rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop selective RSA encryption/decryption disablement in FIPS mode

Browse Source 
Related: rhbz#2130275
This commit is contained in:
Jakub Jelen 2022-10-06 09:32:06 +02:00
parent 242f11d393
commit d712a009a1
3 changed files with 0 additions and 374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
libgcrypt-1.10.0-fips-disable-oaep.patch
View File

@ -1,151 +0,0 @@
From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 17 Aug 2022 09:01:44 +0200
Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
in FIPS mode for encryption
* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
decryption
---
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/pubkey-util.c | 5 ++++-
cipher/rsa.c | 3 ++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 4953caf3..244dd5d4 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
const void * value;
size_t valuelen;
- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+ /* The RSA OAEP encryption requires some more assurances in FIPS */
+ if (fips_mode ())
+ rc = GPG_ERR_INV_FLAG;
+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
rc = GPG_ERR_INV_OBJ;
else
{
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 96dba090..87f57b55 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
rc = GPG_ERR_INV_DATA;
goto leave;
}
- if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 ||
+ ctx.encoding == PUBKEY_ENC_OAEP))
{
rc = GPG_ERR_INV_FLAG;
goto leave;
--
2.37.1
From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 17 Aug 2022 10:31:19 +0200
Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode
* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
to fail in FIPS mode
* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
mode
---
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/basic.c | 14 +++++++++-----
tests/pkcs1v2.c | 13 +++++++++++++
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/tests/basic.c b/tests/basic.c
index 26980e15..b4102c9f 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
"(flags oaep)",
1,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ GCRY_PK_RSA,
"(data\n (flags oaep)\n (hash-algo sha1)\n"
" (value #11223344556677889900AA#))\n",
"(flags oaep)(hash-algo sha1)",
1,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ GCRY_PK_RSA,
"(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
" (value #11223344556677889900AA#))\n",
"(flags oaep)(hash-algo sha1)(label \"test\")",
1,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ GCRY_PK_RSA,
"(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
" (value #11223344556677889900AA#)\n"
@@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
"(flags oaep)(hash-algo sha1)(label \"test\")",
1,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ 0,
"(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
NULL,
@@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
"(flags pkcs1)",
1,
0,
- GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS },
{ 0,
"(data\n (flags pss)\n"
" (value #11223344556677889900AA#))\n",
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
index 6c7f3d81..2fd495d5 100644
--- a/tests/pkcs1v2.c
+++ b/tests/pkcs1v2.c
@@ -186,11 +186,24 @@ check_oaep (void)
err = gcry_pk_encrypt (&ciph, plain, pub_key);
if (err)
{
+ if (in_fips_mode)
+ {
+ gcry_sexp_release (plain);
+ plain = NULL;
+ continue;
+ }
show_sexp ("plain:\n", ciph);
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
}
else
{
+ if (in_fips_mode)
+ {
+ fail ("The OAEP encryption unexpectedly worked in FIPS mode\n");
+ gcry_sexp_release (plain);
+ plain = NULL;
+ continue;
+ }
if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr,
tbl[tno].m[mno].desc))
{
--
2.37.1

219
libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
View File

@ -1,219 +0,0 @@
From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 1 Apr 2022 18:29:08 +0200
Subject: [PATCH 1/3] Do not allow PKCS #1.5 padding for encryption in FIPS
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
padding for encryption in FIPS mode
* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/pubkey-util.c | 5 ++++-
cipher/rsa.c | 5 +++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 68defea6..4953caf3 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
void *random_override = NULL;
size_t random_override_len = 0;
- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+ /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
+ if (fips_mode ())
+ rc = GPG_ERR_INV_FLAG;
+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
rc = GPG_ERR_INV_OBJ;
else
{
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 771413b3..c6319b67 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
rc = GPG_ERR_INV_DATA;
goto leave;
}
+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
+ {
+ rc = GPG_ERR_INV_FLAG;
+ goto leave;
+ }
/* Extract the key. */
rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",
--
2.34.1
From 299e2f93415984919181e0ee651719bbf83bdd2f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 1 Apr 2022 18:31:05 +0200
Subject: [PATCH 2/3] tests: Replace custom bit with more generic flags
* tests/basic.c (global): New flag FLAG_SPECIAL
(check_pubkey_crypt): Change to use bitfield flags
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/basic.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/tests/basic.c b/tests/basic.c
index a0ad33eb..1c6cb40b 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -55,11 +55,12 @@ typedef struct test_spec_pubkey
}
test_spec_pubkey_t;
-#define FLAG_CRYPT (1 << 0)
-#define FLAG_SIGN (1 << 1)
-#define FLAG_GRIP (1 << 2)
-#define FLAG_NOFIPS (1 << 3)
-#define FLAG_CFB8 (1 << 4)
+#define FLAG_CRYPT (1 << 0)
+#define FLAG_SIGN (1 << 1)
+#define FLAG_GRIP (1 << 2)
+#define FLAG_NOFIPS (1 << 3)
+#define FLAG_CFB8 (1 << 4)
+#define FLAG_SPECIAL (1 << 5)
static int in_fips_mode;
@@ -15558,7 +15559,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
int unpadded;
int encrypt_expected_rc;
int decrypt_expected_rc;
- int special;
+ int flags;
} datas[] =
{
{ GCRY_PK_RSA,
@@ -15642,14 +15643,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
"(flags oaep)",
1,
0,
- GPG_ERR_ENCODING_PROBLEM, 1 },
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
{ GCRY_PK_RSA,
"(data\n (flags oaep)\n"
" (value #11223344556677889900AA#))\n",
"(flags pkcs1)",
1,
0,
- GPG_ERR_ENCODING_PROBLEM, 1 },
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
{ 0,
"(data\n (flags pss)\n"
" (value #11223344556677889900AA#))\n",
@@ -15725,7 +15726,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
ciph = list;
}
rc = gcry_pk_decrypt (&plain, ciph, skey);
- if (!rc && datas[dataidx].special == 1)
+ if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
{
/* It may happen that OAEP formatted data which is
decrypted as pkcs#1 data returns a valid pkcs#1
--
2.34.1
From f736f3c70182d9c948f9105eb769c47c5578df35 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 1 Apr 2022 18:34:42 +0200
Subject: [PATCH 3/3] tests: Expect the RSA PKCS #1.5 encryption to fail in
FIPS mode
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode. Expect failure when wrong padding is selected
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/basic.c | 11 +++++++----
tests/pkcs1v2.c | 14 +++++++++++++-
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/tests/basic.c b/tests/basic.c
index 1c6cb40b..85764591 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
NULL,
0,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ GCRY_PK_RSA,
"(data\n (flags pkcs1)\n"
" (value #11223344556677889900AA#))\n",
"(flags pkcs1)",
1,
0,
- 0 },
+ 0,
+ FLAG_NOFIPS },
{ GCRY_PK_RSA,
"(data\n (flags oaep)\n"
" (value #11223344556677889900AA#))\n",
@@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
die ("converting data failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_encrypt (&ciph, data, pkey);
- if (in_fips_mode && (flags & FLAG_NOFIPS))
+ if (in_fips_mode && ((flags & FLAG_NOFIPS) ||
+ (datas[dataidx].flags & FLAG_NOFIPS)))
{
if (!rc)
fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
@@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
ciph = list;
}
rc = gcry_pk_decrypt (&plain, ciph, skey);
- if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
+ if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL))
{
/* It may happen that OAEP formatted data which is
decrypted as pkcs#1 data returns a valid pkcs#1
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
index f26e779b..6c7f3d81 100644
--- a/tests/pkcs1v2.c
+++ b/tests/pkcs1v2.c
@@ -454,7 +454,19 @@ check_v15crypt (void)
gcry_free (seed);
err = gcry_pk_encrypt (&ciph, plain, pub_key);
- if (err)
+ if (in_fips_mode)
+ {
+ if (!err)
+ {
+ fail ("gcry_pk_encrypt should have failed in FIPS mode:\n");
+ }
+ gcry_sexp_release (plain);
+ plain = NULL;
+ gcry_sexp_release (ciph);
+ ciph = NULL;
+ continue;
+ }
+ else if (err)
{
show_sexp ("plain:\n", ciph);
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
--
2.34.1

4
libgcrypt.spec
View File

@ -22,7 +22,6 @@ Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: wk@g10code.com
Patch1: libgcrypt-1.10.0-disable-brainpool.patch
Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
Patch3: libgcrypt-1.10.0-ppc-hwf.patch
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
@ -30,7 +29,6 @@ Patch6: libgcrypt-1.10.0-fips-getrandom.patch
# https://dev.gnupg.org/T6127
# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
Patch7: libgcrypt-1.10.0-fips-selftest.patch
Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
# https://dev.gnupg.org/T6217
Patch9: libgcrypt-1.10.0-sha3-large.patch
# https://dev.gnupg.org/T5919
@ -73,13 +71,11 @@ applications using libgcrypt.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1