forked from rpms/openssl
FIPS: Disable SHA1 signs and EVP_PKEY_{sign,verify}
1. Deny SHA-1 signature verification in FIPS provider For RHEL, we already disable SHA-1 signatures by default in the default provider, so it is unexpected that the FIPS provider would have a more lenient configuration in this regard. Additionally, we do not think continuing to accept SHA-1 signatures is a good idea due to the published chosen-prefix collision attacks. As a consequence, disable verification of SHA-1 signatures in the FIPS provider. This requires adjusting a few tests that would otherwise fail: - 30-test_acvp: Remove the test vectors that use SHA-1. - 30-test_evp: Mark tests in evppkey_rsa_common.txt and evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default", which will not run them when the FIPS provider is enabled. - 80-test_cms: Re-generate all certificates in test/smime-certificates using the mksmime-certs.sh script, because most of them were signed with SHA-1 and thus fail verification in the FIPS provider. Keep smec3.pem, which was used to sign static test data in test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms, which would otherwise no longer verify. Note that smec3.pem was signed with a smroot.pem, which was now re-generated. This does not affect the test. Fix some other tests by explicitly running them in the default provider, where SHA-1 is available. - 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with the FIPS provider. 2. Disable EVP_PKEY_{sign,verify} in FIPS provider The APIs to compute both digest and signature in one step, EVP_DigestSign*/EVP_DigestVerify* and EVP_Sign*/EVP_Verify*, should be used instead. This ensures that the digest is computed inside of the FIPS module, and that only approved digests are used. Update documentation for EVP_PKEY_{sign,verify} to reflect this. Since the KATs use EVP_PKEY_sign/EVP_PKEY_verify, modify the tests to set the OSSL_SIGNATURE_PARAM_KAT parameter and use EVP_PKEY_sign_init_ex and EVP_PKEY_verify_init_ex where these parameters can be passed on creation and allow EVP_PKEY_sign/EVP_PKEY_verify when this parameter is set and evaluates as true. Move tests that use the EVP_PKEY API to only run in the default provider, since they would fail in the FIPS provider. This also affects a number of CMS tests where error handling is insufficient and failure to sign would only show up when verifying the CMS structure due to a parse error. Resolves: rhbz#2087147 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
87f109e9fb
commit
389313b118
1120
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Normal file
1120
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Normal file
File diff suppressed because it is too large
Load Diff
449
0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
Normal file
449
0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
Normal file
@ -0,0 +1,449 @@
|
|||||||
|
From 6f7111801d960952b15cda98d9a95f79f6f0bf7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Mon, 23 May 2022 13:09:08 +0200
|
||||||
|
Subject: [PATCH] Disable EVP_PKEY_{sign,verify} in FIPS provider
|
||||||
|
|
||||||
|
The APIs to compute both digest and signature in one step,
|
||||||
|
EVP_DigestSign*/EVP_DigestVerify* and EVP_Sign*/EVP_Verify*, should be
|
||||||
|
used instead. This ensures that the digest is computed inside of the
|
||||||
|
FIPS module, and that only approved digests are used.
|
||||||
|
|
||||||
|
Update documentation for EVP_PKEY_{sign,verify} to reflect this.
|
||||||
|
|
||||||
|
Since the KATs use EVP_PKEY_sign/EVP_PKEY_verify, modify the tests to
|
||||||
|
set the OSSL_SIGNATURE_PARAM_KAT parameter and use EVP_PKEY_sign_init_ex
|
||||||
|
and EVP_PKEY_verify_init_ex where these parameters can be passed on
|
||||||
|
creation and allow EVP_PKEY_sign/EVP_PKEY_verify when this parameter is
|
||||||
|
set and evaluates as true.
|
||||||
|
|
||||||
|
Move tests that use the EVP_PKEY API to only run in the default
|
||||||
|
provider, since they would fail in the FIPS provider. This also affects
|
||||||
|
a number of CMS tests where error handling is insufficient and failure
|
||||||
|
to sign would only show up when verifying the CMS structure due to
|
||||||
|
a parse error.
|
||||||
|
|
||||||
|
Resolves: rhbz#2087147
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
doc/man3/EVP_PKEY_sign.pod | 5 ++++
|
||||||
|
doc/man3/EVP_PKEY_verify.pod | 5 ++++
|
||||||
|
providers/fips/self_test_kats.c | 19 ++++++-------
|
||||||
|
.../implementations/signature/ecdsa_sig.c | 28 +++++++++++++++++++
|
||||||
|
providers/implementations/signature/rsa_sig.c | 28 +++++++++++++++++++
|
||||||
|
.../30-test_evp_data/evppkey_ecdsa.txt | 9 +-----
|
||||||
|
.../30-test_evp_data/evppkey_rsa_common.txt | 14 ++++++++++
|
||||||
|
test/recipes/80-test_cms.t | 22 +++++++--------
|
||||||
|
8 files changed, 101 insertions(+), 29 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod
|
||||||
|
index 6752432bd5..f9d2b4f5d1 100644
|
||||||
|
--- a/doc/man3/EVP_PKEY_sign.pod
|
||||||
|
+++ b/doc/man3/EVP_PKEY_sign.pod
|
||||||
|
@@ -41,6 +41,11 @@ normally used to sign digests. For signing arbitrary messages, see the
|
||||||
|
L<EVP_DigestSignInit(3)> and
|
||||||
|
L<EVP_SignInit(3)> signing interfaces instead.
|
||||||
|
|
||||||
|
+B<WARNING>: Because FIPS 140-3 requires that a signed digest is computed in the
|
||||||
|
+same module as the signature, this API is disabled on CentOS 9 Stream and Red
|
||||||
|
+Hat Enterprise Linux in FIPS mode. Use L<EVP_DigestSignInit(3)> and
|
||||||
|
+L<EVP_SignInit(3)> instead.
|
||||||
|
+
|
||||||
|
After the call to EVP_PKEY_sign_init() algorithm specific control
|
||||||
|
operations can be performed to set any appropriate parameters for the
|
||||||
|
operation (see L<EVP_PKEY_CTX_ctrl(3)>).
|
||||||
|
diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod
|
||||||
|
index 77023cab87..344c39fe07 100644
|
||||||
|
--- a/doc/man3/EVP_PKEY_verify.pod
|
||||||
|
+++ b/doc/man3/EVP_PKEY_verify.pod
|
||||||
|
@@ -33,6 +33,11 @@ signed) is specified using the I<tbs> and I<tbslen> parameters.
|
||||||
|
|
||||||
|
=head1 NOTES
|
||||||
|
|
||||||
|
+B<WARNING>: Because FIPS 140-3 requires that a signed digest is computed in the
|
||||||
|
+same module as the signature, this API is disabled on CentOS 9 Stream and Red
|
||||||
|
+Hat Enterprise Linux in FIPS mode. Use L<EVP_DigestVerifyInit(3)> and
|
||||||
|
+L<EVP_VerifyInit(3)> instead.
|
||||||
|
+
|
||||||
|
After the call to EVP_PKEY_verify_init() algorithm specific control
|
||||||
|
operations can be performed to set any appropriate parameters for the
|
||||||
|
operation.
|
||||||
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||||
|
index 064794d9bf..a60cb99983 100644
|
||||||
|
--- a/providers/fips/self_test_kats.c
|
||||||
|
+++ b/providers/fips/self_test_kats.c
|
||||||
|
@@ -488,24 +488,23 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
||||||
|
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
||||||
|
- if (sctx == NULL
|
||||||
|
- || EVP_PKEY_sign_init(sctx) <= 0)
|
||||||
|
- goto err;
|
||||||
|
-
|
||||||
|
- /* set signature parameters */
|
||||||
|
+ /* prepare signature parameters */
|
||||||
|
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
||||||
|
t->mdalgorithm,
|
||||||
|
strlen(t->mdalgorithm) + 1))
|
||||||
|
goto err;
|
||||||
|
+ if (!OSSL_PARAM_BLD_push_int(bld, OSSL_SIGNATURE_PARAM_KAT, 1))
|
||||||
|
+ goto err;
|
||||||
|
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
||||||
|
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
+
|
||||||
|
+ /* Create a EVP_PKEY_CTX to use for the signing operation */
|
||||||
|
+ sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
||||||
|
+ if (sctx == NULL
|
||||||
|
+ || EVP_PKEY_sign_init_ex(sctx, params_sig) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
||||||
|
- || EVP_PKEY_verify_init(sctx) <= 0
|
||||||
|
- || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
+ || EVP_PKEY_verify_init_ex(sctx, params_sig) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
||||||
|
index 44a22832ec..8f10208b59 100644
|
||||||
|
--- a/providers/implementations/signature/ecdsa_sig.c
|
||||||
|
+++ b/providers/implementations/signature/ecdsa_sig.c
|
||||||
|
@@ -73,6 +73,9 @@ typedef struct {
|
||||||
|
* by their Final function.
|
||||||
|
*/
|
||||||
|
unsigned int flag_allow_md : 1;
|
||||||
|
+ /* Flag indicating that this context is used in a combined digest/sign or
|
||||||
|
+ * digest/verify operation. */
|
||||||
|
+ unsigned int flag_is_digest_sigver : 1;
|
||||||
|
|
||||||
|
/* The Algorithm Identifier of the combined signature algorithm */
|
||||||
|
unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
|
||||||
|
@@ -134,6 +137,26 @@ static int ecdsa_signverify_init(void *vctx, void *ec,
|
||||||
|
|| ctx == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ {
|
||||||
|
+ const OSSL_PARAM *katparam = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
|
||||||
|
+ if (katparam != NULL) {
|
||||||
|
+ int kattests = 0;
|
||||||
|
+ if (OSSL_PARAM_get_int(katparam, &kattests) && kattests) {
|
||||||
|
+ ctx->flag_is_digest_sigver = 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!ctx->flag_is_digest_sigver) {
|
||||||
|
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED,
|
||||||
|
+ "ECDSA signatures are not supported using the "
|
||||||
|
+ "EVP_PKEY_sign/EVP_PKEY_verify API in FIPS mode, use "
|
||||||
|
+ "EVP_DigestSign and EVP_DigestVerify.");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (ec == NULL && ctx->ec == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
|
||||||
|
return 0;
|
||||||
|
@@ -287,6 +310,11 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+ if (ctx == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ ctx->flag_is_digest_sigver = 1;
|
||||||
|
+
|
||||||
|
if (!ecdsa_signverify_init(vctx, ec, params, operation)
|
||||||
|
|| !ecdsa_setup_md(ctx, mdname, NULL))
|
||||||
|
return 0;
|
||||||
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
|
index 9a25b6a3de..a0d7b4707d 100644
|
||||||
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
|
@@ -88,6 +88,9 @@ typedef struct {
|
||||||
|
*/
|
||||||
|
unsigned int flag_allow_md : 1;
|
||||||
|
unsigned int mgf1_md_set : 1;
|
||||||
|
+ /* Flag indicating that this context is used in a combined digest/sign or
|
||||||
|
+ * digest/verify operation. */
|
||||||
|
+ unsigned int flag_is_digest_sigver : 1;
|
||||||
|
|
||||||
|
/* main digest */
|
||||||
|
EVP_MD *md;
|
||||||
|
@@ -394,6 +397,26 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
|
||||||
|
if (!ossl_prov_is_running() || prsactx == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ {
|
||||||
|
+ const OSSL_PARAM *katparam = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
|
||||||
|
+ if (katparam != NULL) {
|
||||||
|
+ int kattests = 0;
|
||||||
|
+ if (OSSL_PARAM_get_int(katparam, &kattests) && kattests) {
|
||||||
|
+ prsactx->flag_is_digest_sigver = 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!prsactx->flag_is_digest_sigver) {
|
||||||
|
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED,
|
||||||
|
+ "RSA signatures are not supported using the "
|
||||||
|
+ "EVP_PKEY_sign/EVP_PKEY_verify API in FIPS mode, use "
|
||||||
|
+ "EVP_DigestSign and EVP_DigestVerify.");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (vrsa == NULL && prsactx->rsa == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
|
||||||
|
return 0;
|
||||||
|
@@ -851,6 +874,11 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+ if (prsactx == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ prsactx->flag_is_digest_sigver = 1;
|
||||||
|
+
|
||||||
|
if (!rsa_signverify_init(vprsactx, vrsa, params, operation))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
index a96940f026..ac934a2096 100644
|
||||||
|
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
@@ -111,6 +111,7 @@ Input = "Hello World"
|
||||||
|
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
|
||||||
|
|
||||||
|
# Test that mdsize != tbssize fails
|
||||||
|
+Availablein = default
|
||||||
|
Sign = P-256
|
||||||
|
Ctrl = digest:SHA256
|
||||||
|
Input = "0123456789ABCDEF1234"
|
||||||
|
@@ -197,14 +198,6 @@ Key = B-163
|
||||||
|
Input = "Hello World"
|
||||||
|
Result = DIGESTSIGNINIT_ERROR
|
||||||
|
|
||||||
|
-# Test that SHA1 is not allowed in fips mode for signing
|
||||||
|
-Availablein = fips
|
||||||
|
-Sign = P-256
|
||||||
|
-Securitycheck = 1
|
||||||
|
-Ctrl = digest:SHA1
|
||||||
|
-Input = "0123456789ABCDEF1234"
|
||||||
|
-Result = PKEY_CTRL_ERROR
|
||||||
|
-
|
||||||
|
# Invalid non-approved digest
|
||||||
|
Availablein = fips
|
||||||
|
DigestVerify = MD5
|
||||||
|
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||||
|
index 37e542e1c2..e8209996ef 100644
|
||||||
|
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||||
|
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||||
|
@@ -103,11 +103,13 @@ Input = "0123456789ABCDEF1234"
|
||||||
|
Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
|
||||||
|
|
||||||
|
# Truncated digest
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = digest:SHA512-224
|
||||||
|
Input = "0123456789ABCDEF123456789ABC"
|
||||||
|
Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048
|
||||||
|
Ctrl = digest:SHA512-224
|
||||||
|
Input = "0123456789ABCDEF123456789ABC"
|
||||||
|
@@ -218,6 +220,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
|
||||||
|
# no padding
|
||||||
|
|
||||||
|
# Too small input
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Input = "0123456789ABCDEF123456789ABC"
|
||||||
|
@@ -225,6 +228,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
|
||||||
|
Result = KEYOP_ERROR
|
||||||
|
|
||||||
|
# Digest set before padding
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = digest:sha256
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
@@ -233,6 +237,7 @@ Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e37
|
||||||
|
Result = PKEY_CTRL_ERROR
|
||||||
|
|
||||||
|
# Digest set after padding
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Ctrl = digest:sha256
|
||||||
|
@@ -240,23 +245,27 @@ Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234567
|
||||||
|
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
|
||||||
|
Result = PKEY_CTRL_ERROR
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||||
|
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Input = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||||
|
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
|
||||||
|
|
||||||
|
# Plaintext modified
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Input = 0223456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||||
|
Output = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
|
||||||
|
Result = VERIFY_ERROR
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
VerifyRecover = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:none
|
||||||
|
Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e3775a85ae8ef75e000ca5498d772e3e797012ac8e462d72e567eb4afae0d1df72ffc84b3117045c58eb13aabb427fd6591577089dfa36d8d07ebd0670e4473683659b53b050c32397752cdee7c08de667f8de0ec01db01d440e433986e57ead2f877356b7d4985daf6c7ba09e46c061fe2372baa90cbd77557ef1143f46e27abf65c276f165a753e1f09e3719d1bfd8b32efe4aed2e97b502aa96ce472d3d91a09fae47b1a5103c448039ada73a57d7a001542bfb0b58c8b4bcb705a108a643434bb7ff997b58ba8b76425d7510aeff3e60f17af82191500517653fa5f3
|
||||||
|
@@ -370,6 +379,7 @@ rQPeR+HETwIDAQAB
|
||||||
|
PrivPubKeyPair = RSA-PSS:RSA-PSS-BAD2
|
||||||
|
|
||||||
|
# Zero salt length makes output deterministic
|
||||||
|
+Availablein = default
|
||||||
|
Sign = RSA-2048
|
||||||
|
Ctrl = digest:sha256
|
||||||
|
Ctrl = rsa_padding_mode:pss
|
||||||
|
@@ -378,6 +388,7 @@ Input="0123456789ABCDEF0123456789ABCDEF"
|
||||||
|
Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
|
||||||
|
|
||||||
|
# Verify of above signature
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:pss
|
||||||
|
Ctrl = rsa_pss_saltlen:0
|
||||||
|
@@ -395,6 +406,7 @@ Input="0123456789ABCDEF0123"
|
||||||
|
Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
|
||||||
|
|
||||||
|
# Digest too short
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:pss
|
||||||
|
Ctrl = rsa_pss_saltlen:0
|
||||||
|
@@ -404,6 +416,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
|
||||||
|
Result = VERIFY_ERROR
|
||||||
|
|
||||||
|
# Digest too long
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048-PUBLIC
|
||||||
|
Ctrl = rsa_padding_mode:pss
|
||||||
|
Ctrl = rsa_pss_saltlen:0
|
||||||
|
@@ -413,6 +426,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
|
||||||
|
Result = VERIFY_ERROR
|
||||||
|
|
||||||
|
# Wrong salt length
|
||||||
|
+Availablein = default
|
||||||
|
Verify = RSA-2048
|
||||||
|
Ctrl = rsa_padding_mode:pss
|
||||||
|
Ctrl = rsa_pss_saltlen:2
|
||||||
|
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||||
|
index 9e7c721eab..d32833f42c 100644
|
||||||
|
--- a/test/recipes/80-test_cms.t
|
||||||
|
+++ b/test/recipes/80-test_cms.t
|
||||||
|
@@ -72,7 +72,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
[ "signed content DER format, RSA key",
|
||||||
|
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
|
||||||
|
"-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
@@ -80,7 +80,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
[ "signed detached content DER format, RSA key",
|
||||||
|
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||||
|
"-signer", $smrsa1, "-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt",
|
||||||
|
"-content", $smcont ],
|
||||||
|
\&final_compare
|
||||||
|
@@ -90,7 +90,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
|
||||||
|
"-stream",
|
||||||
|
"-signer", $smrsa1, "-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
@@ -117,7 +117,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
||||||
|
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
|
||||||
|
"-signer", $smrsa1, "-out", "{output}2.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt",
|
||||||
|
"-content", $smcont ],
|
||||||
|
\&final_compare
|
||||||
|
@@ -140,20 +140,20 @@ my @smime_pkcs7_tests = (
|
||||||
|
"-signer", catfile($smdir, "smdsa1.pem"),
|
||||||
|
"-signer", catfile($smdir, "smdsa2.pem"),
|
||||||
|
"-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
|
||||||
|
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
|
||||||
|
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||||
|
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||||
|
"-noattr", "-nodetach", "-stream",
|
||||||
|
"-signer", $smrsa1,
|
||||||
|
"-signer", catfile($smdir, "smrsa2.pem"),
|
||||||
|
"-signer", catfile($smdir, "smdsa1.pem"),
|
||||||
|
"-signer", catfile($smdir, "smdsa2.pem"),
|
||||||
|
"-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
"-signer", catfile($smdir, "smdsa1.pem"),
|
||||||
|
"-signer", catfile($smdir, "smdsa2.pem"),
|
||||||
|
"-stream", "-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
@@ -194,7 +194,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
"-signer", catfile($smdir, "smdsa1.pem"),
|
||||||
|
"-signer", catfile($smdir, "smdsa2.pem"),
|
||||||
|
"-stream", "-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
@@ -504,11 +504,11 @@ my @smime_cms_param_tests = (
|
||||||
|
],
|
||||||
|
|
||||||
|
[ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
|
||||||
|
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
|
||||||
|
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
|
||||||
|
"-noattr", "-signer", $smrsa1,
|
||||||
|
"-keyopt", "rsa_padding_mode:pss",
|
||||||
|
"-out", "{output}.cms" ],
|
||||||
|
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
|
||||||
|
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
|
||||||
|
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
10
openssl.spec
10
openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.1
|
Version: 3.0.1
|
||||||
Release: 30%{?dist}
|
Release: 31%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -116,6 +116,9 @@ Patch57: 0057-strcasecmp-fix.patch
|
|||||||
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
|
||||||
Patch60: 0060-FIPS-KAT-signature-tests.patch
|
Patch60: 0060-FIPS-KAT-signature-tests.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
||||||
|
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||||
|
Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -446,6 +449,11 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
|
||||||
|
- Disable SHA-1 signature verification in FIPS mode
|
||||||
|
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
|
||||||
|
Resolves: rhbz#2087147
|
||||||
|
|
||||||
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
|
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
|
||||||
- Use KAT for ECDSA signature tests
|
- Use KAT for ECDSA signature tests
|
||||||
- Resolves: rhbz#2069235
|
- Resolves: rhbz#2069235
|
||||||
|
Loading…
Reference in New Issue
Block a user