Change explicit FIPS indicator for RSA decryption to unapproved

Resolves: rhbz#2179379
Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang 2023-03-24 16:00:21 +01:00
parent 1bd2a0cee3
commit 0dea6db970
2 changed files with 20 additions and 23 deletions

View File

@ -21,9 +21,9 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
---
include/openssl/core_names.h | 2 ++
include/openssl/evp.h | 4 +++
.../implementations/asymciphers/rsa_enc.c | 31 +++++++++++++++++++
providers/implementations/kem/rsa_kem.c | 30 +++++++++++++++++-
4 files changed, 66 insertions(+), 1 deletion(-)
.../implementations/asymciphers/rsa_enc.c | 24 +++++++++++++++
providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
4 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 832502a034..e15d208421 100644
@ -61,10 +61,10 @@ index ec2ba46fbd..3803b03422 100644
const char *properties);
int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 568452ec56..0a9adb4056 100644
index 568452ec56..2e7ea632d7 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -399,6 +399,34 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
@@ -399,6 +399,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
return 0;
@ -73,23 +73,16 @@ index 568452ec56..0a9adb4056 100644
+ if (p != NULL) {
+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
+
+ if (prsactx->operation == EVP_PKEY_OP_ENCRYPT) {
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted
+ * third party (section 6.4.2.3.1) for the KTS-OAEP key transport
+ * scheme, but explicit key confirmation is not implemented here
+ * and cannot be implemented without protocol changes, and the FIPS
+ * provider does not implement trusted third party validation,
+ * since it relies on its callers to do that. We must thus mark
+ * RSA-OAEP as unapproved until we have received clarification from
+ * NIST on how library modules such as OpenSSL should implement TTP
+ * validation.
+ *
+ * This does not affect decryption, because it is approved as
+ * a component according to the FIPS 140-3 IG, section 2.4.G.
+ */
+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
+ }
+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
+ * explicit key confirmation is not implemented here and cannot be
+ * implemented without protocol changes, and the FIPS provider does not
+ * implement trusted third party validation, since it relies on its
+ * callers to do that. We must thus mark RSA-OAEP as unapproved until
+ * we have received clarification from NIST on how library modules such
+ * as OpenSSL should implement TTP validation. */
+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
+
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
+ return 0;

View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.7
Release: 11%{?dist}
Release: 12%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -507,6 +507,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
* Fri Mar 24 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-12
- Change explicit FIPS indicator for RSA decryption to unapproved
Resolves: rhbz#2179379
* Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11
- Add missing reference to patchfile to add explicit FIPS indicator to RSA
encryption and RSASVE and fix the gettable parameter list for the RSA