From 3f7cd79d027ebda621c62c1a87bff442f75d32fe Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 20 Jul 2022 15:20:48 +0200 Subject: [PATCH] Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102536 --- 0044-FIPS-140-3-keychecks.patch | 61 +++++++++++++++++++++++++++++++++ openssl.spec | 8 ++++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 0044-FIPS-140-3-keychecks.patch diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch new file mode 100644 index 0000000..daffd53 --- /dev/null +++ b/0044-FIPS-140-3-keychecks.patch @@ -0,0 +1,61 @@ +diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c +--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200 ++++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200 +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k + BN_MONT_CTX *mont = NULL; + BIGNUM *z = NULL, *pminus1; + int ret = -1; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k + return 0; + } + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ return 0; ++ } ++#endif ++ + ctx = BN_CTX_new_ex(dh->libctx); + if (ctx == NULL) + goto err; +@@ -262,6 +272,9 @@ static int generate_key(DH *dh) + #endif + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -354,8 +367,23 @@ static int generate_key(DH *dh) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->pub_key = pub_key; + dh->priv_key = priv_key; ++#ifdef FIPS_MODULE ++ if (ossl_dh_check_pairwise(dh) <= 0) { ++ dh->pub_key = dh->priv_key = NULL; ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->dirty_cnt++; + ok = 1; + err: diff --git a/openssl.spec b/openssl.spec index 7b2a022..888ff19 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.1 -Release: 39%{?dist} +Release: 40%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -88,6 +88,8 @@ Patch33: 0033-FIPS-embed-hmac.patch Patch34: 0034.fipsinstall_disable.patch # Skip unavailable algorithms running `openssl speed` Patch35: 0035-speed-skip-unavailable-dgst.patch +# Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch # Minimize fips services Patch45: 0045-FIPS-services-minimize.patch # Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486 @@ -483,6 +485,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Fri Aug 05 2022 Dmitry Belyavskiy - 1:3.0.1-40 +- Deal with DH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2102536 + * Mon Aug 01 2022 Clemens Lang - 1:3.0.1-39 - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test