Properly enforce limits to the KDF input and output in FIPS mode
Resolves: rhbz#2130275
This commit is contained in:
Jakub Jelen
parent
d780bf3ce3
commit
5fda6cb2b0
120
libgcrypt-1.10.0-fips-kdf.patch
Normal file
120
libgcrypt-1.10.0-fips-kdf.patch
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
From 857e6f467d0fc9fd858a73d84122695425970075 Mon Sep 17 00:00:00 2001
|
||||||
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
Date: Tue, 27 Sep 2022 13:26:16 +0900
|
||||||
|
Subject: [PATCH] kdf:pkdf2: Require longer input when FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Add length check.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6039
|
||||||
|
Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
|
||||||
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 3e51e115..81523320 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,9 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* HMAC requires longer input for approved use case. */
|
||||||
|
+ if (fips_mode () && passphraselen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
|
||||||
|
/* Step 2 */
|
||||||
|
l = ((dklen - 1)/ hlen) + 1;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tobias Heider <tobias.heider@canonical.com>
|
||||||
|
Date: Tue, 27 Sep 2022 13:31:05 +0900
|
||||||
|
Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in
|
||||||
|
FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 81523320..67c60df8 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ /* Check minimum key size */
|
||||||
|
+ if (fips_mode () && dklen < 14)
|
||||||
|
+ return GPG_ERR_INV_VALUE;
|
||||||
|
+
|
||||||
|
/* HMAC requires longer input for approved use case. */
|
||||||
|
if (fips_mode () && passphraselen < 14)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 4 Oct 2022 12:44:54 +0200
|
||||||
|
Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode
|
||||||
|
|
||||||
|
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
|
||||||
|
verify it fails in FIPS mode
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 6219
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
tests/t-kdf.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
|
||||||
|
index c0192d7b..716fb53e 100644
|
||||||
|
--- a/tests/t-kdf.c
|
||||||
|
+++ b/tests/t-kdf.c
|
||||||
|
@@ -909,6 +909,14 @@ check_pbkdf2 (void)
|
||||||
|
"\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
"\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ "password", 8,
|
||||||
|
+ "salt", 4,
|
||||||
|
+ GCRY_MD_SHA1,
|
||||||
|
+ 1,
|
||||||
|
+ 10, /* too short dklen for FIPS */
|
||||||
|
+ "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
"password", 8,
|
||||||
|
"salt", 4,
|
||||||
|
@@ -1109,7 +1117,7 @@ check_pbkdf2 (void)
|
||||||
|
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
|
||||||
|
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||||
|
tv[tvidx].c, tv[tvidx].dklen, outbuf);
|
||||||
|
- if (in_fips_mode && tvidx > 6)
|
||||||
|
+ if (in_fips_mode && tvidx > 7)
|
||||||
|
{
|
||||||
|
if (!err)
|
||||||
|
fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
|
||||||
|
@@ -1118,7 +1126,7 @@ check_pbkdf2 (void)
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
- if (in_fips_mode && tv[tvidx].plen < 14)
|
||||||
|
+ if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14))
|
||||||
|
{
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
@ -35,6 +35,8 @@ Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
|
|||||||
Patch9: libgcrypt-1.10.0-sha3-large.patch
|
Patch9: libgcrypt-1.10.0-sha3-large.patch
|
||||||
# https://dev.gnupg.org/T5919
|
# https://dev.gnupg.org/T5919
|
||||||
Patch10: libgcrypt-1.10.0-fips-keygen.patch
|
Patch10: libgcrypt-1.10.0-fips-keygen.patch
|
||||||
|
# https://dev.gnupg.org/T6219
|
||||||
|
Patch11: libgcrypt-1.10.0-fips-kdf.patch
|
||||||
|
|
||||||
%global gcrylibdir %{_libdir}
|
%global gcrylibdir %{_libdir}
|
||||||
%global gcrysoname libgcrypt.so.20
|
%global gcrysoname libgcrypt.so.20
|
||||||
@ -80,6 +82,7 @@ applications using libgcrypt.
|
|||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# This package has a configure test which uses ASMs, but does not link the
|
# This package has a configure test which uses ASMs, but does not link the
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user