forked from rpms/openssl
Synchronize patches from CentOS stream
This commit is contained in:
parent
c73a6ab930
commit
e52367af47
@ -1,20 +1,19 @@
|
||||
From e65f698d59fc71300d3e49492f9ef899b7209e5f Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 11/35] 0011-Remove-EC-curves.patch
|
||||
From 4a275f852b61238161c053774736dc07b3ade200 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 11:46:40 +0200
|
||||
Subject: [PATCH 11/48] 0011-Remove-EC-curves.patch
|
||||
|
||||
Patch-name: 0011-Remove-EC-curves.patch
|
||||
Patch-id: 11
|
||||
Patch-status: |
|
||||
# remove unsupported EC curves
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
apps/speed.c | 8 +---
|
||||
crypto/evp/ec_support.c | 76 ------------------------------------
|
||||
test/acvp_test.inc | 9 -----
|
||||
test/ecdsatest.h | 17 --------
|
||||
test/recipes/15-test_genec.t | 27 -------------
|
||||
5 files changed, 1 insertion(+), 136 deletions(-)
|
||||
crypto/evp/ec_support.c | 87 ------------------------------------
|
||||
test/acvp_test.inc | 9 ----
|
||||
test/ecdsatest.h | 17 -------
|
||||
test/recipes/15-test_genec.t | 27 -----------
|
||||
5 files changed, 1 insertion(+), 147 deletions(-)
|
||||
|
||||
diff --git a/apps/speed.c b/apps/speed.c
|
||||
index cace25eda1..d527f12f18 100644
|
||||
@ -57,7 +56,7 @@ index cace25eda1..d527f12f18 100644
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
|
||||
index 1ec10143d2..8fe774140f 100644
|
||||
index 1ec10143d2..82b95294b4 100644
|
||||
--- a/crypto/evp/ec_support.c
|
||||
+++ b/crypto/evp/ec_support.c
|
||||
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
|
||||
@ -159,6 +158,24 @@ index 1ec10143d2..8fe774140f 100644
|
||||
};
|
||||
|
||||
const char *OSSL_EC_curve_nid2name(int nid)
|
||||
@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name)
|
||||
/* Functions to translate between common NIST curve names and NIDs */
|
||||
|
||||
static const EC_NAME2NID nist_curves[] = {
|
||||
- {"B-163", NID_sect163r2},
|
||||
- {"B-233", NID_sect233r1},
|
||||
- {"B-283", NID_sect283r1},
|
||||
- {"B-409", NID_sect409r1},
|
||||
- {"B-571", NID_sect571r1},
|
||||
- {"K-163", NID_sect163k1},
|
||||
- {"K-233", NID_sect233k1},
|
||||
- {"K-283", NID_sect283k1},
|
||||
- {"K-409", NID_sect409k1},
|
||||
- {"K-571", NID_sect571k1},
|
||||
- {"P-192", NID_X9_62_prime192v1},
|
||||
{"P-224", NID_secp224r1},
|
||||
{"P-256", NID_X9_62_prime256v1},
|
||||
{"P-384", NID_secp384r1},
|
||||
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
|
||||
index ad11d3ae1e..894a0bff9d 100644
|
||||
--- a/test/acvp_test.inc
|
||||
|
@ -1,30 +1,30 @@
|
||||
From 8c6dffe2347fc801a2b285d79dd99b8739414bc3 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 16/35] 0032-Force-fips.patch
|
||||
From 2c110cf5551a3869514e697d8dc06682b62ca57d Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 11:59:02 +0200
|
||||
Subject: [PATCH 16/48] 0032-Force-fips.patch
|
||||
|
||||
Patch-name: 0032-Force-fips.patch
|
||||
Patch-id: 32
|
||||
Patch-status: |
|
||||
# We load FIPS provider and set FIPS properties implicitly
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/provider_conf.c | 13 ++++++++++++-
|
||||
1 file changed, 12 insertions(+), 1 deletion(-)
|
||||
crypto/provider_conf.c | 28 +++++++++++++++++++++++++++-
|
||||
1 file changed, 27 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
|
||||
index 058fb58837..ad0b29c954 100644
|
||||
index 058fb58837..5274265a70 100644
|
||||
--- a/crypto/provider_conf.c
|
||||
+++ b/crypto/provider_conf.c
|
||||
@@ -10,6 +10,7 @@
|
||||
@@ -10,6 +10,8 @@
|
||||
#include <string.h>
|
||||
#include <openssl/trace.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <unistd.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/safestack.h>
|
||||
#include <openssl/provider.h>
|
||||
@@ -169,7 +170,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
|
||||
@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
|
||||
if (path != NULL)
|
||||
ossl_provider_set_module_path(prov, path);
|
||||
|
||||
@ -33,14 +33,28 @@ index 058fb58837..ad0b29c954 100644
|
||||
|
||||
if (ok) {
|
||||
if (!ossl_provider_activate(prov, 1, 0)) {
|
||||
@@ -309,6 +310,16 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
|
||||
@@ -309,6 +311,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
||||
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf"
|
||||
+
|
||||
+ if (access(FIPS_LOCAL_CONF, R_OK) == 0) {
|
||||
+ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
|
||||
+ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
|
||||
+ NCONF_free(fips_conf);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ NCONF_free(fips_conf);
|
||||
+ } else {
|
||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
||||
|
@ -1,21 +1,23 @@
|
||||
From bdf751d87be5dfb3164264ebcdbc0c0374d3eabf Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 20/35] 0044-FIPS-140-3-keychecks.patch
|
||||
From b300beb172d5813b01b93bfd62fe191f8187fe1e Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 12:05:23 +0200
|
||||
Subject: [PATCH 20/48] 0044-FIPS-140-3-keychecks.patch
|
||||
|
||||
Patch-name: 0044-FIPS-140-3-keychecks.patch
|
||||
Patch-id: 44
|
||||
Patch-status: |
|
||||
# Extra public/private key checks required by FIPS-140-3
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/dh/dh_key.c | 28 ++++++++++++
|
||||
crypto/rsa/rsa_gen.c | 44 ++++++++-----------
|
||||
crypto/dh/dh_key.c | 26 ++++++++++
|
||||
.../implementations/exchange/ecdh_exch.c | 19 ++++++++
|
||||
3 files changed, 65 insertions(+), 26 deletions(-)
|
||||
providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++-
|
||||
providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
|
||||
.../implementations/signature/ecdsa_sig.c | 37 +++++++++++++--
|
||||
providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
|
||||
6 files changed, 162 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index 4e9705beef..cb9e641f54 100644
|
||||
index 4e9705beef..83773cceea 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
@ -52,7 +54,7 @@ index 4e9705beef..cb9e641f54 100644
|
||||
|
||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||
@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
|
||||
@@ -354,8 +367,21 @@ static int generate_key(DH *dh)
|
||||
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
|
||||
goto err;
|
||||
|
||||
@ -67,97 +69,13 @@ index 4e9705beef..cb9e641f54 100644
|
||||
dh->priv_key = priv_key;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (ossl_dh_check_pairwise(dh) <= 0) {
|
||||
+ dh->pub_key = dh->priv_key = NULL;
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||
+ goto err;
|
||||
+ abort();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
dh->dirty_cnt++;
|
||||
ok = 1;
|
||||
err:
|
||||
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
|
||||
index e0d139d312..de9cedb64b 100644
|
||||
--- a/crypto/rsa/rsa_gen.c
|
||||
+++ b/crypto/rsa/rsa_gen.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include <time.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/bn.h>
|
||||
+#include <openssl/obj_mac.h>
|
||||
#include <openssl/self_test.h>
|
||||
#include "prov/providercommon.h"
|
||||
#include "rsa_local.h"
|
||||
@@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
|
||||
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
|
||||
{
|
||||
int ret = 0;
|
||||
- unsigned int ciphertxt_len;
|
||||
- unsigned char *ciphertxt = NULL;
|
||||
- const unsigned char plaintxt[16] = {0};
|
||||
- unsigned char *decoded = NULL;
|
||||
- unsigned int decoded_len;
|
||||
- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len);
|
||||
- int padding = RSA_PKCS1_PADDING;
|
||||
+ unsigned int signature_len;
|
||||
+ unsigned char *signature = NULL;
|
||||
OSSL_SELF_TEST *st = NULL;
|
||||
+ static const unsigned char dgst[] = {
|
||||
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
|
||||
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
|
||||
+ };
|
||||
|
||||
st = OSSL_SELF_TEST_new(cb, cbarg);
|
||||
if (st == NULL)
|
||||
goto err;
|
||||
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
|
||||
+ /* No special name for RSA signature PCT*/
|
||||
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
|
||||
|
||||
- ciphertxt_len = RSA_size(rsa);
|
||||
- /*
|
||||
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
|
||||
- * parameter to be a maximum of RSA_size() - allocate space for both.
|
||||
- */
|
||||
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
|
||||
- if (ciphertxt == NULL)
|
||||
+ signature_len = RSA_size(rsa);
|
||||
+ signature = OPENSSL_zalloc(signature_len);
|
||||
+ if (signature == NULL)
|
||||
goto err;
|
||||
- decoded = ciphertxt + ciphertxt_len;
|
||||
|
||||
- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa,
|
||||
- padding);
|
||||
- if (ciphertxt_len <= 0)
|
||||
+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0)
|
||||
goto err;
|
||||
- if (ciphertxt_len == plaintxt_len
|
||||
- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0)
|
||||
+
|
||||
+ if (signature_len <= 0)
|
||||
goto err;
|
||||
|
||||
- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt);
|
||||
+ OSSL_SELF_TEST_oncorrupt_byte(st, signature);
|
||||
|
||||
- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa,
|
||||
- padding);
|
||||
- if (decoded_len != plaintxt_len
|
||||
- || memcmp(decoded, plaintxt, decoded_len) != 0)
|
||||
+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0)
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
OSSL_SELF_TEST_onend(st, ret);
|
||||
OSSL_SELF_TEST_free(st);
|
||||
- OPENSSL_free(ciphertxt);
|
||||
+ OPENSSL_free(signature);
|
||||
|
||||
return ret;
|
||||
}
|
||||
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
|
||||
index 43caedb6df..73873f9758 100644
|
||||
--- a/providers/implementations/exchange/ecdh_exch.c
|
||||
@ -188,6 +106,283 @@ index 43caedb6df..73873f9758 100644
|
||||
|
||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
||||
|
||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
index a37cbbdba8..bca3f3c674 100644
|
||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
@@ -989,8 +989,17 @@ struct ec_gen_ctx {
|
||||
int selection;
|
||||
int ecdh_mode;
|
||||
EC_GROUP *gen_group;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ void *ecdsa_sig_ctx;
|
||||
+#endif
|
||||
};
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+void *ecdsa_newctx(void *provctx, const char *propq);
|
||||
+void ecdsa_freectx(void *vctx);
|
||||
+int do_ec_pct(void *, const char *, void *);
|
||||
+#endif
|
||||
+
|
||||
static void *ec_gen_init(void *provctx, int selection,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -1009,6 +1018,10 @@ static void *ec_gen_init(void *provctx, int selection,
|
||||
gctx = NULL;
|
||||
}
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (gctx != NULL)
|
||||
+ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL);
|
||||
+#endif
|
||||
return gctx;
|
||||
}
|
||||
|
||||
@@ -1279,6 +1292,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||
|
||||
if (gctx->ecdh_mode != -1)
|
||||
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* Pairwise consistency test */
|
||||
+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
|
||||
+ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
|
||||
+ abort();
|
||||
+#endif
|
||||
|
||||
if (gctx->group_check != NULL)
|
||||
ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check);
|
||||
@@ -1348,7 +1367,10 @@ static void ec_gen_cleanup(void *genctx)
|
||||
|
||||
if (gctx == NULL)
|
||||
return;
|
||||
-
|
||||
+#ifdef FIPS_MODULE
|
||||
+ ecdsa_freectx(gctx->ecdsa_sig_ctx);
|
||||
+ gctx->ecdsa_sig_ctx = NULL;
|
||||
+#endif
|
||||
EC_GROUP_free(gctx->gen_group);
|
||||
BN_free(gctx->p);
|
||||
BN_free(gctx->a);
|
||||
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
index 3ba12c4889..ff49f8fcd8 100644
|
||||
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
|
||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||
/* ACVP test parameters */
|
||||
OSSL_PARAM *acvp_test_params;
|
||||
+ void *prov_rsa_ctx;
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
|
||||
return gctx->cb(params, gctx->cbarg);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+void *rsa_newctx(void *provctx, const char *propq);
|
||||
+void rsa_freectx(void *vctx);
|
||||
+int do_rsa_pct(void *, const char *, void *);
|
||||
+#endif
|
||||
+
|
||||
static void *gen_init(void *provctx, int selection, int rsa_type,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
|
||||
|
||||
if (!rsa_gen_set_params(gctx, params))
|
||||
goto err;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (gctx != NULL)
|
||||
+ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL);
|
||||
+#endif
|
||||
return gctx;
|
||||
|
||||
err:
|
||||
@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||
|
||||
rsa = rsa_tmp;
|
||||
rsa_tmp = NULL;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* Pairwise consistency test */
|
||||
+ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
|
||||
+ abort();
|
||||
+#endif
|
||||
err:
|
||||
BN_GENCB_free(gencb);
|
||||
RSA_free(rsa_tmp);
|
||||
@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx)
|
||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||
ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
|
||||
gctx->acvp_test_params = NULL;
|
||||
+ rsa_freectx(gctx->prov_rsa_ctx);
|
||||
+ gctx->prov_rsa_ctx = NULL;
|
||||
#endif
|
||||
BN_clear_free(gctx->pub_exp);
|
||||
OPENSSL_free(gctx);
|
||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
||||
index 865d49d100..ebeb30e002 100644
|
||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
||||
@@ -32,7 +32,7 @@
|
||||
#include "crypto/ec.h"
|
||||
#include "prov/der_ec.h"
|
||||
|
||||
-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
|
||||
+OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
|
||||
static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
|
||||
static OSSL_FUNC_signature_sign_fn ecdsa_sign;
|
||||
@@ -43,7 +43,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
|
||||
static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
|
||||
static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
|
||||
static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
|
||||
-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
|
||||
+OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
|
||||
static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
|
||||
static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
|
||||
static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
|
||||
@@ -104,7 +104,7 @@ typedef struct {
|
||||
#endif
|
||||
} PROV_ECDSA_CTX;
|
||||
|
||||
-static void *ecdsa_newctx(void *provctx, const char *propq)
|
||||
+void *ecdsa_newctx(void *provctx, const char *propq)
|
||||
{
|
||||
PROV_ECDSA_CTX *ctx;
|
||||
|
||||
@@ -370,7 +370,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
|
||||
return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen);
|
||||
}
|
||||
|
||||
-static void ecdsa_freectx(void *vctx)
|
||||
+void ecdsa_freectx(void *vctx)
|
||||
{
|
||||
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
|
||||
|
||||
@@ -581,6 +581,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
|
||||
return EVP_MD_settable_ctx_params(ctx->md);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+int do_ec_pct(void *vctx, const char *mdname, void *ec)
|
||||
+{
|
||||
+ static const unsigned char data[32];
|
||||
+ unsigned char sigbuf[256];
|
||||
+ size_t siglen = sizeof(sigbuf);
|
||||
+
|
||||
+ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
|
||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
|
||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index cd5de6bd51..d4261e8f7d 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -34,7 +34,7 @@
|
||||
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||
|
||||
-static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
+OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||
static OSSL_FUNC_signature_verify_init_fn rsa_verify_init;
|
||||
static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init;
|
||||
@@ -47,7 +47,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final;
|
||||
static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init;
|
||||
static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_signverify_update;
|
||||
static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final;
|
||||
-static OSSL_FUNC_signature_freectx_fn rsa_freectx;
|
||||
+OSSL_FUNC_signature_freectx_fn rsa_freectx;
|
||||
static OSSL_FUNC_signature_dupctx_fn rsa_dupctx;
|
||||
static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params;
|
||||
static OSSL_FUNC_signature_gettable_ctx_params_fn rsa_gettable_ctx_params;
|
||||
@@ -170,7 +170,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen)
|
||||
return 1;
|
||||
}
|
||||
|
||||
-static void *rsa_newctx(void *provctx, const char *propq)
|
||||
+void *rsa_newctx(void *provctx, const char *propq)
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = NULL;
|
||||
char *propq_copy = NULL;
|
||||
@@ -977,7 +977,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
|
||||
return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen);
|
||||
}
|
||||
|
||||
-static void rsa_freectx(void *vprsactx)
|
||||
+void rsa_freectx(void *vprsactx)
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
|
||||
@@ -1455,6 +1455,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
|
||||
return EVP_MD_settable_ctx_params(prsactx->md);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
|
||||
+{
|
||||
+ static const unsigned char data[32];
|
||||
+ unsigned char *sigbuf = NULL;
|
||||
+ size_t siglen = 0;
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
|
||||
+ goto err;
|
||||
+ ret = 1;
|
||||
+
|
||||
+ err:
|
||||
+ OPENSSL_free(sigbuf);
|
||||
+ return ret;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
|
||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
|
||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
@ -1,20 +1,19 @@
|
||||
From 8da97ba910507ea36fecd374ab896f80d150a7e7 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 21/35] 0045-FIPS-services-minimize.patch
|
||||
From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 12:55:57 +0200
|
||||
Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch
|
||||
|
||||
Patch-name: 0045-FIPS-services-minimize.patch
|
||||
Patch-id: 45
|
||||
Patch-status: |
|
||||
# Minimize fips services
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
apps/ecparam.c | 3 ++
|
||||
apps/ecparam.c | 7 +++
|
||||
apps/req.c | 2 +-
|
||||
providers/common/capabilities.c | 2 +-
|
||||
providers/fips/fipsprov.c | 45 +++++++++++--------
|
||||
providers/fips/self_test_data.inc | 12 +++--
|
||||
providers/implementations/signature/rsa_sig.c | 13 ++++++
|
||||
providers/fips/fipsprov.c | 44 +++++++++++--------
|
||||
providers/fips/self_test_data.inc | 9 +++-
|
||||
providers/implementations/signature/rsa_sig.c | 26 +++++++++++
|
||||
ssl/ssl_ciph.c | 3 ++
|
||||
test/acvp_test.c | 2 +
|
||||
test/endecode_test.c | 4 ++
|
||||
@ -22,20 +21,24 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
test/recipes/15-test_gendsa.t | 2 +-
|
||||
test/recipes/20-test_cli_fips.t | 3 +-
|
||||
test/recipes/30-test_evp.t | 16 +++----
|
||||
.../30-test_evp_data/evpmac_common.txt | 22 +++++++++
|
||||
test/recipes/80-test_cms.t | 22 ++++-----
|
||||
.../30-test_evp_data/evpmac_common.txt | 22 ++++++++++
|
||||
test/recipes/80-test_cms.t | 22 +++++-----
|
||||
test/recipes/80-test_ssl_old.t | 2 +-
|
||||
16 files changed, 112 insertions(+), 50 deletions(-)
|
||||
16 files changed, 128 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/apps/ecparam.c b/apps/ecparam.c
|
||||
index 9e9ad13683..fc125a45c9 100644
|
||||
index 9e9ad13683..9c66cf2434 100644
|
||||
--- a/apps/ecparam.c
|
||||
+++ b/apps/ecparam.c
|
||||
@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out)
|
||||
@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
|
||||
const char *comment = curves[n].comment;
|
||||
const char *sname = OBJ_nid2sn(curves[n].nid);
|
||||
|
||||
+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL))
|
||||
+ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL))
|
||||
+ continue;
|
||||
+
|
||||
if (comment == NULL)
|
||||
@ -70,7 +73,7 @@ index ed37e76969..eb836dfa6a 100644
|
||||
# ifndef OPENSSL_NO_DH
|
||||
/* Security bit values for FFDHE groups are as per RFC 7919 */
|
||||
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
|
||||
index 518226dfc6..73bb96dece 100644
|
||||
index 518226dfc6..29438faea8 100644
|
||||
--- a/providers/fips/fipsprov.c
|
||||
+++ b/providers/fips/fipsprov.c
|
||||
@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
|
||||
@ -111,8 +114,8 @@ index 518226dfc6..73bb96dece 100644
|
||||
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
|
||||
+ /* We don't certify 3DES in our FIPS provider */
|
||||
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
||||
+ /* UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||
+ UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
||||
#endif /* OPENSSL_NO_DES */
|
||||
{ { NULL, NULL, NULL }, NULL }
|
||||
};
|
||||
@ -140,7 +143,7 @@ index 518226dfc6..73bb96dece 100644
|
||||
#endif
|
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
|
||||
ossl_kdf_tls1_prf_keyexch_functions },
|
||||
@@ -420,13 +424,14 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
|
||||
@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
|
||||
|
||||
static const OSSL_ALGORITHM fips_signature[] = {
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
@ -151,15 +154,15 @@ index 518226dfc6..73bb96dece 100644
|
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
|
||||
#ifndef OPENSSL_NO_EC
|
||||
- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
|
||||
- ossl_ed25519_signature_functions },
|
||||
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
|
||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
||||
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
||||
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
|
||||
+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
|
||||
ossl_ed25519_signature_functions },
|
||||
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
|
||||
+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, */
|
||||
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
|
||||
#endif
|
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
|
||||
@@ -456,8 +461,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
PROV_DESCS_DHX },
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
@ -171,7 +174,7 @@ index 518226dfc6..73bb96dece 100644
|
||||
#endif
|
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
|
||||
PROV_DESCS_RSA },
|
||||
@@ -466,14 +472,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
|
||||
PROV_DESCS_EC },
|
||||
@ -190,7 +193,7 @@ index 518226dfc6..73bb96dece 100644
|
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
|
||||
PROV_DESCS_TLS1_PRF_SIGN },
|
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||
index 2057378d3d..e0fdc0daa4 100644
|
||||
index 2057378d3d..4b80bb70b9 100644
|
||||
--- a/providers/fips/self_test_data.inc
|
||||
+++ b/providers/fips/self_test_data.inc
|
||||
@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
|
||||
@ -221,18 +224,15 @@ index 2057378d3d..e0fdc0daa4 100644
|
||||
static const unsigned char dsa_p[] = {
|
||||
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
|
||||
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
|
||||
@@ -1589,8 +1591,8 @@ static const ST_KAT_PARAM dsa_key[] = {
|
||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
|
||||
@@ -1590,6 +1592,7 @@ static const ST_KAT_PARAM dsa_key[] = {
|
||||
ST_KAT_PARAM_END()
|
||||
};
|
||||
-#endif /* OPENSSL_NO_DSA */
|
||||
-
|
||||
+#endif
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
+#endif
|
||||
|
||||
/* Hash DRBG inputs for signature KATs */
|
||||
static const unsigned char sig_kat_entropyin[] = {
|
||||
0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
|
||||
@@ -1642,6 +1644,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
},
|
||||
# endif
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
@ -240,7 +240,7 @@ index 2057378d3d..e0fdc0daa4 100644
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{
|
||||
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
||||
@@ -1654,6 +1657,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
ITM(dsa_expected_sig)
|
||||
},
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
@ -249,10 +249,30 @@ index 2057378d3d..e0fdc0daa4 100644
|
||||
|
||||
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index cd5de6bd51..07824e558c 100644
|
||||
index d4261e8f7d..2a5504d104 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -777,6 +777,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
|
||||
@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx,
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
int ret;
|
||||
+# ifdef FIPS_MODULE
|
||||
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
||||
+
|
||||
+ if (rsabits < 2048) {
|
||||
+ if (rsabits != 1024
|
||||
+ && rsabits != 1280
|
||||
+ && rsabits != 1536
|
||||
+ && rsabits != 1792) {
|
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+# endif
|
||||
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
size_t rslen;
|
||||
@ -401,7 +421,7 @@ index 6d3c5ba1bb..2ba47b5fca 100644
|
||||
subtest DSA => sub {
|
||||
my $testtext_prefix = 'DSA';
|
||||
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
|
||||
index 9d7040ced2..3be2549cb5 100644
|
||||
index 9d7040ced2..f8beb538d4 100644
|
||||
--- a/test/recipes/30-test_evp.t
|
||||
+++ b/test/recipes/30-test_evp.t
|
||||
@@ -42,10 +42,8 @@ my @files = qw(
|
||||
@ -428,16 +448,20 @@ index 9d7040ced2..3be2549cb5 100644
|
||||
push @files, qw(
|
||||
evppkey_ecc.txt
|
||||
evppkey_ecdh.txt
|
||||
@@ -91,6 +83,8 @@ my @defltfiles = qw(
|
||||
@@ -91,6 +83,7 @@ my @defltfiles = qw(
|
||||
evpciph_cast5.txt
|
||||
evpciph_chacha.txt
|
||||
evpciph_des.txt
|
||||
+ evpciph_des3_common.txt
|
||||
+ evpkdf_kbkdf_kmac.txt
|
||||
evpciph_idea.txt
|
||||
evpciph_rc2.txt
|
||||
evpciph_rc4.txt
|
||||
@@ -118,6 +112,12 @@ my @defltfiles = qw(
|
||||
@@ -114,10 +107,17 @@ my @defltfiles = qw(
|
||||
evpmd_whirlpool.txt
|
||||
evppbe_scrypt.txt
|
||||
evppbe_pkcs12.txt
|
||||
+ evpkdf_kbkdf_kmac.txt
|
||||
evppkey_kdf_scrypt.txt
|
||||
evppkey_kdf_tls1_prf.txt
|
||||
evppkey_rsa.txt
|
||||
);
|
||||
|
@ -1,44 +1,13 @@
|
||||
From 51d52096122cc73413d55aac06d5e0641f58ffcb Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Mon, 21 Feb 2022 17:24:44 +0100
|
||||
Subject: [PATCH] Allow disabling of SHA1 signatures
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 13:07:07 +0200
|
||||
Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch
|
||||
|
||||
NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to
|
||||
denying SHA1 signatures. On Fedora, the default is – for now – to allow
|
||||
SHA1 signatures.
|
||||
|
||||
In order to phase out SHA1 signatures, introduce a new configuration
|
||||
option in the alg_section named 'rh-allow-sha1-signatures'. This option
|
||||
defaults to true. If set to false, any signature creation or
|
||||
verification operations that involve SHA1 as digest will fail.
|
||||
|
||||
This also affects TLS, where the signature_algorithms extension of any
|
||||
ClientHello message sent by OpenSSL will no longer include signatures
|
||||
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
|
||||
that request a client certificate, the same also applies for
|
||||
CertificateRequest messages sent by them.
|
||||
|
||||
For signatures created using the EVP_PKEY API, this is a best-effort
|
||||
check that will deny signatures in cases where the digest algorithm is
|
||||
known. This means, for example, that that following steps will still
|
||||
work:
|
||||
|
||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
||||
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
|
||||
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
|
||||
|
||||
whereas these will not:
|
||||
|
||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
||||
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
|
||||
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
|
||||
|
||||
This happens because in the first case, OpenSSL's signature
|
||||
implementation does not know that it is signing a SHA1 hash (it could be
|
||||
signing arbitrary data).
|
||||
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
|
||||
Patch-id: 49
|
||||
Patch-status: |
|
||||
# Selectively disallow SHA1 signatures rhbz#2070977
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/context.c | 14 ++++
|
||||
crypto/evp/evp_cnf.c | 13 +++
|
||||
@ -58,10 +27,10 @@ signing arbitrary data).
|
||||
15 files changed, 209 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/crypto/context.c b/crypto/context.c
|
||||
index e294ea1512..ab6abf44ab 100644
|
||||
index 51002ba79a..e697974c9d 100644
|
||||
--- a/crypto/context.c
|
||||
+++ b/crypto/context.c
|
||||
@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
|
||||
@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st {
|
||||
void *fips_prov;
|
||||
#endif
|
||||
|
||||
@ -70,7 +39,7 @@ index e294ea1512..ab6abf44ab 100644
|
||||
unsigned int ischild:1;
|
||||
};
|
||||
|
||||
@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
|
||||
@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
|
||||
goto err;
|
||||
#endif
|
||||
|
||||
@ -81,7 +50,7 @@ index e294ea1512..ab6abf44ab 100644
|
||||
/* Low priority. */
|
||||
#ifndef FIPS_MODULE
|
||||
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
|
||||
@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
|
||||
@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -93,7 +62,7 @@ index e294ea1512..ab6abf44ab 100644
|
||||
/* Low priority. */
|
||||
#ifndef FIPS_MODULE
|
||||
if (ctx->child_provider != NULL) {
|
||||
@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
|
||||
@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
|
||||
return ctx->fips_prov;
|
||||
#endif
|
||||
|
||||
@ -265,10 +234,10 @@ index ce6e1a1ccb..003926247b 100644
|
||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
||||
|
||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
||||
index 8d312c661f..979683e0a5 100644
|
||||
index bd05736220..ed34ff4b9c 100644
|
||||
--- a/doc/man5/config.pod
|
||||
+++ b/doc/man5/config.pod
|
||||
@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
|
||||
@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning:
|
||||
The value may be anything that is acceptable as a property query
|
||||
string for EVP_set_default_properties().
|
||||
|
||||
@ -433,7 +402,7 @@ index 70d0ea5d24..3c482e0181 100644
|
||||
if (md == NULL || md_nid < 0) {
|
||||
if (md == NULL)
|
||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
||||
index 865d49d100..99b228e82c 100644
|
||||
index ebeb30e002..c874f87bd5 100644
|
||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
||||
@ -449,7 +418,7 @@ index 865d49d100..99b228e82c 100644
|
||||
sha1_allowed);
|
||||
if (md_nid < 0) {
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index cd5de6bd51..25a51df878 100644
|
||||
index 2a5504d104..5f3a029566 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -25,6 +25,7 @@
|
||||
@ -466,7 +435,7 @@ index cd5de6bd51..25a51df878 100644
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
|
||||
|
||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
||||
|
||||
@ -486,7 +455,7 @@ index cd5de6bd51..25a51df878 100644
|
||||
|
||||
if (md == NULL
|
||||
|| md_nid <= 0
|
||||
@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
prsactx->pad_mode = pad_mode;
|
||||
|
||||
if (prsactx->md == NULL && pmdname == NULL
|
||||
@ -552,5 +521,5 @@ index 9cb8a4dda2..feb660d030 100644
|
||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||
--
|
||||
2.40.1
|
||||
2.41.0
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 7a6ade7947ceea6ca367afa0427f61a9505e37a5 Mon Sep 17 00:00:00 2001
|
||||
From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 26/35] 0058-FIPS-limit-rsa-encrypt.patch
|
||||
Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch
|
||||
|
||||
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
|
||||
Patch-id: 58
|
||||
@ -31,7 +31,7 @@ index e534ad0a5f..c017c658e5 100644
|
||||
{
|
||||
int protect = 0;
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||
index d865968058..9cd8904131 100644
|
||||
index d865968058..872967bcb3 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
|
||||
@ -41,7 +41,7 @@ index d865968058..9cd8904131 100644
|
||||
+# ifdef FIPS_MODULE
|
||||
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
|
||||
+{
|
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING
|
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING || prsactx->pad_mode == RSA_NO_PADDING
|
||||
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
|
||||
+ return 0;
|
||||
+
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 4b59d71e276243615d8fcc65bab32d83e6a602ad Mon Sep 17 00:00:00 2001
|
||||
From 89c00cc67b9b34bc94f9dc3a9fce9374bbaade03 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:29 +0200
|
||||
Subject: [PATCH 32/35] 0076-FIPS-140-3-DRBG.patch
|
||||
Subject: [PATCH 32/48] 0076-FIPS-140-3-DRBG.patch
|
||||
|
||||
Patch-name: 0076-FIPS-140-3-DRBG.patch
|
||||
Patch-id: 76
|
||||
@ -12,9 +12,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/rand/prov_seed.c | 9 ++-
|
||||
providers/implementations/rands/crngt.c | 6 +-
|
||||
providers/implementations/rands/drbg.c | 3 +
|
||||
providers/implementations/rands/drbg.c | 11 +++-
|
||||
providers/implementations/rands/drbg_local.h | 2 +-
|
||||
.../implementations/rands/seeding/rand_unix.c | 64 ++-----------------
|
||||
4 files changed, 20 insertions(+), 62 deletions(-)
|
||||
5 files changed, 28 insertions(+), 64 deletions(-)
|
||||
|
||||
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
|
||||
index 96c499c957..61c4cd8779 100644
|
||||
@ -54,7 +55,7 @@ index fa4a2db14a..1f13fc759e 100644
|
||||
bytes_needed = min_len;
|
||||
if (bytes_needed > max_len)
|
||||
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
|
||||
index ea55363bf8..423bb91157 100644
|
||||
index ea55363bf8..1b2410b3db 100644
|
||||
--- a/providers/implementations/rands/drbg.c
|
||||
+++ b/providers/implementations/rands/drbg.c
|
||||
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance,
|
||||
@ -67,6 +68,35 @@ index ea55363bf8..423bb91157 100644
|
||||
/* Reseed using our sources in addition */
|
||||
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
||||
drbg->min_entropylen, drbg->max_entropylen,
|
||||
@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
|
||||
reseed_required = 1;
|
||||
}
|
||||
if (drbg->parent != NULL
|
||||
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
|
||||
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/
|
||||
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
|
||||
+#else
|
||||
reseed_required = 1;
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
if (reseed_required || prediction_resistance) {
|
||||
if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0,
|
||||
diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
|
||||
index 3b5417b43b..d27c50950b 100644
|
||||
--- a/providers/implementations/rands/drbg_local.h
|
||||
+++ b/providers/implementations/rands/drbg_local.h
|
||||
@@ -38,7 +38,7 @@
|
||||
*
|
||||
* The value is in bytes.
|
||||
*/
|
||||
-#define CRNGT_BUFSIZ 16
|
||||
+#define CRNGT_BUFSIZ 32
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
|
||||
index cd02a0236d..98c917b6d8 100644
|
||||
--- a/providers/implementations/rands/seeding/rand_unix.c
|
||||
|
@ -1,119 +1,874 @@
|
||||
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Thu, 11 Aug 2022 09:27:12 +0200
|
||||
Subject: [PATCH] Add FIPS indicator parameter to HKDF
|
||||
From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:29 +0200
|
||||
Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
|
||||
NIST considers HKDF only acceptable when used as in TLS 1.3, and
|
||||
otherwise unapproved. Add an explicit indicator attached to the
|
||||
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
|
||||
determine whether the KDF operation was approved after performing it.
|
||||
|
||||
Related: rhbz#2114772
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
Patch-id: 78
|
||||
Patch-status: |
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/kdf.h | 4 ++
|
||||
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
|
||||
3 files changed, 58 insertions(+)
|
||||
include/crypto/evp.h | 7 ++
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/kdf.h | 4 +
|
||||
providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++-
|
||||
providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++--
|
||||
providers/implementations/kdfs/sshkdf.c | 75 +++++++++++++++-
|
||||
providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++-
|
||||
providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++-
|
||||
providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++-
|
||||
9 files changed, 487 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||
index dbbdcccbda..aa07153441 100644
|
||||
--- a/include/crypto/evp.h
|
||||
+++ b/include/crypto/evp.h
|
||||
@@ -219,6 +219,13 @@ struct evp_mac_st {
|
||||
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
|
||||
};
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
|
||||
+ * Additional Keys from a Cryptographic Key, "[t]he length of the
|
||||
+ * key-derivation key [i.e., the input key] shall be at least 112 bits". */
|
||||
+# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
|
||||
+#endif
|
||||
+
|
||||
struct evp_kdf_st {
|
||||
OSSL_PROVIDER *prov;
|
||||
int name_id;
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 21c94d0488..87786680d7 100644
|
||||
index c0cce14297..b431b9f871 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -223,6 +223,7 @@ extern "C" {
|
||||
@@ -226,6 +226,7 @@ extern "C" {
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
||||
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
|
||||
+#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||
|
||||
/* Known KDF names */
|
||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
|
||||
index 0983230a48..869f23d8fb 100644
|
||||
index 0983230a48..86171635ea 100644
|
||||
--- a/include/openssl/kdf.h
|
||||
+++ b/include/openssl/kdf.h
|
||||
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
|
||||
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
||||
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
||||
|
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
||||
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
|
||||
index afdb7138e1..9d28d292d8 100644
|
||||
index 5304baa6c9..f9c77f4236 100644
|
||||
--- a/providers/implementations/kdfs/hkdf.c
|
||||
+++ b/providers/implementations/kdfs/hkdf.c
|
||||
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
return 0;
|
||||
return OSSL_PARAM_set_size_t(p, sz);
|
||||
@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
|
||||
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
|
||||
static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
|
||||
static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
|
||||
+static OSSL_FUNC_kdf_newctx_fn kdf_tls1_3_new;
|
||||
static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
|
||||
static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
|
||||
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
|
||||
@@ -86,6 +87,10 @@ typedef struct {
|
||||
size_t data_len;
|
||||
unsigned char *info;
|
||||
size_t info_len;
|
||||
+ int is_tls13;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_HKDF;
|
||||
|
||||
static void *kdf_hkdf_new(void *provctx)
|
||||
@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
switch (ctx->mode) {
|
||||
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
||||
default:
|
||||
@@ -363,15 +373,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
size_t sz = kdf_hkdf_size(ctx);
|
||||
|
||||
- if (sz == 0)
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz))
|
||||
return 0;
|
||||
- return OSSL_PARAM_set_size_t(p, sz);
|
||||
}
|
||||
- return -2;
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params,
|
||||
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
|
||||
+ switch (ctx->mode) {
|
||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
||||
+ /* TLS 1.3 never uses extract-and-expand */
|
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ break;
|
||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
|
||||
+ {
|
||||
+ /* When TLS 1.3 uses extract, the following holds:
|
||||
+ * 1. The salt length matches the hash length, and either
|
||||
+ * 2.1. the key is all zeroes and matches the hash length, or
|
||||
+ * 2.2. the key originates from a PSK (resumption_master_secret
|
||||
+ * or some externally esablished key), or an ECDH or DH key
|
||||
+ * derivation. See
|
||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1.
|
||||
+ * Unfortunately at this point, we cannot verify where the key
|
||||
+ * comes from, so all we can do is check the salt length.
|
||||
+ */
|
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
|
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
||||
+ else
|
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
|
||||
+ != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (ctx->is_tls13) {
|
||||
+ if (md != NULL
|
||||
+ && !EVP_MD_is_a(md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(md, "SHA2-384")) {
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic
|
||||
+ * Module Validation Program, Section 2.4.B, (5): "The TLS 1.3
|
||||
+ * key derivation function documented in Section 7.1 of RFC
|
||||
+ * 8446. This is considered an approved CVL because the
|
||||
+ * underlying functions performed within the TLS 1.3 KDF map to
|
||||
+ * NIST approved standards, namely: SP 800-133rev2 (Section 6.3
|
||||
+ * Option #3), SP 800-56Crev2, and SP 800-108."
|
||||
+ *
|
||||
+ * RFC 8446 appendix B.4 only lists SHA-256 and SHA-384. */
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (md != NULL
|
||||
+ && (EVP_MD_is_a(md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(md, "SHAKE-256"))) {
|
||||
+ /* HKDF is a SP 800-56Cr2 TwoStep KDF, for which all SHA-1,
|
||||
+ * SHA-2 and SHA-3 are approved. SHAKE is not approved, because
|
||||
+ * of FIPS 140-3 IG, section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the
|
||||
+ * standalone algorithms." */
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ break;
|
||||
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
|
||||
+ /* When TLS 1.3 uses expand, it always provides a label that
|
||||
+ * contains an uint16 for the length, followed by between 7 and 255
|
||||
+ * bytes for a label string that starts with "tls13 " or "dtls13".
|
||||
+ * For compatibility with future versions, we only check for "tls"
|
||||
+ * or "dtls". See
|
||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and
|
||||
+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */
|
||||
+ if (ctx->label != NULL
|
||||
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
|
||||
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
|
||||
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
|
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
||||
+ else
|
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ break;
|
||||
+ }
|
||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return -2;
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -379,6 +452,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
@@ -709,6 +785,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static void *kdf_tls1_3_new(void *provctx)
|
||||
+{
|
||||
+ KDF_HKDF *hkdf = kdf_hkdf_new(provctx);
|
||||
+
|
||||
+ if (hkdf != NULL)
|
||||
+ hkdf->is_tls13 = 1;
|
||||
+
|
||||
+ return hkdf;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -724,6 +811,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
switch (ctx->mode) {
|
||||
default:
|
||||
return 0;
|
||||
@@ -801,7 +893,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
|
||||
}
|
||||
|
||||
const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
|
||||
- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new },
|
||||
+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_3_new },
|
||||
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup },
|
||||
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
|
||||
{ OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
|
||||
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
|
||||
index aa3df15bc7..3f82710061 100644
|
||||
--- a/providers/implementations/kdfs/kbkdf.c
|
||||
+++ b/providers/implementations/kdfs/kbkdf.c
|
||||
@@ -59,6 +59,9 @@ typedef struct {
|
||||
kbkdf_mode mode;
|
||||
EVP_MAC_CTX *ctx_init;
|
||||
|
||||
+ /* HMAC digest algorithm, if any; used to compute FIPS indicator */
|
||||
+ PROV_DIGEST digest;
|
||||
+
|
||||
/* Names are lowercased versions of those found in SP800-108. */
|
||||
int r;
|
||||
unsigned char *ki;
|
||||
@@ -72,6 +75,9 @@ typedef struct {
|
||||
int use_l;
|
||||
int is_kmac;
|
||||
int use_separator;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KBKDF;
|
||||
|
||||
/* Definitions needed for typechecking. */
|
||||
@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx)
|
||||
void *provctx = ctx->provctx;
|
||||
|
||||
EVP_MAC_CTX_free(ctx->ctx_init);
|
||||
+ ossl_prov_digest_reset(&ctx->digest);
|
||||
OPENSSL_clear_free(ctx->context, ctx->context_len);
|
||||
OPENSSL_clear_free(ctx->label, ctx->label_len);
|
||||
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
|
||||
@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
|
||||
if (h == 0)
|
||||
goto done;
|
||||
@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
|
||||
+ return 0;
|
||||
+
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
|
||||
if (p != NULL
|
||||
&& OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
|
||||
@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
|
||||
static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
|
||||
- if (p == NULL)
|
||||
+ if (p != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* KBKDF can produce results as large as you like. */
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ KBKDF *ctx = (KBKDF *)vctx;
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." Note that the digest is only used when the MAC
|
||||
+ * algorithm is HMAC. */
|
||||
+ if (ctx->ctx_init != NULL
|
||||
+ && EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC)) {
|
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||
+ if (md != NULL
|
||||
+ && (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
return -2;
|
||||
|
||||
- /* KBKDF can produce results as large as you like. */
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
ossl_unused void *provctx)
|
||||
{
|
||||
- static const OSSL_PARAM known_gettable_ctx_params[] =
|
||||
- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
|
||||
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ OSSL_PARAM_END
|
||||
+ };
|
||||
return known_gettable_ctx_params;
|
||||
}
|
||||
|
||||
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
|
||||
index 1afac4e477..389b82b714 100644
|
||||
--- a/providers/implementations/kdfs/sshkdf.c
|
||||
+++ b/providers/implementations/kdfs/sshkdf.c
|
||||
@@ -49,6 +49,9 @@ typedef struct {
|
||||
char type; /* X */
|
||||
unsigned char *session_id;
|
||||
size_t session_id_len;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_SSHKDF;
|
||||
|
||||
static void *kdf_sshkdf_new(void *provctx)
|
||||
@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return SSHKDF(md, ctx->key, ctx->key_len,
|
||||
ctx->xcghash, ctx->xcghash_len,
|
||||
ctx->session_id, ctx->session_id_len,
|
||||
@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
|
||||
static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ KDF_SSHKDF *ctx = vctx;
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms."
|
||||
+ *
|
||||
+ * Additionally, SP 800-135r1 section 5.2 specifies that the hash
|
||||
+ * function used in SSHKDF "is one of the hash functions specified in
|
||||
+ * FIPS 180-3.", which rules out SHA-3 and truncated variants of SHA-2.
|
||||
+ * */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA-1")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-224")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
|
||||
index ecb98de6fd..98fcc583d8 100644
|
||||
--- a/providers/implementations/kdfs/sskdf.c
|
||||
+++ b/providers/implementations/kdfs/sskdf.c
|
||||
@@ -63,6 +63,10 @@ typedef struct {
|
||||
size_t salt_len;
|
||||
size_t out_len; /* optional KMAC parameter */
|
||||
int is_kmac;
|
||||
+ int is_x963kdf;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_SSKDF;
|
||||
|
||||
#define SSKDF_MAX_INLEN (1<<30)
|
||||
@@ -73,6 +77,7 @@ typedef struct {
|
||||
static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
|
||||
|
||||
static OSSL_FUNC_kdf_newctx_fn sskdf_new;
|
||||
+static OSSL_FUNC_kdf_newctx_fn x963kdf_new;
|
||||
static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
|
||||
static OSSL_FUNC_kdf_freectx_fn sskdf_free;
|
||||
static OSSL_FUNC_kdf_reset_fn sskdf_reset;
|
||||
@@ -297,6 +302,16 @@ static void *sskdf_new(void *provctx)
|
||||
return ctx;
|
||||
}
|
||||
|
||||
+static void *x963kdf_new(void *provctx)
|
||||
+{
|
||||
+ KDF_SSKDF *ctx = sskdf_new(provctx);
|
||||
+
|
||||
+ if (ctx)
|
||||
+ ctx->is_x963kdf = 1;
|
||||
+
|
||||
+ return ctx;
|
||||
+}
|
||||
+
|
||||
static void sskdf_reset(void *vctx)
|
||||
{
|
||||
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
|
||||
@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
}
|
||||
md = ossl_prov_digest_md(&ctx->digest);
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
if (ctx->macctx != NULL) {
|
||||
/* H(x) = KMAC or H(x) = HMAC */
|
||||
int ret;
|
||||
@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||
ctx->info, ctx->info_len, 1, key, keylen);
|
||||
}
|
||||
@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx)))
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx));
|
||||
- return -2;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." */
|
||||
+ if (ctx->macctx == NULL
|
||||
+ || (ctx->macctx != NULL &&
|
||||
+ EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), OSSL_MAC_NAME_HMAC))) {
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ /* Table H-3 in ANS X9.63-2001 says that 160-bit hash functions
|
||||
+ * should only be used for 80-bit key agreement, but FIPS 140-3
|
||||
+ * requires a security strength of 112 bits, so SHA-1 cannot be
|
||||
+ * used with X9.63. See the discussion in
|
||||
+ * https://github.com/usnistgov/ACVP/issues/1403#issuecomment-1435300395.
|
||||
+ */
|
||||
+ if (ctx->is_x963kdf
|
||||
+ && ctx->digest.md != NULL
|
||||
+ && EVP_MD_is_a(ctx->digest.md, "SHA-1")) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
|
||||
};
|
||||
|
||||
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
|
||||
- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new },
|
||||
+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x963kdf_new },
|
||||
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup },
|
||||
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free },
|
||||
{ OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset },
|
||||
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
|
||||
index 54124ad4cb..25a6c79a2e 100644
|
||||
--- a/providers/implementations/kdfs/tls1_prf.c
|
||||
+++ b/providers/implementations/kdfs/tls1_prf.c
|
||||
@@ -104,6 +104,13 @@ typedef struct {
|
||||
/* Buffer of concatenated seed data */
|
||||
unsigned char seed[TLS1_PRF_MAXBUF];
|
||||
size_t seedlen;
|
||||
+
|
||||
+ /* MAC digest algorithm; used to compute FIPS indicator */
|
||||
+ PROV_DIGEST digest;
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} TLS1_PRF;
|
||||
|
||||
static void *kdf_tls1_prf_new(void *provctx)
|
||||
@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vctx)
|
||||
EVP_MAC_CTX_free(ctx->P_sha1);
|
||||
OPENSSL_clear_free(ctx->sec, ctx->seclen);
|
||||
OPENSSL_cleanse(ctx->seed, ctx->seedlen);
|
||||
+ ossl_prov_digest_reset(&ctx->digest);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->provctx = provctx;
|
||||
}
|
||||
@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
|
||||
/*
|
||||
* The seed buffer is prepended with a label.
|
||||
@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
|
||||
+ return 0;
|
||||
+
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
|
||||
OPENSSL_clear_free(ctx->sec, ctx->seclen);
|
||||
ctx->sec = NULL;
|
||||
@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
|
||||
static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ TLS1_PRF *ctx = vctx;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->seclen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3)
|
||||
+ * P_HASH uses either SHA-256, SHA-384 or SHA-512." */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
|
||||
@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
|
||||
index 4c274fe27a..5ce23c8eb9 100644
|
||||
--- a/providers/implementations/kdfs/x942kdf.c
|
||||
+++ b/providers/implementations/kdfs/x942kdf.c
|
||||
@@ -13,11 +13,13 @@
|
||||
#include <openssl/core_dispatch.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include <openssl/params.h>
|
||||
#include <openssl/proverr.h>
|
||||
#include "internal/packet.h"
|
||||
#include "internal/der.h"
|
||||
#include "internal/nelem.h"
|
||||
+#include "crypto/evp.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/implementations.h"
|
||||
@@ -49,6 +51,9 @@ typedef struct {
|
||||
const unsigned char *cek_oid;
|
||||
size_t cek_oid_len;
|
||||
int use_keybits;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_X942;
|
||||
|
||||
/*
|
||||
@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
|
||||
return 0;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||
der, der_len, ctr, key, keylen);
|
||||
OPENSSL_free(der);
|
||||
@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
KDF_X942 *ctx = (KDF_X942 *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx));
|
||||
- return -2;
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
--
|
||||
2.37.1
|
||||
2.41.0
|
||||
|
||||
|
@ -1,8 +1,39 @@
|
||||
From a0d7a92474123c1fb11e13491d2d37f6c43321b0 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:29 +0200
|
||||
Subject: [PATCH 35/48] 0079-RSA-PKCS15-implicit-rejection.patch
|
||||
|
||||
Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch
|
||||
Patch-id: 79
|
||||
Patch-status: |
|
||||
# https://github.com/openssl/openssl/pull/13817
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/cms/cms_env.c | 7 +
|
||||
crypto/evp/ctrl_params_translate.c | 6 +
|
||||
crypto/pkcs7/pk7_doit.c | 7 +
|
||||
crypto/rsa/rsa_ossl.c | 101 +++-
|
||||
crypto/rsa/rsa_pk1.c | 252 ++++++++++
|
||||
crypto/rsa/rsa_pmeth.c | 20 +-
|
||||
doc/man1/openssl-pkeyutl.pod.in | 15 +
|
||||
doc/man1/openssl-rsautl.pod.in | 5 +
|
||||
doc/man3/EVP_PKEY_CTX_ctrl.pod | 9 +
|
||||
doc/man3/EVP_PKEY_decrypt.pod | 12 +
|
||||
doc/man3/RSA_padding_add_PKCS1_type_1.pod | 7 +-
|
||||
doc/man3/RSA_public_encrypt.pod | 11 +-
|
||||
doc/man7/provider-asym_cipher.pod | 9 +
|
||||
include/crypto/rsa.h | 4 +
|
||||
include/openssl/core_names.h | 2 +
|
||||
include/openssl/rsa.h | 5 +
|
||||
.../implementations/asymciphers/rsa_enc.c | 26 +-
|
||||
.../30-test_evp_data/evppkey_rsa_common.txt | 472 ++++++++++++++++++
|
||||
18 files changed, 962 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
|
||||
index d25504a03f7..c55511011f6 100644
|
||||
index 3105d37726..58d44e1940 100644
|
||||
--- a/crypto/cms/cms_env.c
|
||||
+++ b/crypto/cms/cms_env.c
|
||||
@@ -608,6 +608,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
if (!ossl_cms_env_asn1_ctrl(ri, 1))
|
||||
goto err;
|
||||
|
||||
@ -17,10 +48,10 @@ index d25504a03f7..c55511011f6 100644
|
||||
ktri->encryptedKey->data,
|
||||
ktri->encryptedKey->length) <= 0)
|
||||
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
|
||||
index 56ed5ea6d68..f64c1fcb2ac 100644
|
||||
index d6f8a10840..51f9a2da57 100644
|
||||
--- a/crypto/evp/ctrl_params_translate.c
|
||||
+++ b/crypto/evp/ctrl_params_translate.c
|
||||
@@ -2201,6 +2201,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
||||
@@ -2256,6 +2256,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
||||
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
|
||||
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
|
||||
|
||||
@ -34,10 +65,10 @@ index 56ed5ea6d68..f64c1fcb2ac 100644
|
||||
EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
|
||||
OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
|
||||
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
|
||||
index 31b368bda3b..8a46ab471df 100644
|
||||
index 1cef67b211..e0094486dd 100644
|
||||
--- a/crypto/pkcs7/pk7_doit.c
|
||||
+++ b/crypto/pkcs7/pk7_doit.c
|
||||
@@ -163,6 +163,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
if (EVP_PKEY_decrypt_init(pctx) <= 0)
|
||||
goto err;
|
||||
|
||||
@ -52,7 +83,7 @@ index 31b368bda3b..8a46ab471df 100644
|
||||
ri->enc_key->data, ri->enc_key->length) <= 0)
|
||||
goto err;
|
||||
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
|
||||
index 54e2a1c61ca..094a6632b66 100644
|
||||
index 0fc642e777..e5591cb14a 100644
|
||||
--- a/crypto/rsa/rsa_ossl.c
|
||||
+++ b/crypto/rsa/rsa_ossl.c
|
||||
@@ -17,6 +17,9 @@
|
||||
@ -65,7 +96,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
|
||||
static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
|
||||
unsigned char *to, RSA *rsa, int padding);
|
||||
@@ -372,8 +375,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
BIGNUM *f, *ret;
|
||||
int j, num = 0, r = -1;
|
||||
unsigned char *buf = NULL;
|
||||
@ -79,7 +110,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
/*
|
||||
* Used only if the blinding structure is shared. A non-NULL unblind
|
||||
* instructs rsa_blinding_convert() and rsa_blinding_invert() to store
|
||||
@@ -382,6 +390,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -387,6 +395,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
BIGNUM *unblind = NULL;
|
||||
BN_BLINDING *blinding = NULL;
|
||||
|
||||
@ -92,7 +123,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
|
||||
goto err;
|
||||
BN_CTX_start(ctx);
|
||||
@@ -405,6 +419,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -408,6 +422,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -104,7 +135,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
/* make data into a big number */
|
||||
if (BN_bin2bn(from, (int)flen, f) == NULL)
|
||||
goto err;
|
||||
@@ -471,6 +490,81 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -468,6 +487,81 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
BN_free(d);
|
||||
}
|
||||
|
||||
@ -186,7 +217,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
if (blinding)
|
||||
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||
goto err;
|
||||
@@ -471,9 +545,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -477,9 +571,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
|
||||
switch (padding) {
|
||||
@ -200,7 +231,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
case RSA_PKCS1_OAEP_PADDING:
|
||||
r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
|
||||
break;
|
||||
@@ -500,6 +597,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
@@ -501,6 +598,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
#endif
|
||||
|
||||
err:
|
||||
@ -210,7 +241,7 @@ index 54e2a1c61ca..094a6632b66 100644
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_clear_free(buf, num);
|
||||
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
|
||||
index 5f72fe1735d..04fb0e4ed5e 100644
|
||||
index 51507fc030..5cd2b26879 100644
|
||||
--- a/crypto/rsa/rsa_pk1.c
|
||||
+++ b/crypto/rsa/rsa_pk1.c
|
||||
@@ -21,10 +21,14 @@
|
||||
@ -228,7 +259,7 @@ index 5f72fe1735d..04fb0e4ed5e 100644
|
||||
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
|
||||
const unsigned char *from, int flen)
|
||||
{
|
||||
@@ -271,6 +275,254 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
@@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
return constant_time_select_int(good, mlen, -1);
|
||||
}
|
||||
|
||||
@ -484,7 +515,7 @@ index 5f72fe1735d..04fb0e4ed5e 100644
|
||||
* ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
|
||||
* padding from a decrypted RSA message in a TLS signature. The result is stored
|
||||
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
|
||||
index 8b35e5c3c6d..c67b20baf56 100644
|
||||
index 44c819a5c3..6556a9ad28 100644
|
||||
--- a/crypto/rsa/rsa_pmeth.c
|
||||
+++ b/crypto/rsa/rsa_pmeth.c
|
||||
@@ -52,6 +52,8 @@ typedef struct {
|
||||
@ -512,7 +543,7 @@ index 8b35e5c3c6d..c67b20baf56 100644
|
||||
if (sctx->oaep_label) {
|
||||
OPENSSL_free(dctx->oaep_label);
|
||||
dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
|
||||
@@ -345,6 +349,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
|
||||
@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
|
||||
const unsigned char *in, size_t inlen)
|
||||
{
|
||||
int ret;
|
||||
@ -520,7 +551,7 @@ index 8b35e5c3c6d..c67b20baf56 100644
|
||||
RSA_PKEY_CTX *rctx = ctx->data;
|
||||
/*
|
||||
* Discard const. Its marked as const because this may be a cached copy of
|
||||
@@ -365,7 +370,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
|
||||
@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
|
||||
rctx->oaep_labellen,
|
||||
rctx->md, rctx->mgf1md);
|
||||
} else {
|
||||
@ -534,7 +565,7 @@ index 8b35e5c3c6d..c67b20baf56 100644
|
||||
}
|
||||
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
|
||||
ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
|
||||
@@ -585,6 +595,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
*(unsigned char **)p2 = rctx->oaep_label;
|
||||
return rctx->oaep_labellen;
|
||||
|
||||
@ -550,7 +581,7 @@ index 8b35e5c3c6d..c67b20baf56 100644
|
||||
case EVP_PKEY_CTRL_PKCS7_SIGN:
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
|
||||
index b0054ead66f..dd878297987 100644
|
||||
index b0054ead66..dd87829798 100644
|
||||
--- a/doc/man1/openssl-pkeyutl.pod.in
|
||||
+++ b/doc/man1/openssl-pkeyutl.pod.in
|
||||
@@ -240,6 +240,11 @@ signed or verified directly instead of using a B<DigestInfo> structure. If a
|
||||
@ -583,7 +614,7 @@ index b0054ead66f..dd878297987 100644
|
||||
|
||||
=head1 RSA-PSS ALGORITHM
|
||||
diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
|
||||
index 186e49e5e49..eab34979de3 100644
|
||||
index 186e49e5e4..eab34979de 100644
|
||||
--- a/doc/man1/openssl-rsautl.pod.in
|
||||
+++ b/doc/man1/openssl-rsautl.pod.in
|
||||
@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
|
||||
@ -599,7 +630,7 @@ index 186e49e5e49..eab34979de3 100644
|
||||
|
||||
Hex dump the output data.
|
||||
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||
index 9b96f42dbc9..f7957e95f7f 100644
|
||||
index 5596b8ccdd..a8cc4ecd9f 100644
|
||||
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||
@@ -393,6 +393,15 @@ this behaviour should be tolerated then
|
||||
@ -619,7 +650,7 @@ index 9b96f42dbc9..f7957e95f7f 100644
|
||||
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA
|
||||
diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod
|
||||
index 0cd1a6548d0..462265c5a67 100644
|
||||
index b6f9bad5f1..898535a7a2 100644
|
||||
--- a/doc/man3/EVP_PKEY_decrypt.pod
|
||||
+++ b/doc/man3/EVP_PKEY_decrypt.pod
|
||||
@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative value for failure. In particular a
|
||||
@ -642,7 +673,7 @@ index 0cd1a6548d0..462265c5a67 100644
|
||||
|
||||
Decrypt data using OAEP (for RSA keys):
|
||||
diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
|
||||
index 9f7025c4975..36ae18563f2 100644
|
||||
index 9f7025c497..36ae18563f 100644
|
||||
--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod
|
||||
+++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
|
||||
@@ -121,8 +121,8 @@ L<ERR_get_error(3)>.
|
||||
@ -667,7 +698,7 @@ index 9f7025c4975..36ae18563f2 100644
|
||||
|
||||
L<RSA_public_encrypt(3)>,
|
||||
diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod
|
||||
index 1d38073aead..bd3f835ac6d 100644
|
||||
index 1d38073aea..bd3f835ac6 100644
|
||||
--- a/doc/man3/RSA_public_encrypt.pod
|
||||
+++ b/doc/man3/RSA_public_encrypt.pod
|
||||
@@ -52,8 +52,8 @@ Encrypting user data directly with RSA is insecure.
|
||||
@ -696,10 +727,10 @@ index 1d38073aead..bd3f835ac6d 100644
|
||||
|
||||
SSL, PKCS #1 v2.0
|
||||
diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod
|
||||
index ac3f6271969..cb770c9e857 100644
|
||||
index 0976a263a8..2a8426a6ed 100644
|
||||
--- a/doc/man7/provider-asym_cipher.pod
|
||||
+++ b/doc/man7/provider-asym_cipher.pod
|
||||
@@ -235,6 +235,15 @@ The TLS protocol version first requested by the client.
|
||||
@@ -234,6 +234,15 @@ The TLS protocol version first requested by the client.
|
||||
|
||||
The negotiated TLS protocol version.
|
||||
|
||||
@ -716,7 +747,7 @@ index ac3f6271969..cb770c9e857 100644
|
||||
|
||||
OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params()
|
||||
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
|
||||
index 949873d0ee3..f267e5d9d1c 100644
|
||||
index 949873d0ee..f267e5d9d1 100644
|
||||
--- a/include/crypto/rsa.h
|
||||
+++ b/include/crypto/rsa.h
|
||||
@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg);
|
||||
@ -731,10 +762,10 @@ index 949873d0ee3..f267e5d9d1c 100644
|
||||
size_t tlen,
|
||||
const unsigned char *from,
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index e6c4758a33e..6e4a4f8539d 100644
|
||||
index b431b9f871..f185bc9342 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -302,6 +302,7 @@ extern "C" {
|
||||
@@ -296,6 +296,7 @@ extern "C" {
|
||||
#define OSSL_PKEY_PARAM_DIST_ID "distid"
|
||||
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
||||
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
||||
@ -742,7 +773,7 @@ index e6c4758a33e..6e4a4f8539d 100644
|
||||
|
||||
/* Diffie-Hellman/DSA Parameters */
|
||||
#define OSSL_PKEY_PARAM_FFC_P "p"
|
||||
@@ -482,6 +483,7 @@ extern "C" {
|
||||
@@ -472,6 +473,7 @@ extern "C" {
|
||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
||||
@ -751,7 +782,7 @@ index e6c4758a33e..6e4a4f8539d 100644
|
||||
#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
||||
#endif
|
||||
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
|
||||
index bce21258227..167427d3c48 100644
|
||||
index d0c9599274..e3e1476cda 100644
|
||||
--- a/include/openssl/rsa.h
|
||||
+++ b/include/openssl/rsa.h
|
||||
@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
|
||||
@ -774,10 +805,10 @@ index bce21258227..167427d3c48 100644
|
||||
|
||||
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||
index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
index 666a699d84..d169bfd396 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -75,6 +75,8 @@ typedef struct {
|
||||
@@ -78,6 +78,8 @@ typedef struct {
|
||||
/* TLS padding */
|
||||
unsigned int client_version;
|
||||
unsigned int alt_version;
|
||||
@ -786,7 +817,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
#ifdef FIPS_MODULE
|
||||
char *redhat_st_oaep_seed;
|
||||
#endif /* FIPS_MODULE */
|
||||
@@ -107,6 +109,7 @@ static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[],
|
||||
@@ -113,6 +115,7 @@ static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[],
|
||||
RSA_free(prsactx->rsa);
|
||||
prsactx->rsa = vrsa;
|
||||
prsactx->operation = operation;
|
||||
@ -794,7 +825,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
|
||||
switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
|
||||
case RSA_FLAG_TYPE_RSA:
|
||||
@@ -195,6 +198,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
@@ -237,6 +240,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
int ret;
|
||||
@ -802,7 +833,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
size_t len = RSA_size(prsactx->rsa);
|
||||
|
||||
if (!ossl_prov_is_running())
|
||||
@@ -270,8 +274,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
@@ -326,8 +330,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
}
|
||||
OPENSSL_free(tbuf);
|
||||
} else {
|
||||
@ -817,7 +848,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
}
|
||||
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
|
||||
ret = constant_time_select_int(constant_time_msb(ret), 0, 1);
|
||||
@@ -395,6 +403,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
@@ -454,6 +462,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
|
||||
return 0;
|
||||
|
||||
@ -828,7 +859,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -406,6 +418,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
@@ -465,6 +477,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
NULL, 0),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||
@ -836,7 +867,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
#ifdef FIPS_MODULE
|
||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||
#endif /* FIPS_MODULE */
|
||||
@@ -543,6 +556,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
@@ -621,6 +634,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
return 0;
|
||||
prsactx->alt_version = alt_version;
|
||||
}
|
||||
@ -851,7 +882,7 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -555,6 +576,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
|
||||
@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
|
||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||
@ -860,10 +891,10 @@ index 3d331ea8dfd..fbafb84f8cb 100644
|
||||
};
|
||||
|
||||
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
index b8d8bb2993e..a3d01eec457 100644
|
||||
index 7487684e19..e807c0a2e1 100644
|
||||
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
@@ -253,9 +253,25 @@ Decrypt = RSA-2048
|
||||
@@ -268,9 +268,25 @@ Decrypt = RSA-2048
|
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
|
||||
Output = "Hello World"
|
||||
|
||||
@ -889,7 +920,7 @@ index b8d8bb2993e..a3d01eec457 100644
|
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
|
||||
Output = "Hello World"
|
||||
Result = KEYOP_ERROR
|
||||
@@ -277,6 +297,462 @@ Derive = RSA-2048
|
||||
@@ -293,6 +309,462 @@ Derive = RSA-2048
|
||||
Result = KEYOP_INIT_ERROR
|
||||
Reason = operation not supported for this keytype
|
||||
|
||||
@ -1352,3 +1383,6 @@ index b8d8bb2993e..a3d01eec457 100644
|
||||
# RSA PSS key tests
|
||||
|
||||
# PSS only key, no parameter restrictions
|
||||
--
|
||||
2.41.0
|
||||
|
1102
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
1102
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
File diff suppressed because it is too large
Load Diff
273
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
273
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
@ -0,0 +1,273 @@
|
||||
From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:43:57 +0200
|
||||
Subject: [PATCH 37/48]
|
||||
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
|
||||
Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
Patch-id: 81
|
||||
---
|
||||
providers/implementations/signature/rsa_sig.c | 6 +
|
||||
test/acvp_test.inc | 214 ------------------
|
||||
2 files changed, 6 insertions(+), 214 deletions(-)
|
||||
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index 63ee11e566..cfaa4841cb 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -1279,7 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
err_extra_text = "No padding not allowed with RSA-PSS";
|
||||
goto cont;
|
||||
case RSA_X931_PADDING:
|
||||
+#ifndef FIPS_MODULE
|
||||
err_extra_text = "X.931 padding not allowed with RSA-PSS";
|
||||
+#else /* !defined(FIPS_MODULE) */
|
||||
+ err_extra_text = "X.931 padding no longer allowed in FIPS mode,"
|
||||
+ " since it was removed from FIPS 186-5";
|
||||
+ goto bad_pad;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
cont:
|
||||
if (RSA_test_flags(prsactx->rsa,
|
||||
RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
|
||||
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
|
||||
index 73b24bdb0c..96a72073f9 100644
|
||||
--- a/test/acvp_test.inc
|
||||
+++ b/test/acvp_test.inc
|
||||
@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = {
|
||||
ITM(rsa_siggen0_msg),
|
||||
NO_PSS_SALT_LEN,
|
||||
},
|
||||
- {
|
||||
- "x931",
|
||||
- 2048,
|
||||
- "SHA384",
|
||||
- ITM(rsa_siggen0_msg),
|
||||
- NO_PSS_SALT_LEN,
|
||||
- },
|
||||
{
|
||||
"pss",
|
||||
2048,
|
||||
@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = {
|
||||
0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b,
|
||||
};
|
||||
|
||||
-static const unsigned char rsa_sigverx931_0_n[] = {
|
||||
- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
|
||||
- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
|
||||
- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
|
||||
- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
|
||||
- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
|
||||
- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
|
||||
- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
|
||||
- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
|
||||
- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
|
||||
- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
|
||||
- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
|
||||
- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
|
||||
- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
|
||||
- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
|
||||
- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
|
||||
- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
|
||||
- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
|
||||
- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
|
||||
- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
|
||||
- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
|
||||
- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
|
||||
- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
|
||||
- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
|
||||
- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
|
||||
- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
|
||||
- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
|
||||
- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
|
||||
- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
|
||||
- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
|
||||
- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
|
||||
- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
|
||||
- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
|
||||
- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
|
||||
- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
|
||||
- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
|
||||
- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
|
||||
- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
|
||||
- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
|
||||
- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
|
||||
- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
|
||||
- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
|
||||
- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
|
||||
- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
|
||||
- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
|
||||
- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
|
||||
- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
|
||||
- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
|
||||
- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
|
||||
-
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_e[] = {
|
||||
- 0x01, 0x00, 0x01,
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_msg[] = {
|
||||
- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
|
||||
- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
|
||||
- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
|
||||
- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
|
||||
- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
|
||||
- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
|
||||
- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
|
||||
- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
|
||||
- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
|
||||
- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
|
||||
- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
|
||||
- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
|
||||
- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
|
||||
- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
|
||||
- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
|
||||
- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
|
||||
-
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_sig[] = {
|
||||
- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
|
||||
- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
|
||||
- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
|
||||
- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
|
||||
- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
|
||||
- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
|
||||
- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
|
||||
- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
|
||||
- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
|
||||
- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
|
||||
- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
|
||||
- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
|
||||
- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
|
||||
- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
|
||||
- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
|
||||
- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
|
||||
- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
|
||||
- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
|
||||
- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
|
||||
- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
|
||||
- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
|
||||
- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
|
||||
- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
|
||||
- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
|
||||
- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
|
||||
- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
|
||||
- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
|
||||
- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
|
||||
- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
|
||||
- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
|
||||
- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
|
||||
- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
|
||||
- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
|
||||
- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
|
||||
- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
|
||||
- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
|
||||
- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
|
||||
- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
|
||||
- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
|
||||
- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
|
||||
- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
|
||||
- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
|
||||
- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
|
||||
- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
|
||||
- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
|
||||
- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
|
||||
- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
|
||||
- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
|
||||
-};
|
||||
-
|
||||
-#define rsa_sigverx931_1_n rsa_sigverx931_0_n
|
||||
-#define rsa_sigverx931_1_e rsa_sigverx931_0_e
|
||||
-static const unsigned char rsa_sigverx931_1_msg[] = {
|
||||
- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
|
||||
- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
|
||||
- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
|
||||
- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
|
||||
- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
|
||||
- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
|
||||
- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
|
||||
- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
|
||||
- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
|
||||
- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
|
||||
- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
|
||||
- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
|
||||
- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
|
||||
- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
|
||||
- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
|
||||
- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
|
||||
-};
|
||||
-
|
||||
-static const unsigned char rsa_sigverx931_1_sig[] = {
|
||||
- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
|
||||
- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
|
||||
- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
|
||||
- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
|
||||
- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
|
||||
- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
|
||||
- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
|
||||
- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
|
||||
- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
|
||||
- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
|
||||
- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
|
||||
- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
|
||||
- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
|
||||
- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
|
||||
- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
|
||||
- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
|
||||
- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
|
||||
- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
|
||||
- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
|
||||
- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
|
||||
- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
|
||||
- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
|
||||
- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
|
||||
- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
|
||||
- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
|
||||
- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
|
||||
- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
|
||||
- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
|
||||
- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
|
||||
- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
|
||||
- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
|
||||
- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
|
||||
- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
|
||||
- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
|
||||
- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
|
||||
- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
|
||||
- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
|
||||
- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
|
||||
- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
|
||||
- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
|
||||
- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
|
||||
- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
|
||||
- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
|
||||
- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
|
||||
- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
|
||||
- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
|
||||
- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
|
||||
- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
|
||||
-};
|
||||
-
|
||||
static const struct rsa_sigver_st rsa_sigver_data[] = {
|
||||
{
|
||||
"pkcs1", /* pkcs1v1.5 */
|
||||
@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
|
||||
NO_PSS_SALT_LEN,
|
||||
FAIL
|
||||
},
|
||||
- {
|
||||
- "x931",
|
||||
- 3072,
|
||||
- "SHA256",
|
||||
- ITM(rsa_sigverx931_1_msg),
|
||||
- ITM(rsa_sigverx931_1_n),
|
||||
- ITM(rsa_sigverx931_1_e),
|
||||
- ITM(rsa_sigverx931_1_sig),
|
||||
- NO_PSS_SALT_LEN,
|
||||
- FAIL
|
||||
- },
|
||||
{
|
||||
"pss",
|
||||
4096,
|
||||
--
|
||||
2.41.0
|
||||
|
104
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Normal file
104
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:46:40 +0200
|
||||
Subject: [PATCH 38/48]
|
||||
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||
|
||||
Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||
Patch-id: 83
|
||||
---
|
||||
include/crypto/evp.h | 7 +++++++
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/evp.h | 3 +++
|
||||
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
|
||||
4 files changed, 28 insertions(+)
|
||||
|
||||
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||
index aa07153441..a13127bd59 100644
|
||||
--- a/include/crypto/evp.h
|
||||
+++ b/include/crypto/evp.h
|
||||
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
|
||||
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
|
||||
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
|
||||
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
|
||||
+ * HMAC verification. */
|
||||
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
|
||||
+#endif
|
||||
+
|
||||
struct evp_mac_st {
|
||||
OSSL_PROVIDER *prov;
|
||||
int name_id;
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index f185bc9342..1d1da4d3ca 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -175,6 +175,7 @@ extern "C" {
|
||||
#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
|
||||
#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
|
||||
#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
|
||||
+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||
|
||||
/* Known MAC names */
|
||||
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
|
||||
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||
index 86f4e22c70..615857caf5 100644
|
||||
--- a/include/openssl/evp.h
|
||||
+++ b/include/openssl/evp.h
|
||||
@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
|
||||
void *arg);
|
||||
|
||||
/* MAC stuff */
|
||||
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
|
||||
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
|
||||
const char *properties);
|
||||
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
|
||||
index 52ebb08b8f..cf5c3ecbe7 100644
|
||||
--- a/providers/implementations/macs/hmac_prov.c
|
||||
+++ b/providers/implementations/macs/hmac_prov.c
|
||||
@@ -21,6 +21,8 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
+#include "crypto/evp.h"
|
||||
+
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/provider_util.h"
|
||||
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
||||
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
|
||||
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
|
||||
+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
|
||||
+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
|
||||
+ * and legacy use for HMAC verification. */
|
||||
+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
69
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Normal file
69
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Normal file
@ -0,0 +1,69 @@
|
||||
From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:47:55 +0200
|
||||
Subject: [PATCH 39/48]
|
||||
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
|
||||
Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
Patch-id: 84
|
||||
---
|
||||
providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
|
||||
1 file changed, 26 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
|
||||
index 349c3dd657..11820d1e69 100644
|
||||
--- a/providers/implementations/kdfs/pbkdf2.c
|
||||
+++ b/providers/implementations/kdfs/pbkdf2.c
|
||||
@@ -35,6 +35,21 @@
|
||||
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
|
||||
#define KDF_PBKDF2_MIN_ITERATIONS 1000
|
||||
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
|
||||
+/* The Implementation Guidance for FIPS 140-3 says in section D.N
|
||||
+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
|
||||
+ * shall document in the module’s Security Policy the length of
|
||||
+ * a password/passphrase used in key derivation and establish an upper bound
|
||||
+ * for the probability of having this parameter guessed at random. This
|
||||
+ * probability shall take into account not only the length of the
|
||||
+ * password/passphrase, but also the difficulty of guessing it. The decision on
|
||||
+ * the minimum length of a password used for key derivation is the vendor’s,
|
||||
+ * but the vendor shall at a minimum informally justify the decision."
|
||||
+ *
|
||||
+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
|
||||
+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
|
||||
+ * combined with an implicit indicator (i.e., returning an error) would cause
|
||||
+ * the module to fail ACVP testing. */
|
||||
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
|
||||
|
||||
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
|
||||
static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
|
||||
@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
ctx->lower_bound_checks = pkcs5 == 0;
|
||||
}
|
||||
|
||||
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
|
||||
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
|
||||
+ if (ctx->lower_bound_checks != 0
|
||||
+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
|
||||
if (ctx->lower_bound_checks != 0
|
||||
@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
|
||||
}
|
||||
|
||||
if (lower_bound_checks) {
|
||||
+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
return 0;
|
||||
--
|
||||
2.41.0
|
||||
|
101
0085-FIPS-RSA-disable-shake.patch
Normal file
101
0085-FIPS-RSA-disable-shake.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:51:55 +0200
|
||||
Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch
|
||||
|
||||
Patch-name: 0085-FIPS-RSA-disable-shake.patch
|
||||
Patch-id: 85
|
||||
---
|
||||
crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
|
||||
crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
|
||||
2 files changed, 44 insertions(+)
|
||||
|
||||
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||
index b2f7f7dc4b..af2b0b026c 100644
|
||||
--- a/crypto/rsa/rsa_oaep.c
|
||||
+++ b/crypto/rsa/rsa_oaep.c
|
||||
@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
if (mgf1md == NULL)
|
||||
mgf1md = md;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
mdlen = EVP_MD_get_size(md);
|
||||
if (mdlen <= 0) {
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
|
||||
@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
#endif
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (mgf1md == NULL)
|
||||
mgf1md = md;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
mdlen = EVP_MD_get_size(md);
|
||||
|
||||
if (tlen <= 0 || flen <= 0)
|
||||
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
|
||||
index bb46ec64c7..c0fdf232da 100644
|
||||
--- a/crypto/rsa/rsa_pss.c
|
||||
+++ b/crypto/rsa/rsa_pss.c
|
||||
@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+
|
||||
hLen = EVP_MD_get_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+
|
||||
hLen = EVP_MD_get_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
--
|
||||
2.41.0
|
||||
|
82
0088-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
82
0088-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
@ -0,0 +1,82 @@
|
||||
From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:58:07 +0200
|
||||
Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
|
||||
Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
Patch-id: 88
|
||||
---
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/evp.h | 4 ++++
|
||||
providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++
|
||||
3 files changed, 26 insertions(+)
|
||||
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 1d1da4d3ca..48af87e236 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -458,6 +458,7 @@ extern "C" {
|
||||
#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \
|
||||
OSSL_PKEY_PARAM_MGF1_PROPERTIES
|
||||
#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
|
||||
+#define OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||
|
||||
/* Asym cipher parameters */
|
||||
#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
|
||||
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||
index 615857caf5..05f2d0f75a 100644
|
||||
--- a/include/openssl/evp.h
|
||||
+++ b/include/openssl/evp.h
|
||||
@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
|
||||
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
|
||||
int *outl);
|
||||
|
||||
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||
EVP_PKEY *pkey);
|
||||
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index cfaa4841cb..851671cfb1 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
}
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||
+ if (prsactx->md == NULL) {
|
||||
+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED;
|
||||
+ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) {
|
||||
+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ } else if (prsactx->pad_mode == RSA_NO_PADDING) {
|
||||
+ if (prsactx->md == NULL) /* Should always be the case */
|
||||
+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
47
0091-FIPS-RSA-encapsulate.patch
Normal file
47
0091-FIPS-RSA-encapsulate.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:01:48 +0200
|
||||
Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch
|
||||
|
||||
Patch-name: 0091-FIPS-RSA-encapsulate.patch
|
||||
Patch-id: 91
|
||||
---
|
||||
providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
||||
index 365ae3d7d6..8a6f585d0b 100644
|
||||
--- a/providers/implementations/kem/rsa_kem.c
|
||||
+++ b/providers/implementations/kem/rsa_kem.c
|
||||
@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
|
||||
*secretlen = nlen;
|
||||
return 1;
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Step (2): Generate a random byte string z of nlen bytes where
|
||||
* 1 < z < n - 1
|
||||
@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
|
||||
return 1;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
||||
if (inlen != nlen) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
||||
--
|
||||
2.41.0
|
||||
|
330
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Normal file
330
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Normal file
@ -0,0 +1,330 @@
|
||||
From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:07:18 +0200
|
||||
Subject: [PATCH 43/48]
|
||||
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
|
||||
Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
Patch-id: 93
|
||||
---
|
||||
crypto/dh/dh_backend.c | 10 ++++
|
||||
crypto/dh/dh_check.c | 12 ++--
|
||||
crypto/dh/dh_gen.c | 12 +++-
|
||||
crypto/dh/dh_key.c | 13 ++--
|
||||
crypto/dh/dh_pmeth.c | 10 +++-
|
||||
providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
|
||||
test/endecode_test.c | 4 +-
|
||||
test/evp_libctx_test.c | 2 +-
|
||||
test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
|
||||
test/helpers/predefined_dhparams.h | 1 +
|
||||
test/recipes/80-test_cms.t | 4 +-
|
||||
test/recipes/80-test_ssl_old.t | 3 +
|
||||
12 files changed, 118 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
|
||||
index 726843fd30..24c65ca84f 100644
|
||||
--- a/crypto/dh/dh_backend.c
|
||||
+++ b/crypto/dh/dh_backend.c
|
||||
@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
|
||||
if (!dh_ffc_params_fromdata(dh, params))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (!ossl_dh_is_named_safe_prime_group(dh)) {
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required validation routines"
|
||||
+ " were removed from FIPS 186-5");
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
param_priv_len =
|
||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
|
||||
if (param_priv_len != NULL
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 0b391910d6..75581ca347 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret)
|
||||
nid = DH_get_nid((DH *)dh);
|
||||
if (nid != NID_undef)
|
||||
return 1;
|
||||
+
|
||||
/*
|
||||
- * OR
|
||||
- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
|
||||
- * validity tests.
|
||||
+ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
|
||||
*/
|
||||
- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
|
||||
- FFC_PARAM_TYPE_DH, ret, NULL);
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required validation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+ return 0;
|
||||
}
|
||||
#else
|
||||
int DH_check_params(const DH *dh, int *ret)
|
||||
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
|
||||
index 204662a81c..9961f21920 100644
|
||||
--- a/crypto/dh/dh_gen.c
|
||||
+++ b/crypto/dh/dh_gen.c
|
||||
@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
||||
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
|
||||
BN_GENCB *cb)
|
||||
{
|
||||
- int ret, res;
|
||||
+ int ret = 0;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
+ int res;
|
||||
+
|
||||
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
|
||||
ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
pbits, qbits, &res, cb);
|
||||
else
|
||||
-#endif
|
||||
ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
pbits, qbits, &res, cb);
|
||||
+#else
|
||||
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required generation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+#endif
|
||||
if (ret > 0)
|
||||
dh->dirty_cnt++;
|
||||
return ret;
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index 83773cceea..7e988368d3 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -321,8 +321,12 @@ static int generate_key(DH *dh)
|
||||
goto err;
|
||||
} else {
|
||||
#ifdef FIPS_MODULE
|
||||
- if (dh->params.q == NULL)
|
||||
- goto err;
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer"
|
||||
+ " allowed in FIPS mode, since the required"
|
||||
+ " generation routines were removed from FIPS"
|
||||
+ " 186-5");
|
||||
+ goto err;
|
||||
#else
|
||||
if (dh->params.q == NULL) {
|
||||
/* secret exponent length, must satisfy 2^(l-1) <= p */
|
||||
@@ -343,9 +347,7 @@ static int generate_key(DH *dh)
|
||||
if (!BN_clear_bit(priv_key, 0))
|
||||
goto err;
|
||||
}
|
||||
- } else
|
||||
-#endif
|
||||
- {
|
||||
+ } else {
|
||||
/* Do a partial check for invalid p, q, g */
|
||||
if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH, NULL))
|
||||
@@ -361,6 +363,7 @@ static int generate_key(DH *dh)
|
||||
priv_key))
|
||||
goto err;
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
|
||||
index f201eede0d..30f90d15be 100644
|
||||
--- a/crypto/dh/dh_pmeth.c
|
||||
+++ b/crypto/dh/dh_pmeth.c
|
||||
@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
|
||||
prime_len, subprime_len, &res,
|
||||
pcb);
|
||||
else
|
||||
-# endif
|
||||
- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
|
||||
- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
|
||||
rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
prime_len, subprime_len, &res,
|
||||
pcb);
|
||||
+# else
|
||||
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required generation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+# endif
|
||||
if (rv <= 0) {
|
||||
DH_free(ret);
|
||||
return NULL;
|
||||
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
index 9a7dde7c66..b3e7bca5ac 100644
|
||||
--- a/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
|
||||
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
|
||||
return 1; /* nothing to validate */
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* In FIPS provider, always check the domain parameters to disallow
|
||||
+ * operations on keys with FIPS 186-4 params. */
|
||||
+ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
|
||||
+#endif
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
|
||||
/*
|
||||
* Both of these functions check parameters. DH_check_params_ex()
|
||||
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
||||
index 53385028fc..169f3ccd73 100644
|
||||
--- a/test/endecode_test.c
|
||||
+++ b/test/endecode_test.c
|
||||
@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
|
||||
* for testing only. Use a minimum key size of 2048 for security purposes.
|
||||
*/
|
||||
if (strcmp(type, "DH") == 0)
|
||||
- return get_dh512(keyctx);
|
||||
+ return get_dh2048(keyctx);
|
||||
|
||||
if (strcmp(type, "X9.42 DH") == 0)
|
||||
- return get_dhx512(keyctx);
|
||||
+ return get_dhx_ffdhe2048(keyctx);
|
||||
# endif
|
||||
|
||||
/*
|
||||
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
|
||||
index a7913cda4c..96a35ac1cc 100644
|
||||
--- a/test/evp_libctx_test.c
|
||||
+++ b/test/evp_libctx_test.c
|
||||
@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
|
||||
|
||||
if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
|
||||
|| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
|
||||
- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
|
||||
+ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected))
|
||||
goto err;
|
||||
|
||||
if (expected) {
|
||||
diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
|
||||
index 4bdadc4143..e5186e4b4a 100644
|
||||
--- a/test/helpers/predefined_dhparams.c
|
||||
+++ b/test/helpers/predefined_dhparams.c
|
||||
@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
|
||||
dhx512_q, sizeof(dhx512_q));
|
||||
}
|
||||
|
||||
+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
|
||||
+{
|
||||
+ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for
|
||||
+ * non-well-known groups in FIPS mode. */
|
||||
+ static unsigned char dhx_p[] = {
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58,
|
||||
+ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
||||
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41,
|
||||
+ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
||||
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
|
||||
+ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
||||
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55,
|
||||
+ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
||||
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda,
|
||||
+ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
||||
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82,
|
||||
+ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
||||
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3,
|
||||
+ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
||||
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
|
||||
+ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
||||
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32,
|
||||
+ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
||||
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
|
||||
+ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
||||
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xff, 0xff, 0xff, 0xff
|
||||
+ };
|
||||
+ static unsigned char dhx_g[] = {
|
||||
+ 0x02
|
||||
+ };
|
||||
+ static unsigned char dhx_q[] = {
|
||||
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
|
||||
+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
||||
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
|
||||
+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
||||
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
|
||||
+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
||||
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
|
||||
+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
||||
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
|
||||
+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
||||
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
|
||||
+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
||||
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
|
||||
+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
||||
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
|
||||
+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
||||
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
|
||||
+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
||||
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
|
||||
+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
||||
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xff, 0xff, 0xff, 0xff
|
||||
+ };
|
||||
+
|
||||
+ return get_dh_from_pg(libctx, "X9.42 DH",
|
||||
+ dhx_p, sizeof(dhx_p),
|
||||
+ dhx_g, sizeof(dhx_g),
|
||||
+ dhx_q, sizeof(dhx_q));
|
||||
+}
|
||||
+
|
||||
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
|
||||
{
|
||||
static unsigned char dh1024_p[] = {
|
||||
diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
|
||||
index f0e8709062..2ff6d6e721 100644
|
||||
--- a/test/helpers/predefined_dhparams.h
|
||||
+++ b/test/helpers/predefined_dhparams.h
|
||||
@@ -12,6 +12,7 @@
|
||||
#ifndef OPENSSL_NO_DH
|
||||
EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
|
||||
+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
|
||||
EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
|
||||
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||
index 2a459856f0..afac836fa3 100644
|
||||
--- a/test/recipes/80-test_cms.t
|
||||
+++ b/test/recipes/80-test_cms.t
|
||||
@@ -627,10 +627,10 @@ my @smime_cms_param_tests = (
|
||||
],
|
||||
|
||||
[ "enveloped content test streaming S/MIME format, X9.42 DH",
|
||||
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
||||
+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
|
||||
"-stream", "-out", "{output}.cms",
|
||||
"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
|
||||
- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
|
||||
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
|
||||
"-in", "{output}.cms", "-out", "{output}.txt" ],
|
||||
\&final_compare
|
||||
]
|
||||
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
|
||||
index 527abcea6e..e1d38b1e62 100644
|
||||
--- a/test/recipes/80-test_ssl_old.t
|
||||
+++ b/test/recipes/80-test_ssl_old.t
|
||||
@@ -390,6 +390,9 @@ sub testssl {
|
||||
skip "skipping dhe1024dsa test", 1
|
||||
if ($no_dh);
|
||||
|
||||
+ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1
|
||||
+ if $provider eq "fips";
|
||||
+
|
||||
ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
|
||||
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
26
0109-fips-Zeroize-out-in-fips-selftest.patch
Normal file
26
0109-fips-Zeroize-out-in-fips-selftest.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 3e24e76dfaf7367e0790c22aa1e740f3b68d91a3 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:08:39 +0200
|
||||
Subject: [PATCH 44/48] 0109-fips-Zeroize-out-in-fips-selftest.patch
|
||||
|
||||
Patch-name: 0109-fips-Zeroize-out-in-fips-selftest.patch
|
||||
Patch-id: 109
|
||||
---
|
||||
providers/fips/self_test.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
|
||||
index 062d9df84a..64107d054b 100644
|
||||
--- a/providers/fips/self_test.c
|
||||
+++ b/providers/fips/self_test.c
|
||||
@@ -339,6 +339,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
|
||||
goto err;
|
||||
ret = 1;
|
||||
err:
|
||||
+ OPENSSL_cleanse(out, sizeof(out));
|
||||
OSSL_SELF_TEST_onend(ev, ret);
|
||||
EVP_MAC_CTX_free(ctx);
|
||||
EVP_MAC_free(mac);
|
||||
--
|
||||
2.41.0
|
||||
|
96
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Normal file
96
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Normal file
@ -0,0 +1,96 @@
|
||||
From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:10:11 +0200
|
||||
Subject: [PATCH 45/48]
|
||||
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
||||
|
||||
Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
||||
Patch-id: 110
|
||||
---
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/evp.h | 4 +++
|
||||
.../implementations/ciphers/ciphercommon.c | 4 +++
|
||||
.../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
|
||||
4 files changed, 34 insertions(+)
|
||||
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 48af87e236..29459049ad 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -99,6 +99,7 @@ extern "C" {
|
||||
#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */
|
||||
/* For passing the AlgorithmIdentifier parameter in DER form */
|
||||
#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */
|
||||
+#define OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* int */
|
||||
|
||||
#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \
|
||||
"tls1multi_maxsndfrag" /* uint */
|
||||
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||
index 05f2d0f75a..f1a33ff6f2 100644
|
||||
--- a/include/openssl/evp.h
|
||||
+++ b/include/openssl/evp.h
|
||||
@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
|
||||
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
|
||||
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
|
||||
|
||||
+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
||||
const unsigned char *key, const unsigned char *iv);
|
||||
/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
|
||||
index fa383165d8..716add7339 100644
|
||||
--- a/providers/implementations/ciphers/ciphercommon.c
|
||||
+++ b/providers/implementations/ciphers/ciphercommon.c
|
||||
@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
|
||||
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
|
||||
+ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does
|
||||
+ * not work in ciphercommon.c because it is compiled only once into
|
||||
+ * libcommon.a */
|
||||
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
|
||||
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
index ed95c97ff4..db7910eb0e 100644
|
||||
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
|| !getivgen(ctx, p->data, p->data_size))
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+ /* We would usually hide this under #ifdef FIPS_MODULE, but
|
||||
+ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do
|
||||
+ * not work here. */
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section C.H requires guarantees about the
|
||||
+ * uniqueness of key/iv pairs, and proposes a few approaches to ensure
|
||||
+ * this. This provides an indicator for option 2 "The IV may be
|
||||
+ * generated internally at its entirety randomly." Note that one of the
|
||||
+ * conditions of this option is that "The IV length shall be at least
|
||||
+ * 96 bits (per SP 800-38D)." We do not specically check for this
|
||||
+ * condition here, because gcm_iv_generate will fail in this case. */
|
||||
+ if (ctx->enc && !ctx->iv_gen_rand)
|
||||
+ fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator)) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,75 @@
|
||||
From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:12:33 +0200
|
||||
Subject: [PATCH 46/48]
|
||||
0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
|
||||
Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
Patch-id: 112
|
||||
---
|
||||
providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++--
|
||||
1 file changed, 37 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
|
||||
index 11820d1e69..bae2238ab5 100644
|
||||
--- a/providers/implementations/kdfs/pbkdf2.c
|
||||
+++ b/providers/implementations/kdfs/pbkdf2.c
|
||||
@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx,
|
||||
|
||||
static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
+#ifdef FIPS_MODULE
|
||||
+ KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
|
||||
+ != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* The lower_bound_checks parameter enables checks required by FIPS. If
|
||||
+ * those checks are disabled, the PBKDF2 implementation will also
|
||||
+ * support non-approved parameters (e.g., salt lengths < 16 bytes, see
|
||||
+ * NIST SP 800-132 section 5.1). */
|
||||
+ if (!ctx->lower_bound_checks)
|
||||
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
--
|
||||
2.41.0
|
||||
|
137
0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Normal file
137
0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Normal file
@ -0,0 +1,137 @@
|
||||
From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:13:46 +0200
|
||||
Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
||||
|
||||
Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
||||
Patch-id: 113
|
||||
---
|
||||
include/openssl/core_names.h | 2 ++
|
||||
include/openssl/evp.h | 4 +++
|
||||
.../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++
|
||||
providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
|
||||
4 files changed, 57 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 29459049ad..9af0b1847d 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -480,6 +480,7 @@ extern "C" {
|
||||
#ifdef FIPS_MODULE
|
||||
#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
||||
#endif
|
||||
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||
|
||||
/*
|
||||
* Encoder / decoder parameters
|
||||
@@ -514,6 +515,7 @@ extern "C" {
|
||||
|
||||
/* KEM parameters */
|
||||
#define OSSL_KEM_PARAM_OPERATION "operation"
|
||||
+#define OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* int */
|
||||
|
||||
/* OSSL_KEM_PARAM_OPERATION values */
|
||||
#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE"
|
||||
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||
index f1a33ff6f2..dadbf46a5a 100644
|
||||
--- a/include/openssl/evp.h
|
||||
+++ b/include/openssl/evp.h
|
||||
@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
|
||||
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
|
||||
# endif
|
||||
|
||||
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
|
||||
const char *properties);
|
||||
int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||
index d169bfd396..bd4dcb4e27 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
|
||||
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
|
||||
+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
|
||||
+ * explicit key confirmation is not implemented here and cannot be
|
||||
+ * implemented without protocol changes, and the FIPS provider does not
|
||||
+ * implement trusted third party validation, since it relies on its
|
||||
+ * callers to do that. We must thus mark RSA-OAEP as unapproved until
|
||||
+ * we have received clarification from NIST on how library modules such
|
||||
+ * as OpenSSL should implement TTP validation. */
|
||||
+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
|
||||
#ifdef FIPS_MODULE
|
||||
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||
+ OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
#endif /* FIPS_MODULE */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
||||
index 8a6f585d0b..f4b7415074 100644
|
||||
--- a/providers/implementations/kem/rsa_kem.c
|
||||
+++ b/providers/implementations/kem/rsa_kem.c
|
||||
@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
|
||||
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||
{
|
||||
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM *p;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
+ if (ctx == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
|
||||
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
|
||||
+ * party (section 6.4.2.3.1) for key agreement or key transport, but
|
||||
+ * explicit key confirmation is not implemented here and cannot be
|
||||
+ * implemented without protocol changes, and the FIPS provider does not
|
||||
+ * implement trusted third party validation, since it relies on its
|
||||
+ * callers to do that. We must thus mark RSASVE unapproved until we
|
||||
+ * have received clarification from NIST on how library modules such as
|
||||
+ * OpenSSL should implement TTP validation. */
|
||||
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
|
||||
- return ctx != NULL;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = {
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
251
0114-FIPS-enforce-EMS-support.patch
Normal file
251
0114-FIPS-enforce-EMS-support.patch
Normal file
@ -0,0 +1,251 @@
|
||||
From 9b02ad7225b74a5b9088b361caead0a41e570e93 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:40:56 +0200
|
||||
Subject: [PATCH 48/48] 0114-FIPS-enforce-EMS-support.patch
|
||||
|
||||
Patch-name: 0114-FIPS-enforce-EMS-support.patch
|
||||
Patch-id: 114
|
||||
Patch-status: |
|
||||
# We believe that some changes present in CentOS are not necessary
|
||||
# because ustream has a check for FIPS version
|
||||
---
|
||||
doc/man3/SSL_CONF_cmd.pod | 3 +++
|
||||
doc/man5/fips_config.pod | 13 +++++++++++
|
||||
include/openssl/fips_names.h | 8 +++++++
|
||||
include/openssl/ssl.h.in | 1 +
|
||||
providers/fips/fipsprov.c | 2 +-
|
||||
providers/implementations/kdfs/tls1_prf.c | 22 +++++++++++++++++++
|
||||
ssl/ssl_conf.c | 1 +
|
||||
ssl/statem/extensions_srvr.c | 8 ++++++-
|
||||
ssl/t1_enc.c | 11 ++++++++--
|
||||
.../30-test_evp_data/evpkdf_tls12_prf.txt | 10 +++++++++
|
||||
test/sslapitest.c | 2 +-
|
||||
11 files changed, 76 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
|
||||
index ae6ca43282..b83c04a308 100644
|
||||
--- a/doc/man3/SSL_CONF_cmd.pod
|
||||
+++ b/doc/man3/SSL_CONF_cmd.pod
|
||||
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
|
||||
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
|
||||
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
|
||||
|
||||
+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
|
||||
+This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
|
||||
+
|
||||
B<CANames>: use CA names extension, enabled by
|
||||
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
|
||||
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
|
||||
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
|
||||
index 1c15e32a5c..f2cedaf88d 100644
|
||||
--- a/doc/man5/fips_config.pod
|
||||
+++ b/doc/man5/fips_config.pod
|
||||
@@ -15,6 +15,19 @@ for more information.
|
||||
|
||||
This functionality was added in OpenSSL 3.0.
|
||||
|
||||
+Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
|
||||
+OpenSSL configuration directory and managed by crypto policies. If present, it
|
||||
+should have format
|
||||
+
|
||||
+ [fips_sect]
|
||||
+ tls1-prf-ems-check = 0
|
||||
+ activate = 1
|
||||
+
|
||||
+The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
|
||||
+presence of extended master secret or not.
|
||||
+
|
||||
+The B<activate> option enforces FIPS provider activation.
|
||||
+
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
|
||||
index 5c77f6d691..8cdd5a6bf7 100644
|
||||
--- a/include/openssl/fips_names.h
|
||||
+++ b/include/openssl/fips_names.h
|
||||
@@ -70,6 +70,14 @@ extern "C" {
|
||||
*/
|
||||
# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
|
||||
|
||||
+/*
|
||||
+ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
|
||||
+ * This is disabled by default.
|
||||
+ *
|
||||
+ * Type: OSSL_PARAM_UTF8_STRING
|
||||
+ */
|
||||
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
|
||||
+
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
# endif
|
||||
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
|
||||
index 0b6de603e2..26a69ca282 100644
|
||||
--- a/include/openssl/ssl.h.in
|
||||
+++ b/include/openssl/ssl.h.in
|
||||
@@ -415,6 +415,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
|
||||
* interoperability with CryptoPro CSP 3.x
|
||||
*/
|
||||
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
|
||||
+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
|
||||
|
||||
/*
|
||||
* Option "collections."
|
||||
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
|
||||
index 5ff9872bd8..eb9653a9df 100644
|
||||
--- a/providers/fips/fipsprov.c
|
||||
+++ b/providers/fips/fipsprov.c
|
||||
@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
|
||||
if (fgbl == NULL)
|
||||
return NULL;
|
||||
init_fips_option(&fgbl->fips_security_checks, 1);
|
||||
- init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
|
||||
+ init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */
|
||||
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
|
||||
return fgbl;
|
||||
}
|
||||
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
|
||||
index 25a6c79a2e..79bc7a9719 100644
|
||||
--- a/providers/implementations/kdfs/tls1_prf.c
|
||||
+++ b/providers/implementations/kdfs/tls1_prf.c
|
||||
@@ -131,6 +131,7 @@ static void *kdf_tls1_prf_new(void *provctx)
|
||||
static void kdf_tls1_prf_free(void *vctx)
|
||||
{
|
||||
TLS1_PRF *ctx = (TLS1_PRF *)vctx;
|
||||
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
|
||||
|
||||
if (ctx != NULL) {
|
||||
kdf_tls1_prf_reset(ctx);
|
||||
@@ -222,6 +223,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
}
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * The seed buffer is prepended with a label.
|
||||
+ * If EMS mode is enforced then the label "master secret" is not allowed,
|
||||
+ * We do the check this way since the PRF is used for other purposes, as well
|
||||
+ * as "extended master secret".
|
||||
+ */
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
||||
+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
|
||||
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
|
||||
ctx->sec, ctx->seclen,
|
||||
ctx->seed, ctx->seedlen,
|
||||
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
|
||||
index 5146cedb96..086db98c33 100644
|
||||
--- a/ssl/ssl_conf.c
|
||||
+++ b/ssl/ssl_conf.c
|
||||
@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
|
||||
SSL_FLAG_TBL("ClientRenegotiation",
|
||||
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
|
||||
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
|
||||
+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
|
||||
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
|
||||
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
|
||||
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
|
||||
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
|
||||
index 00b1ee531e..22cdabb308 100644
|
||||
--- a/ssl/statem/extensions_srvr.c
|
||||
+++ b/ssl/statem/extensions_srvr.c
|
||||
@@ -11,6 +11,7 @@
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
+#include <openssl/fips.h>
|
||||
|
||||
#define COOKIE_STATE_FORMAT_VERSION 1
|
||||
|
||||
@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
|
||||
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
|
||||
X509 *x, size_t chainidx)
|
||||
{
|
||||
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
|
||||
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
|
||||
+ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
||||
+ return EXT_RETURN_FAIL;
|
||||
+ }
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
+ }
|
||||
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|
||||
|| !WPACKET_put_bytes_u16(pkt, 0)) {
|
||||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
|
||||
index 91238e6457..e8ad8ecd9e 100644
|
||||
--- a/ssl/t1_enc.c
|
||||
+++ b/ssl/t1_enc.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/trace.h>
|
||||
+#include <openssl/fips.h>
|
||||
|
||||
/* seed1 through seed5 are concatenated */
|
||||
static int tls1_PRF(SSL *s,
|
||||
@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s,
|
||||
}
|
||||
|
||||
err:
|
||||
- if (fatal)
|
||||
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
+ if (fatal) {
|
||||
+ /* The calls to this function are local so it's safe to implement the check */
|
||||
+ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
||||
+ else
|
||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
+ }
|
||||
else
|
||||
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
|
||||
EVP_KDF_CTX_free(kctx);
|
||||
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
index 44040ff66b..deb6bf3fcb 100644
|
||||
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
|
||||
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
|
||||
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
|
||||
|
||||
+Availablein = fips
|
||||
+KDF = TLS1-PRF
|
||||
+Ctrl.digest = digest:SHA256
|
||||
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
|
||||
+Ctrl.label = seed:master secret
|
||||
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
|
||||
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
|
||||
+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
|
||||
+Result = KDF_DERIVE_ERROR
|
||||
+
|
||||
FIPSversion = <=3.1.0
|
||||
KDF = TLS1-PRF
|
||||
Ctrl.digest = digest:SHA256
|
||||
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
||||
index 169e3c7466..e67b5bb44c 100644
|
||||
--- a/test/sslapitest.c
|
||||
+++ b/test/sslapitest.c
|
||||
@@ -574,7 +574,7 @@ static int test_client_cert_verify_cb(void)
|
||||
STACK_OF(X509) *server_chain;
|
||||
SSL_CTX *cctx = NULL, *sctx = NULL;
|
||||
SSL *clientssl = NULL, *serverssl = NULL;
|
||||
- int testresult = 0;
|
||||
+ int testresult = 0, status;
|
||||
|
||||
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
|
||||
TLS_client_method(), TLS1_VERSION, 0,
|
||||
--
|
||||
2.41.0
|
||||
|
43
openssl.spec
43
openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.1.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Epoch: 1
|
||||
Source: openssl-%{version}.tar.gz
|
||||
Source2: Makefile.certificate
|
||||
@ -105,7 +105,7 @@ Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
|
||||
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
||||
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||
# [PATCH 30/35]
|
||||
# [PATCH 30/48]
|
||||
# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
||||
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
||||
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
||||
@ -118,7 +118,41 @@ Patch77: 0077-FIPS-140-3-zeroization.patch
|
||||
# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
||||
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
# # https://github.com/openssl/openssl/pull/13817
|
||||
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
|
||||
Patch79: 0079-RSA-PKCS15-implicit-rejection.patch
|
||||
# # We believe that some changes present in CentOS are not necessary
|
||||
# # because ustream has a check for FIPS version
|
||||
Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
||||
# [PATCH 37/48]
|
||||
# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
# [PATCH 38/48]
|
||||
# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||
Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||
# [PATCH 39/48]
|
||||
# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
# 0085-FIPS-RSA-disable-shake.patch
|
||||
Patch85: 0085-FIPS-RSA-disable-shake.patch
|
||||
# 0088-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
# 0091-FIPS-RSA-encapsulate.patch
|
||||
Patch91: 0091-FIPS-RSA-encapsulate.patch
|
||||
# [PATCH 43/48]
|
||||
# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
# 0109-fips-Zeroize-out-in-fips-selftest.patch
|
||||
Patch109: 0109-fips-Zeroize-out-in-fips-selftest.patch
|
||||
# [PATCH 45/48]
|
||||
# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
||||
Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
|
||||
# [PATCH 46/48]
|
||||
# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
||||
Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
|
||||
# # We believe that some changes present in CentOS are not necessary
|
||||
# # because ustream has a check for FIPS version
|
||||
Patch114: 0114-FIPS-enforce-EMS-support.patch
|
||||
|
||||
License: Apache-2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -450,6 +484,9 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Tue Aug 22 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-3
|
||||
- Integrate FIPS patches from CentOS
|
||||
|
||||
* Fri Aug 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-2
|
||||
- migrated to SPDX license
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user