FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}

1. Deny SHA-1 signature verification in FIPS provider

For RHEL, we already disable SHA-1 signatures by default in the default
provider, so it is unexpected that the FIPS provider would have a more
lenient configuration in this regard. Additionally, we do not think
continuing to accept SHA-1 signatures is a good idea due to the
published chosen-prefix collision attacks.

As a consequence, disable verification of SHA-1 signatures in the FIPS
provider.

This requires adjusting a few tests that would otherwise fail:
- 30-test_acvp: Remove the test vectors that use SHA-1.
- 30-test_evp: Mark tests in evppkey_rsa_common.txt and
  evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default",
  which will not run them when the FIPS provider is enabled.
- 80-test_cms: Re-generate all certificates in test/smime-certificates
  using the mksmime-certs.sh script, because most of them were signed
  with SHA-1 and thus fail verification in the FIPS provider. Keep
  smec3.pem, which was used to sign static test data in
  test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms, which would
  otherwise no longer verify. Note that smec3.pem was signed with
  a smroot.pem, which was now re-generated. This does not affect the
  test.
  Fix some other tests by explicitly running them in the default
  provider, where SHA-1 is available.
- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with
  the FIPS provider.

2. Disable EVP_PKEY_{sign,verify} in FIPS provider

The APIs to compute both digest and signature in one step,
EVP_DigestSign*/EVP_DigestVerify* and EVP_Sign*/EVP_Verify*, should be
used instead. This ensures that the digest is computed inside of the
FIPS module, and that only approved digests are used.

Update documentation for EVP_PKEY_{sign,verify} to reflect this.

Since the KATs use EVP_PKEY_sign/EVP_PKEY_verify, modify the tests to
set the OSSL_SIGNATURE_PARAM_KAT parameter and use EVP_PKEY_sign_init_ex
and EVP_PKEY_verify_init_ex where these parameters can be passed on
creation and allow EVP_PKEY_sign/EVP_PKEY_verify when this parameter is
set and evaluates as true.

Move tests that use the EVP_PKEY API to only run in the default
provider, since they would fail in the FIPS provider. This also affects
a number of CMS tests where error handling is insufficient and failure
to sign would only show up when verifying the CMS structure due to
a parse error.

Resolves: rhbz#2087147
Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang 2022-05-23 14:53:37 +02:00
parent 87f109e9fb
commit 389313b118
3 changed files with 1578 additions and 1 deletions

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,449 @@
From 6f7111801d960952b15cda98d9a95f79f6f0bf7e Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 23 May 2022 13:09:08 +0200
Subject: [PATCH] Disable EVP_PKEY_{sign,verify} in FIPS provider
The APIs to compute both digest and signature in one step,
EVP_DigestSign*/EVP_DigestVerify* and EVP_Sign*/EVP_Verify*, should be
used instead. This ensures that the digest is computed inside of the
FIPS module, and that only approved digests are used.
Update documentation for EVP_PKEY_{sign,verify} to reflect this.
Since the KATs use EVP_PKEY_sign/EVP_PKEY_verify, modify the tests to
set the OSSL_SIGNATURE_PARAM_KAT parameter and use EVP_PKEY_sign_init_ex
and EVP_PKEY_verify_init_ex where these parameters can be passed on
creation and allow EVP_PKEY_sign/EVP_PKEY_verify when this parameter is
set and evaluates as true.
Move tests that use the EVP_PKEY API to only run in the default
provider, since they would fail in the FIPS provider. This also affects
a number of CMS tests where error handling is insufficient and failure
to sign would only show up when verifying the CMS structure due to
a parse error.
Resolves: rhbz#2087147
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
doc/man3/EVP_PKEY_sign.pod | 5 ++++
doc/man3/EVP_PKEY_verify.pod | 5 ++++
providers/fips/self_test_kats.c | 19 ++++++-------
.../implementations/signature/ecdsa_sig.c | 28 +++++++++++++++++++
providers/implementations/signature/rsa_sig.c | 28 +++++++++++++++++++
.../30-test_evp_data/evppkey_ecdsa.txt | 9 +-----
.../30-test_evp_data/evppkey_rsa_common.txt | 14 ++++++++++
test/recipes/80-test_cms.t | 22 +++++++--------
8 files changed, 101 insertions(+), 29 deletions(-)
diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod
index 6752432bd5..f9d2b4f5d1 100644
--- a/doc/man3/EVP_PKEY_sign.pod
+++ b/doc/man3/EVP_PKEY_sign.pod
@@ -41,6 +41,11 @@ normally used to sign digests. For signing arbitrary messages, see the
L<EVP_DigestSignInit(3)> and
L<EVP_SignInit(3)> signing interfaces instead.
+B<WARNING>: Because FIPS 140-3 requires that a signed digest is computed in the
+same module as the signature, this API is disabled on CentOS 9 Stream and Red
+Hat Enterprise Linux in FIPS mode. Use L<EVP_DigestSignInit(3)> and
+L<EVP_SignInit(3)> instead.
+
After the call to EVP_PKEY_sign_init() algorithm specific control
operations can be performed to set any appropriate parameters for the
operation (see L<EVP_PKEY_CTX_ctrl(3)>).
diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod
index 77023cab87..344c39fe07 100644
--- a/doc/man3/EVP_PKEY_verify.pod
+++ b/doc/man3/EVP_PKEY_verify.pod
@@ -33,6 +33,11 @@ signed) is specified using the I<tbs> and I<tbslen> parameters.
=head1 NOTES
+B<WARNING>: Because FIPS 140-3 requires that a signed digest is computed in the
+same module as the signature, this API is disabled on CentOS 9 Stream and Red
+Hat Enterprise Linux in FIPS mode. Use L<EVP_DigestVerifyInit(3)> and
+L<EVP_VerifyInit(3)> instead.
+
After the call to EVP_PKEY_verify_init() algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 064794d9bf..a60cb99983 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -488,24 +488,23 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
- /* Create a EVP_PKEY_CTX to use for the signing operation */
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (sctx == NULL
- || EVP_PKEY_sign_init(sctx) <= 0)
- goto err;
-
- /* set signature parameters */
+ /* prepare signature parameters */
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
t->mdalgorithm,
strlen(t->mdalgorithm) + 1))
goto err;
+ if (!OSSL_PARAM_BLD_push_int(bld, OSSL_SIGNATURE_PARAM_KAT, 1))
+ goto err;
params_sig = OSSL_PARAM_BLD_to_param(bld);
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+
+ /* Create a EVP_PKEY_CTX to use for the signing operation */
+ sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+ if (sctx == NULL
+ || EVP_PKEY_sign_init_ex(sctx, params_sig) <= 0)
goto err;
if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
- || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ || EVP_PKEY_verify_init_ex(sctx, params_sig) <= 0)
goto err;
/*
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 44a22832ec..8f10208b59 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -73,6 +73,9 @@ typedef struct {
* by their Final function.
*/
unsigned int flag_allow_md : 1;
+ /* Flag indicating that this context is used in a combined digest/sign or
+ * digest/verify operation. */
+ unsigned int flag_is_digest_sigver : 1;
/* The Algorithm Identifier of the combined signature algorithm */
unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
@@ -134,6 +137,26 @@ static int ecdsa_signverify_init(void *vctx, void *ec,
|| ctx == NULL)
return 0;
+#ifdef FIPS_MODULE
+ {
+ const OSSL_PARAM *katparam = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
+ if (katparam != NULL) {
+ int kattests = 0;
+ if (OSSL_PARAM_get_int(katparam, &kattests) && kattests) {
+ ctx->flag_is_digest_sigver = 1;
+ }
+ }
+ }
+
+ if (!ctx->flag_is_digest_sigver) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED,
+ "ECDSA signatures are not supported using the "
+ "EVP_PKEY_sign/EVP_PKEY_verify API in FIPS mode, use "
+ "EVP_DigestSign and EVP_DigestVerify.");
+ return 0;
+ }
+#endif
+
if (ec == NULL && ctx->ec == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
@@ -287,6 +310,11 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
if (!ossl_prov_is_running())
return 0;
+ if (ctx == NULL)
+ return 0;
+
+ ctx->flag_is_digest_sigver = 1;
+
if (!ecdsa_signverify_init(vctx, ec, params, operation)
|| !ecdsa_setup_md(ctx, mdname, NULL))
return 0;
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 9a25b6a3de..a0d7b4707d 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -88,6 +88,9 @@ typedef struct {
*/
unsigned int flag_allow_md : 1;
unsigned int mgf1_md_set : 1;
+ /* Flag indicating that this context is used in a combined digest/sign or
+ * digest/verify operation. */
+ unsigned int flag_is_digest_sigver : 1;
/* main digest */
EVP_MD *md;
@@ -394,6 +397,26 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
if (!ossl_prov_is_running() || prsactx == NULL)
return 0;
+#ifdef FIPS_MODULE
+ {
+ const OSSL_PARAM *katparam = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
+ if (katparam != NULL) {
+ int kattests = 0;
+ if (OSSL_PARAM_get_int(katparam, &kattests) && kattests) {
+ prsactx->flag_is_digest_sigver = 1;
+ }
+ }
+ }
+
+ if (!prsactx->flag_is_digest_sigver) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED,
+ "RSA signatures are not supported using the "
+ "EVP_PKEY_sign/EVP_PKEY_verify API in FIPS mode, use "
+ "EVP_DigestSign and EVP_DigestVerify.");
+ return 0;
+ }
+#endif
+
if (vrsa == NULL && prsactx->rsa == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
return 0;
@@ -851,6 +874,11 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
if (!ossl_prov_is_running())
return 0;
+ if (prsactx == NULL)
+ return 0;
+
+ prsactx->flag_is_digest_sigver = 1;
+
if (!rsa_signverify_init(vprsactx, vrsa, params, operation))
return 0;
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index a96940f026..ac934a2096 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -111,6 +111,7 @@ Input = "Hello World"
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
# Test that mdsize != tbssize fails
+Availablein = default
Sign = P-256
Ctrl = digest:SHA256
Input = "0123456789ABCDEF1234"
@@ -197,14 +198,6 @@ Key = B-163
Input = "Hello World"
Result = DIGESTSIGNINIT_ERROR
-# Test that SHA1 is not allowed in fips mode for signing
-Availablein = fips
-Sign = P-256
-Securitycheck = 1
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1234"
-Result = PKEY_CTRL_ERROR
-
# Invalid non-approved digest
Availablein = fips
DigestVerify = MD5
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
index 37e542e1c2..e8209996ef 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -103,11 +103,13 @@ Input = "0123456789ABCDEF1234"
Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
# Truncated digest
+Availablein = default
Sign = RSA-2048
Ctrl = digest:SHA512-224
Input = "0123456789ABCDEF123456789ABC"
Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
+Availablein = default
Verify = RSA-2048
Ctrl = digest:SHA512-224
Input = "0123456789ABCDEF123456789ABC"
@@ -218,6 +220,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
# no padding
# Too small input
+Availablein = default
Sign = RSA-2048
Ctrl = rsa_padding_mode:none
Input = "0123456789ABCDEF123456789ABC"
@@ -225,6 +228,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
Result = KEYOP_ERROR
# Digest set before padding
+Availablein = default
Sign = RSA-2048
Ctrl = digest:sha256
Ctrl = rsa_padding_mode:none
@@ -233,6 +237,7 @@ Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e37
Result = PKEY_CTRL_ERROR
# Digest set after padding
+Availablein = default
Sign = RSA-2048
Ctrl = rsa_padding_mode:none
Ctrl = digest:sha256
@@ -240,23 +245,27 @@ Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234567
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
Result = PKEY_CTRL_ERROR
+Availablein = default
Sign = RSA-2048
Ctrl = rsa_padding_mode:none
Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:none
Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
# Plaintext modified
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:none
Input = 0223456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
Result = VERIFY_ERROR
+Availablein = default
VerifyRecover = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:none
Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
@@ -370,6 +379,7 @@ rQPeR+HETwIDAQAB
PrivPubKeyPair = RSA-PSS:RSA-PSS-BAD2
# Zero salt length makes output deterministic
+Availablein = default
Sign = RSA-2048
Ctrl = digest:sha256
Ctrl = rsa_padding_mode:pss
@@ -378,6 +388,7 @@ Input="0123456789ABCDEF0123456789ABCDEF"
Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
# Verify of above signature
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:0
@@ -395,6 +406,7 @@ Input="0123456789ABCDEF0123"
Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
# Digest too short
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:0
@@ -404,6 +416,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
Result = VERIFY_ERROR
# Digest too long
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:0
@@ -413,6 +426,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
Result = VERIFY_ERROR
# Wrong salt length
+Availablein = default
Verify = RSA-2048
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:2
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 9e7c721eab..d32833f42c 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -72,7 +72,7 @@ my @smime_pkcs7_tests = (
[ "signed content DER format, RSA key",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
"-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -80,7 +80,7 @@ my @smime_pkcs7_tests = (
[ "signed detached content DER format, RSA key",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-signer", $smrsa1, "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt",
"-content", $smcont ],
\&final_compare
@@ -90,7 +90,7 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
"-stream",
"-signer", $smrsa1, "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -117,7 +117,7 @@ my @smime_pkcs7_tests = (
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
"-signer", $smrsa1, "-out", "{output}2.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt",
"-content", $smcont ],
\&final_compare
@@ -140,20 +140,20 @@ my @smime_pkcs7_tests = (
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "DER",
"-noattr", "-nodetach", "-stream",
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = (
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -194,7 +194,7 @@ my @smime_pkcs7_tests = (
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -504,11 +504,11 @@ my @smime_cms_param_tests = (
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
"-noattr", "-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss",
"-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
--
2.35.3

View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.1 Version: 3.0.1
Release: 30%{?dist} Release: 31%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -116,6 +116,9 @@ Patch57: 0057-strcasecmp-fix.patch
Patch58: 0058-FIPS-limit-rsa-encrypt.patch Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 # https://bugzilla.redhat.com/show_bug.cgi?id=2069235
Patch60: 0060-FIPS-KAT-signature-tests.patch Patch60: 0060-FIPS-KAT-signature-tests.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -446,6 +449,11 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
- Disable SHA-1 signature verification in FIPS mode
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
Resolves: rhbz#2087147
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30 * Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
- Use KAT for ECDSA signature tests - Use KAT for ECDSA signature tests
- Resolves: rhbz#2069235 - Resolves: rhbz#2069235