When FIPS provider is in use, we forbid only some padding modes
Resolves: rhbz#2053289
This commit is contained in:
parent
02c75e5a65
commit
067b6b249b
132
0058-FIPS-limit-rsa-encrypt.patch
Normal file
132
0058-FIPS-limit-rsa-encrypt.patch
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200
|
||||||
|
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac
|
||||||
|
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
|
||||||
|
}
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
|
||||||
|
+{
|
||||||
|
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING
|
||||||
|
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||||
|
size_t outsize, const unsigned char *in, size_t inlen)
|
||||||
|
{
|
||||||
|
@@ -141,6 +152,13 @@ static int rsa_encrypt(void *vprsactx, u
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
if (out == NULL) {
|
||||||
|
size_t len = RSA_size(prsactx->rsa);
|
||||||
|
|
||||||
|
@@ -202,6 +220,13 @@ static int rsa_decrypt(void *vprsactx, u
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
|
||||||
|
if (out == NULL) {
|
||||||
|
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
|
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t
|
||||||
|
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200
|
||||||
|
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
|
||||||
|
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
|
||||||
|
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
|
||||||
|
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
||||||
|
"-aes256", "-stream", "-out", "{output}.cms",
|
||||||
|
$smrsa1,
|
||||||
|
@@ -865,5 +865,8 @@ sub check_availability {
|
||||||
|
return "$tnam: skipped, DSA disabled\n"
|
||||||
|
if ($no_dsa && $tnam =~ / DSA/);
|
||||||
|
|
||||||
|
+ return "$tnam: skipped, Red Hat FIPS\n"
|
||||||
|
+ if ($tnam =~ /no Red Hat FIPS/);
|
||||||
|
+
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.no_bad_pad openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||||
|
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.no_bad_pad 2022-05-02 17:16:00.408148809 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-05-02 17:17:34.351988456 +0200
|
||||||
|
@@ -248,12 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
|
||||||
|
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||||
|
|
||||||
|
# RSA decrypt
|
||||||
|
-
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt = RSA-2048
|
||||||
|
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
|
||||||
|
Output = "Hello World"
|
||||||
|
|
||||||
|
# Corrupted ciphertext
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt = RSA-2048
|
||||||
|
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
|
||||||
|
Output = "Hello World"
|
||||||
|
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
|
||||||
|
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
|
||||||
|
@@ -483,6 +483,18 @@ sub testssl {
|
||||||
|
# the default choice if TLSv1.3 enabled
|
||||||
|
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
|
||||||
|
my $ciphersuites = "";
|
||||||
|
+ my %redhat_skip_cipher = map {$_ => 1} qw(
|
||||||
|
+AES256-GCM-SHA384:@SECLEVEL=0
|
||||||
|
+AES256-CCM8:@SECLEVEL=0
|
||||||
|
+AES256-CCM:@SECLEVEL=0
|
||||||
|
+AES128-GCM-SHA256:@SECLEVEL=0
|
||||||
|
+AES128-CCM8:@SECLEVEL=0
|
||||||
|
+AES128-CCM:@SECLEVEL=0
|
||||||
|
+AES256-SHA256:@SECLEVEL=0
|
||||||
|
+AES128-SHA256:@SECLEVEL=0
|
||||||
|
+AES256-SHA:@SECLEVEL=0
|
||||||
|
+AES128-SHA:@SECLEVEL=0
|
||||||
|
+ );
|
||||||
|
foreach my $cipher (@{$ciphersuites{$protocol}}) {
|
||||||
|
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
|
||||||
|
note "*****SKIPPING $protocol $cipher";
|
||||||
|
@@ -494,11 +506,16 @@ sub testssl {
|
||||||
|
} else {
|
||||||
|
$cipher = $cipher.':@SECLEVEL=0';
|
||||||
|
}
|
||||||
|
- ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||||
|
- $cipher,
|
||||||
|
- "-ciphersuites", $ciphersuites,
|
||||||
|
- $flag || ()])),
|
||||||
|
- "Testing $cipher");
|
||||||
|
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
|
||||||
|
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
|
||||||
|
+ ok(1);
|
||||||
|
+ } else {
|
||||||
|
+ ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||||
|
+ $cipher,
|
||||||
|
+ "-ciphersuites", $ciphersuites,
|
||||||
|
+ $flag || ()])),
|
||||||
|
+ "Testing $cipher");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
next if $protocol eq "-tls1_3";
|
Loading…
Reference in New Issue
Block a user