From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 21 Aug 2023 16:13:46 +0200 Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch-id: 113 --- include/openssl/core_names.h | 2 ++ include/openssl/evp.h | 4 +++ .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++ providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++- 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 29459049ad..9af0b1847d 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -480,6 +480,7 @@ extern "C" { #ifdef FIPS_MODULE #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" #endif +#define OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* * Encoder / decoder parameters @@ -514,6 +515,7 @@ extern "C" { /* KEM parameters */ #define OSSL_KEM_PARAM_OPERATION "operation" +#define OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* int */ /* OSSL_KEM_PARAM_OPERATION values */ #define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f1a33ff6f2..dadbf46a5a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); # endif +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1 +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index d169bfd396..bd4dcb4e27 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) return 0; +#ifdef FIPS_MODULE + p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR); + if (p != NULL) { + int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED; + + /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key + * confirmation (section 6.4.2.3.2), or assurance from a trusted third + * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but + * explicit key confirmation is not implemented here and cannot be + * implemented without protocol changes, and the FIPS provider does not + * implement trusted third party validation, since it relies on its + * callers to do that. We must thus mark RSA-OAEP as unapproved until + * we have received clarification from NIST on how library modules such + * as OpenSSL should implement TTP validation. */ + fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + if (!OSSL_PARAM_set_int(p, fips_indicator)) + return 0; + } +#endif /* defined(FIPS_MODULE) */ + return 1; } @@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), #ifdef FIPS_MODULE OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), + OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL), #endif /* FIPS_MODULE */ OSSL_PARAM_END }; diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index 8a6f585d0b..f4b7415074 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx; +#ifdef FIPS_MODULE + OSSL_PARAM *p; +#endif /* defined(FIPS_MODULE) */ + + if (ctx == NULL) + return 0; + +#ifdef FIPS_MODULE + p = OSSL_PARAM_locate(params, OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR); + if (p != NULL) { + /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key + * confirmation (section 6.4.2.3.2), or assurance from a trusted third + * party (section 6.4.2.3.1) for key agreement or key transport, but + * explicit key confirmation is not implemented here and cannot be + * implemented without protocol changes, and the FIPS provider does not + * implement trusted third party validation, since it relies on its + * callers to do that. We must thus mark RSASVE unapproved until we + * have received clarification from NIST on how library modules such as + * OpenSSL should implement TTP validation. */ + int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + + if (!OSSL_PARAM_set_int(p, fips_indicator)) + return 0; + } +#endif /* defined(FIPS_MODULE) */ - return ctx != NULL; + return 1; } static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { +#ifdef FIPS_MODULE + OSSL_PARAM_int(OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR, NULL), +#endif /* defined(FIPS_MODULE) */ OSSL_PARAM_END }; -- 2.41.0