Utilities from the general purpose cryptography library with TLS implementation
6a9e17a8c1
FIPS requires a number of restrictions on the parameters of the various key derivation functions implemented in OpenSSL. The KDFs that use digest algorithms usually should not allow SHAKE (due to FIPS 140-3 IG C.C). Additionally, some application-specific KDFs have further restrictions defined in SP 800-135r1. Generally, all KDFs shall use a key-derivation key length of at least 112 bits due to SP 800-131Ar2 section 8. Additionally any use of a KDF to generate and output length of less than 112 bits will also set the indicator to unapproved. Add explicit indicators to all KDFs usable in FIPS mode except for PBKDF2 (which has its specific FIPS limits already implemented). The indicator can be queried using EVP_KDF_CTX_get_params() after setting the required parameters and keys for the KDF. Our FIPS provider implements SHA1, SHA2 (both -256 and -512, and the truncated variants -224 and -384) and SHA3 (-256 and -512, and the truncated versions -224 and -384), as well as SHAKE-128 and -256. The SHAKE functions are generally not allowed in KDFs. For the rest, the support matrix is: KDF | SHA-1 | SHA-2 | SHA-2 truncated | SHA-3 | SHA-3 truncated ========================================================================== KBKDF | x | x | x | x | x HKDF | x | x | x | x | x TLS1PRF | | SHA-{256,384,512} only | | SSHKDF | x | x | x | | SSKDF | x | x | x | x | x X9.63KDF | | x | x | x | x X9.42-ASN1 | x | x | x | x | x TLS1.3PRF | | SHA-{256,384} only | | Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2175860 rhbz#2175864 |
||
---|---|---|
.gitignore | ||
0001-Aarch64-and-ppc64le-use-lib64.patch | ||
0002-Use-more-general-default-values-in-openssl.cnf.patch | ||
0003-Do-not-install-html-docs.patch | ||
0004-Override-default-paths-for-the-CA-directory-tree.patch | ||
0005-apps-ca-fix-md-option-help-text.patch | ||
0006-Disable-signature-verification-with-totally-unsafe-h.patch | ||
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch | ||
0008-Add-FIPS_mode-compatibility-macro.patch | ||
0009-Add-Kernel-FIPS-mode-flag-support.patch | ||
0011-Remove-EC-curves.patch | ||
0012-Disable-explicit-ec.patch | ||
0024-load-legacy-prov.patch | ||
0025-for-tests.patch | ||
0031-tmp-Fix-test-names.patch | ||
0032-Force-fips.patch | ||
0033-FIPS-embed-hmac.patch | ||
0034.fipsinstall_disable.patch | ||
0035-speed-skip-unavailable-dgst.patch | ||
0044-FIPS-140-3-keychecks.patch | ||
0045-FIPS-services-minimize.patch | ||
0047-FIPS-early-KATS.patch | ||
0049-Selectively-disallow-SHA1-signatures.patch | ||
0050-FIPS-enable-pkcs12-mac.patch | ||
0051-Support-different-R_BITS-lengths-for-KBKDF.patch | ||
0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch | ||
0056-strcasecmp.patch | ||
0058-FIPS-limit-rsa-encrypt.patch | ||
0060-FIPS-KAT-signature-tests.patch | ||
0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch | ||
0062-fips-Expose-a-FIPS-indicator.patch | ||
0067-ppc64le-Montgomery-multiply.patch | ||
0071-AES-GCM-performance-optimization.patch | ||
0072-ChaCha20-performance-optimizations-for-ppc64le.patch | ||
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch | ||
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch | ||
0075-FIPS-Use-FFDHE2048-in-self-test.patch | ||
0076-FIPS-140-3-DRBG.patch | ||
0077-FIPS-140-3-zeroization.patch | ||
0078-KDF-Add-FIPS-indicators.patch | ||
0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch | ||
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch | ||
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch | ||
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch | ||
0085-FIPS-RSA-disable-shake.patch | ||
0088-signature-Add-indicator-for-PSS-salt-length.patch | ||
0089-PSS-salt-length-from-provider.patch | ||
0090-signature-Clamp-PSS-salt-len-to-MD-len.patch | ||
0091-FIPS-RSA-encapsulate.patch | ||
0092-provider-improvements.patch | ||
0101-CVE-2022-4203-nc-match.patch | ||
0102-CVE-2022-4304-RSA-time-oracle.patch | ||
0103-CVE-2022-4450-pem-read-bio.patch | ||
0104-CVE-2023-0215-UAF-bio.patch | ||
0105-CVE-2023-0216-pkcs7-deref.patch | ||
0106-CVE-2023-0217-dsa.patch | ||
0107-CVE-2023-0286-X400.patch | ||
0108-CVE-2023-0401-pkcs7-md.patch | ||
configuration-prefix.h | ||
configuration-switch.h | ||
ec_curve.c | ||
ectest.c | ||
gating.yaml | ||
genpatches | ||
hobble-openssl | ||
make-dummy-cert | ||
Makefile.certificate | ||
openssl.spec | ||
renew-dummy-cert | ||
rpminspect.yaml | ||
sources |