Sat Jun 07 2014 Fedora Release Engineering - 0.9-7.20140522gita50bad2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 29 2014 Nikos Mavrogiannopoulos - 0.9-6-20140522gita50bad2 +- Require(post) coreutils (#1100335). + +* Tue May 27 2014 Nikos Mavrogiannopoulos - 0.9-5-20140522gita50bad2 +- Require coreutils. + +* Thu May 22 2014 Nikos Mavrogiannopoulos - 0.9-4-20140522gita50bad2 +- Install the default configuration file. + +* Wed May 21 2014 Nikos Mavrogiannopoulos - 0.9-3-20140520git81364e4 +- Run update-crypto-policies after installation. + +* Tue May 20 2014 Nikos Mavrogiannopoulos - 0.9-2-20140520git81364e4 +- Updated spec based on comments by Petr Lautrbach. + +* Mon May 19 2014 Nikos Mavrogiannopoulos - 0.9-1-20140519gitf15621a +- Initial package build +