Sync from SUSE:SLFO:Main openssl-3 revision 0d56ccee1b427e1823411c3d8bad7f8e
This commit is contained in:
parent
7a798c881c
commit
c5ce55a09c
548
openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
Normal file
548
openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
Normal file
@ -0,0 +1,548 @@
|
||||
From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Wed, 18 May 2022 17:25:59 +0200
|
||||
Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider
|
||||
|
||||
For RHEL, we already disable SHA-1 signatures by default in the default
|
||||
provider, so it is unexpected that the FIPS provider would have a more
|
||||
lenient configuration in this regard. Additionally, we do not think
|
||||
continuing to accept SHA-1 signatures is a good idea due to the
|
||||
published chosen-prefix collision attacks.
|
||||
|
||||
As a consequence, disable verification of SHA-1 signatures in the FIPS
|
||||
provider.
|
||||
|
||||
This requires adjusting a few tests that would otherwise fail:
|
||||
- 30-test_acvp: Remove the test vectors that use SHA-1.
|
||||
- 30-test_evp: Mark tests in evppkey_rsa_common.txt and
|
||||
evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default",
|
||||
which will not run them when the FIPS provider is enabled.
|
||||
- 80-test_cms: Re-create all certificates in test/smime-certificates
|
||||
with SHA256 signatures while keeping the same private keys. These
|
||||
certificates were signed with SHA-1 and thus fail verification in the
|
||||
FIPS provider.
|
||||
Fix some other tests by explicitly running them in the default
|
||||
provider, where SHA-1 is available.
|
||||
- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with
|
||||
the FIPS provider.
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
providers/implementations/signature/dsa_sig.c | 4 --
|
||||
.../implementations/signature/ecdsa_sig.c | 4 --
|
||||
providers/implementations/signature/rsa_sig.c | 8 +--
|
||||
test/acvp_test.inc | 20 -------
|
||||
.../30-test_evp_data/evppkey_ecdsa.txt | 7 +++
|
||||
.../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++-
|
||||
test/recipes/80-test_cms.t | 4 +-
|
||||
test/recipes/80-test_ssl_old.t | 4 ++
|
||||
test/smime-certs/smdh.pem | 18 +++---
|
||||
test/smime-certs/smdsa1.pem | 60 +++++++++----------
|
||||
test/smime-certs/smdsa2.pem | 60 +++++++++----------
|
||||
test/smime-certs/smdsa3.pem | 60 +++++++++----------
|
||||
test/smime-certs/smec1.pem | 30 +++++-----
|
||||
test/smime-certs/smec2.pem | 30 +++++-----
|
||||
test/smime-certs/smec3.pem | 30 +++++-----
|
||||
test/smime-certs/smroot.pem | 38 ++++++------
|
||||
test/smime-certs/smrsa1.pem | 38 ++++++------
|
||||
test/smime-certs/smrsa2.pem | 38 ++++++------
|
||||
test/smime-certs/smrsa3.pem | 38 ++++++------
|
||||
19 files changed, 286 insertions(+), 256 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/dsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/dsa_sig.c
|
||||
@@ -127,11 +127,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
|
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||
int md_nid;
|
||||
size_t mdname_len = strlen(mdname);
|
||||
-#ifdef FIPS_MODULE
|
||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
-#else
|
||||
int sha1_allowed = 0;
|
||||
-#endif
|
||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
||||
sha1_allowed);
|
||||
|
||||
Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/ecdsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
|
||||
@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
|
||||
"%s could not be fetched", mdname);
|
||||
return 0;
|
||||
}
|
||||
-#ifdef FIPS_MODULE
|
||||
- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
-#else
|
||||
sha1_allowed = 0;
|
||||
-#endif
|
||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
||||
sha1_allowed);
|
||||
if (md_nid < 0) {
|
||||
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
@@ -306,11 +306,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
|
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||
int md_nid;
|
||||
size_t mdname_len = strlen(mdname);
|
||||
-#ifdef FIPS_MODULE
|
||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
-#else
|
||||
int sha1_allowed = 0;
|
||||
-#endif
|
||||
md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
||||
sha1_allowed);
|
||||
|
||||
@@ -1414,8 +1410,10 @@ static int rsa_set_ctx_params(void *vprs
|
||||
|
||||
if (prsactx->md == NULL && pmdname == NULL
|
||||
&& pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||
+#ifdef FIPS_MODULE
|
||||
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
||||
+#else
|
||||
pmdname = RSA_DEFAULT_DIGEST_NAME;
|
||||
-#ifndef FIPS_MODULE
|
||||
if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
|
||||
pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
||||
}
|
||||
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
|
||||
|
||||
Title = ECDSA tests
|
||||
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
||||
|
||||
# Digest too long
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF12345"
|
||||
@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# Digest too short
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF123"
|
||||
@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# Digest invalid
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1235"
|
||||
@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# Invalid signature
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# BER signature
|
||||
+Availablein = default
|
||||
Verify = P-256
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
+Availablein = default
|
||||
Verify = P-256-PUBLIC
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
@@ -96,6 +96,7 @@ NDL6WCBbets=
|
||||
|
||||
Title = RSA tests
|
||||
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224
|
||||
Input = "0123456789ABCDEF123456789ABC"
|
||||
Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
|
||||
|
||||
+Availablein = default
|
||||
VerifyRecover = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
|
||||
Output = "0123456789ABCDEF1234"
|
||||
|
||||
# Leading zero in the signature
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
+Availablein = default
|
||||
VerifyRecover = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
|
||||
Result = KEYOP_ERROR
|
||||
|
||||
# Mismatched digest
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1233"
|
||||
@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# Corrupted signature
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1233"
|
||||
@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# parameter is not NULLt
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1b
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# embedded digest too long
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
+Availablein = default
|
||||
VerifyRecover = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
|
||||
Result = KEYOP_ERROR
|
||||
|
||||
# embedded digest too short
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
+Availablein = default
|
||||
VerifyRecover = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
|
||||
Result = KEYOP_ERROR
|
||||
|
||||
# Garbage after DigestInfo
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
+Availablein = default
|
||||
VerifyRecover = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
|
||||
Result = KEYOP_ERROR
|
||||
|
||||
# invalid tag for parameter
|
||||
+Availablein = default
|
||||
Verify = RSA-2048
|
||||
Ctrl = digest:sha1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
@@ -195,6 +209,7 @@ Result = VERIFY_ERROR
|
||||
|
||||
# Verify using public key
|
||||
|
||||
+Availablein = default
|
||||
Verify = RSA-2048-PUBLIC
|
||||
Ctrl = digest:SHA1
|
||||
Input = "0123456789ABCDEF1234"
|
||||
@@ -371,6 +386,8 @@ Input="0123456789ABCDEF0123456789ABCDEF"
|
||||
Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
|
||||
|
||||
# Verify using salt length auto detect
|
||||
+# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256
|
||||
+Availablein = default
|
||||
Verify = RSA-2048-PUBLIC
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_pss_saltlen:auto
|
||||
@@ -405,6 +422,10 @@ Output=4DE433D5844043EF08D354DA03CB29068
|
||||
Result = VERIFY_ERROR
|
||||
|
||||
# Verify using default parameters, explicitly setting parameters
|
||||
+# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which
|
||||
+# RHEL-9 does not support in FIPS mode; all these tests are thus marked
|
||||
+# Availablein = default.
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_pss_saltlen:20
|
||||
@@ -413,6 +434,7 @@ Input="0123456789ABCDEF0123"
|
||||
Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
|
||||
|
||||
# Verify explicitly setting parameters "digest" salt length
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_pss_saltlen:digest
|
||||
@@ -421,18 +443,21 @@ Input="0123456789ABCDEF0123"
|
||||
Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
|
||||
|
||||
# Verify using salt length larger than minimum
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_pss_saltlen:30
|
||||
Input="0123456789ABCDEF0123"
|
||||
Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
|
||||
|
||||
# Verify using maximum salt length
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_pss_saltlen:max
|
||||
Input="0123456789ABCDEF0123"
|
||||
Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6
|
||||
|
||||
# Attempt to change salt length below minimum
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_pss_saltlen:0
|
||||
Result = PKEY_CTRL_ERROR
|
||||
@@ -440,21 +465,25 @@ Result = PKEY_CTRL_ERROR
|
||||
# Attempt to change padding mode
|
||||
# Note this used to return PKEY_CTRL_INVALID
|
||||
# but it is limited because setparams only returns 0 or 1.
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = rsa_padding_mode:pkcs1
|
||||
Result = PKEY_CTRL_ERROR
|
||||
|
||||
# Attempt to change digest
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-DEFAULT
|
||||
Ctrl = digest:sha256
|
||||
Result = PKEY_CTRL_ERROR
|
||||
|
||||
# Invalid key: rejected when we try to init
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-BAD
|
||||
Result = KEYOP_INIT_ERROR
|
||||
Reason = invalid salt length
|
||||
|
||||
# Invalid key: rejected when we try to init
|
||||
+Availablein = default
|
||||
Verify = RSA-PSS-BAD2
|
||||
Result = KEYOP_INIT_ERROR
|
||||
Reason = invalid salt length
|
||||
@@ -473,36 +502,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF
|
||||
4fINDOjP+yJJvZohNwIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e
|
||||
Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd
|
||||
Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0652ec67bcee30f9d2699122b91c19abdba89f91
|
||||
Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=39c21c4cceda9c1adf839c744e1212a6437575ec
|
||||
Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=36dae913b77bd17cae6e7b09453d24544cebb33c
|
||||
Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-1
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -518,36 +553,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E
|
||||
0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0
|
||||
Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=2dac956d53964748ac364d06595827c6b4f143cd
|
||||
Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298
|
||||
Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e
|
||||
Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a
|
||||
Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-9
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -565,36 +606,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5
|
||||
BQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4
|
||||
Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=b503319399277fd6c1c8f1033cbf04199ea21716
|
||||
Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=50aaede8536b2c307208b275a67ae2df196c7628
|
||||
Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294
|
||||
Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=fad3902c9750622a2bc672622c48270cc57d3ea8
|
||||
Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc
|
||||
|
||||
+Availablein = default
|
||||
Verify=RSA-PSS-10
|
||||
Ctrl = rsa_padding_mode:pss
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -1384,11 +1431,13 @@ Title = RSA FIPS tests
|
||||
|
||||
# FIPS tests
|
||||
|
||||
-# Verifying with SHA1 is permitted in fips mode for older applications
|
||||
+# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode
|
||||
+Availablein = fips
|
||||
DigestVerify = SHA1
|
||||
Key = RSA-2048
|
||||
Input = "Hello "
|
||||
Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859
|
||||
+Result = DIGESTVERIFYINIT_ERROR
|
||||
|
||||
# Verifying with a 1024 bit key is permitted in fips mode for older applications
|
||||
DigestVerify = SHA256
|
||||
Index: openssl-3.1.4/test/recipes/80-test_cms.t
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/80-test_cms.t
|
||||
+++ openssl-3.1.4/test/recipes/80-test_cms.t
|
||||
@@ -163,7 +163,7 @@ my @smime_pkcs7_tests = (
|
||||
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
|
||||
"-certfile", $smroot,
|
||||
"-signer", $smrsa1, "-out", "{output}.cms" ],
|
||||
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
|
||||
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
|
||||
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||
\&final_compare
|
||||
],
|
||||
@@ -171,7 +171,7 @@ my @smime_pkcs7_tests = (
|
||||
[ "signed zero-length content S/MIME format, RSA key SHA1",
|
||||
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
|
||||
"-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
|
||||
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
|
||||
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
|
||||
"-CAfile", $smroot, "-out", "{output}.txt" ],
|
||||
\&zero_compare
|
||||
],
|
||||
Index: openssl-3.1.4/test/recipes/80-test_ssl_old.t
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/80-test_ssl_old.t
|
||||
+++ openssl-3.1.4/test/recipes/80-test_ssl_old.t
|
||||
@@ -397,6 +397,9 @@ sub testssl {
|
||||
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
|
||||
}
|
||||
|
||||
+ SKIP: {
|
||||
+ skip "SSLv3 is not supported by the FIPS provider", 4
|
||||
+ if $provider eq "fips";
|
||||
ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
|
||||
'test sslv2/sslv3 with server authentication');
|
||||
ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
|
||||
@@ -405,6 +408,7 @@ sub testssl {
|
||||
'test sslv2/sslv3 with both client and server authentication via BIO pair');
|
||||
ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
|
||||
'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
|
||||
+ }
|
||||
|
||||
SKIP: {
|
||||
skip "No IPv4 available on this machine", 4
|
@ -0,0 +1,98 @@
|
||||
From 589eb3898896c1ac916bc20069ecd5adb8534850 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Fri, 17 Feb 2023 15:31:08 +0100
|
||||
Subject: [PATCH] GCM: Implement explicit FIPS indicator for IV gen
|
||||
|
||||
Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
Verification Program, Section C.H requires guarantees about the
|
||||
uniqueness of key/iv pairs, and proposes a few approaches to ensure
|
||||
this. Provide an indicator for option 2 "The IV may be generated
|
||||
internally at its entirety randomly."
|
||||
|
||||
Resolves: rhbz#2168289
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/evp.h | 4 +++
|
||||
.../implementations/ciphers/ciphercommon.c | 4 +++
|
||||
.../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
|
||||
4 files changed, 34 insertions(+)
|
||||
|
||||
Index: openssl-3.1.4/include/openssl/core_names.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/core_names.h
|
||||
+++ openssl-3.1.4/include/openssl/core_names.h
|
||||
@@ -99,6 +99,7 @@ extern "C" {
|
||||
#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */
|
||||
/* For passing the AlgorithmIdentifier parameter in DER form */
|
||||
#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */
|
||||
+#define OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator" /* int */
|
||||
|
||||
#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \
|
||||
"tls1multi_maxsndfrag" /* uint */
|
||||
Index: openssl-3.1.4/include/openssl/evp.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/evp.h
|
||||
+++ openssl-3.1.4/include/openssl/evp.h
|
||||
@@ -750,6 +750,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER
|
||||
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
|
||||
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
|
||||
|
||||
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_CIPHER_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
||||
const unsigned char *key, const unsigned char *iv);
|
||||
/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/ciphers/ciphercommon.c
|
||||
+++ openssl-3.1.4/providers/implementations/ciphers/ciphercommon.c
|
||||
@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_know
|
||||
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
|
||||
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
|
||||
+ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does
|
||||
+ * not work in ciphercommon.c because it is compiled only once into
|
||||
+ * libcommon.a */
|
||||
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
|
||||
Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
+++ openssl-3.1.4/providers/implementations/ciphers/ciphercommon_gcm.c
|
||||
@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx,
|
||||
|| !getivgen(ctx, p->data, p->data_size))
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+ /* We would usually hide this under #ifdef FIPS_MODULE, but
|
||||
+ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do
|
||||
+ * not work here. */
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_CIPHER_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section C.H requires guarantees about the
|
||||
+ * uniqueness of key/iv pairs, and proposes a few approaches to ensure
|
||||
+ * this. This provides an indicator for option 2 "The IV may be
|
||||
+ * generated internally at its entirety randomly." Note that one of the
|
||||
+ * conditions of this option is that "The IV length shall be at least
|
||||
+ * 96 bits (per SP 800-38D)." We do not specically check for this
|
||||
+ * condition here, because gcm_iv_generate will fail in this case. */
|
||||
+ if (ctx->enc && !ctx->iv_gen_rand)
|
||||
+ fips_indicator = EVP_CIPHER_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator)) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
28
openssl-3-FIPS-PCT_rsa_keygen.patch
Normal file
28
openssl-3-FIPS-PCT_rsa_keygen.patch
Normal file
@ -0,0 +1,28 @@
|
||||
Index: openssl-3.1.4/crypto/rsa/rsa_gen.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/rsa/rsa_gen.c
|
||||
+++ openssl-3.1.4/crypto/rsa/rsa_gen.c
|
||||
@@ -428,7 +428,12 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
||||
|
||||
#ifdef FIPS_MODULE
|
||||
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
|
||||
- pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
|
||||
+ /* FIPS MODE needs to always run the pairwise test. But, the
|
||||
+ * rsa_keygen_pairwise_test() PCT as self-test requirements will be
|
||||
+ * covered by do_rsa_pct() for both RSA-OAEP and RSA signatures and
|
||||
+ * this PCT can be skipped here. See bsc#1221760 for more info.
|
||||
+ */
|
||||
+ pairwise_test = 0;
|
||||
#else
|
||||
/*
|
||||
* Only multi-prime keys or insecure keys with a small key length or a
|
||||
@@ -463,6 +468,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
||||
rsa->dmp1 = NULL;
|
||||
rsa->dmq1 = NULL;
|
||||
rsa->iqmp = NULL;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ abort();
|
||||
+#endif /* FIPS_MODULE */
|
||||
}
|
||||
}
|
||||
return ok;
|
372
openssl-3-jitterentropy-3.4.0.patch
Normal file
372
openssl-3-jitterentropy-3.4.0.patch
Normal file
@ -0,0 +1,372 @@
|
||||
Index: openssl-3.1.4/Configurations/00-base-templates.conf
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/Configurations/00-base-templates.conf
|
||||
+++ openssl-3.1.4/Configurations/00-base-templates.conf
|
||||
@@ -71,9 +71,12 @@ my %targets=(
|
||||
lflags =>
|
||||
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
|
||||
ex_libs =>
|
||||
- sub { !defined($disabled{zlib})
|
||||
- && defined($disabled{"zlib-dynamic"})
|
||||
- ? "-lz" : () },
|
||||
+ sub {
|
||||
+ my @libs = ();
|
||||
+ push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
|
||||
+ push(@libs, "-ljitterentropy") if !defined($disabled{jitterentropy});
|
||||
+ return join(" ", @libs);
|
||||
+ },
|
||||
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
|
||||
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
|
||||
? "ranlib" : "" },
|
||||
Index: openssl-3.1.4/crypto/rand/rand_jitter_entropy.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-3.1.4/crypto/rand/rand_jitter_entropy.c
|
||||
@@ -0,0 +1,97 @@
|
||||
+# include "jitterentropy.h"
|
||||
+# include "prov/jitter_entropy.h"
|
||||
+
|
||||
+struct rand_data* ec = NULL;
|
||||
+CRYPTO_RWLOCK *jent_lock = NULL;
|
||||
+int stop = 0;
|
||||
+
|
||||
+struct rand_data* FIPS_entropy_init(void)
|
||||
+{
|
||||
+ if (ec != NULL) {
|
||||
+ /* Entropy source has been initiated and collector allocated */
|
||||
+ return ec;
|
||||
+ }
|
||||
+ if (stop != 0) {
|
||||
+ /* FIPS_entropy_cleanup() already called, don't initialize it again */
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ if (jent_lock == NULL) {
|
||||
+ /* Allocates a new lock to serialize access to jent library */
|
||||
+ jent_lock = CRYPTO_THREAD_lock_new();
|
||||
+ if (jent_lock == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ if (CRYPTO_THREAD_write_lock(jent_lock) == 0) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ /* If the initialization is successful, the call returns with 0 */
|
||||
+ if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0) {
|
||||
+ /* Allocate entropy collector */
|
||||
+ ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
|
||||
+ } else {
|
||||
+ /* abort if jitter rng fails initialization */
|
||||
+ abort();
|
||||
+ }
|
||||
+ if (ec == NULL) {
|
||||
+ /* abort if jitter rng fails initialization */
|
||||
+ abort();
|
||||
+ }
|
||||
+ CRYPTO_THREAD_unlock(jent_lock);
|
||||
+
|
||||
+ return ec;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * The following error codes can be returned by jent_read_entropy_safe():
|
||||
+ * -1 entropy_collector is NULL
|
||||
+ * -2 RCT failed
|
||||
+ * -3 APT failed
|
||||
+ * -4 The timer cannot be initialized
|
||||
+ * -5 LAG failure
|
||||
+ * -6 RCT permanent failure
|
||||
+ * -7 APT permanent failure
|
||||
+ * -8 LAG permanent failure
|
||||
+ */
|
||||
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
|
||||
+{
|
||||
+ ssize_t ent_bytes = -1;
|
||||
+
|
||||
+ /*
|
||||
+ * Order is important. We need to call FIPS_entropy_init() before we
|
||||
+ * acquire jent_lock, otherwise it can lead to deadlock. Once we have
|
||||
+ * jent_lock, we need to ensure that FIPS_entropy_cleanup() was not called
|
||||
+ * in the meantime. Then it's safe to read entropy.
|
||||
+ */
|
||||
+ if (buf != NULL
|
||||
+ && buflen != 0
|
||||
+ && FIPS_entropy_init()
|
||||
+ && CRYPTO_THREAD_write_lock(jent_lock) != 0
|
||||
+ && stop == 0) {
|
||||
+ /* Get entropy */
|
||||
+ ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
|
||||
+ if (ent_bytes < 0) {
|
||||
+ /* abort if jitter rng fails entropy gathering because health tests failed. */
|
||||
+ abort();
|
||||
+ }
|
||||
+ CRYPTO_THREAD_unlock(jent_lock);
|
||||
+ }
|
||||
+
|
||||
+ return ent_bytes;
|
||||
+}
|
||||
+
|
||||
+void FIPS_entropy_cleanup(void)
|
||||
+{
|
||||
+ if (jent_lock != NULL && stop == 0) {
|
||||
+ CRYPTO_THREAD_write_lock(jent_lock);
|
||||
+ }
|
||||
+ /* Disable re-initialization in FIPS_entropy_init() */
|
||||
+ stop = 1;
|
||||
+ /* Free entropy collector */
|
||||
+ if (ec != NULL) {
|
||||
+ jent_entropy_collector_free(ec);
|
||||
+ ec = NULL;
|
||||
+ }
|
||||
+ CRYPTO_THREAD_lock_free(jent_lock);
|
||||
+ jent_lock = NULL;
|
||||
+}
|
||||
Index: openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/rands/seeding/rand_unix.c
|
||||
+++ openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "internal/dso.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "prov/seeding.h"
|
||||
+#include "prov/jitter_entropy.h"
|
||||
|
||||
#ifdef __linux
|
||||
# include <sys/syscall.h>
|
||||
@@ -631,6 +632,31 @@ size_t ossl_pool_acquire_entropy(RAND_PO
|
||||
|
||||
(void)entropy_available; /* avoid compiler warning */
|
||||
|
||||
+ /* Use jitter entropy in FIPS mode */
|
||||
+ if (EVP_default_properties_is_fips_enabled(NULL))
|
||||
+ {
|
||||
+ size_t bytes_needed;
|
||||
+ unsigned char *buffer;
|
||||
+ ssize_t bytes;
|
||||
+ /* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
+ int attempts = 3;
|
||||
+
|
||||
+ bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
+ while (bytes_needed != 0 && attempts-- > 0) {
|
||||
+ buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
|
||||
+ bytes = FIPS_jitter_entropy(buffer, bytes_needed);
|
||||
+ if (bytes > 0) {
|
||||
+ ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
+ bytes_needed -= bytes;
|
||||
+ attempts = 3; /* reset counter after successful attempt */
|
||||
+ } else if (bytes < 0) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ entropy_available = ossl_rand_pool_entropy_available(pool);
|
||||
+ return entropy_available;
|
||||
+ }
|
||||
+
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
{
|
||||
size_t bytes_needed;
|
||||
Index: openssl-3.1.4/providers/implementations/include/prov/jitter_entropy.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-3.1.4/providers/implementations/include/prov/jitter_entropy.h
|
||||
@@ -0,0 +1,17 @@
|
||||
+#ifndef OSSL_PROVIDERS_JITTER_ENTROPY_H
|
||||
+# define OSSL_PROVIDERS_JITTER_ENTROPY_H
|
||||
+
|
||||
+# include <openssl/core.h>
|
||||
+# include <openssl/types.h>
|
||||
+# include <openssl/crypto.h>
|
||||
+# include <openssl/fips.h>
|
||||
+
|
||||
+extern struct rand_data* ec;
|
||||
+extern CRYPTO_RWLOCK *jent_lock;
|
||||
+extern int stop;
|
||||
+
|
||||
+struct rand_data* FIPS_entropy_init(void);
|
||||
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen);
|
||||
+void FIPS_entropy_cleanup(void);
|
||||
+
|
||||
+#endif
|
||||
Index: openssl-3.1.4/providers/fips/self_test.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/self_test.c
|
||||
+++ openssl-3.1.4/providers/fips/self_test.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "internal/tsan_assist.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "crypto/rand.h"
|
||||
+#include "prov/jitter_entropy.h"
|
||||
|
||||
/*
|
||||
* We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
|
||||
@@ -392,6 +393,11 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (!FIPS_entropy_init()) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_ENTROPY_INIT_FAILED);
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
if (st == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
|
||||
goto end;
|
||||
Index: openssl-3.1.4/include/openssl/proverr.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/proverr.h
|
||||
+++ openssl-3.1.4/include/openssl/proverr.h
|
||||
@@ -44,6 +44,7 @@
|
||||
# define PROV_R_FAILED_TO_GET_PARAMETER 103
|
||||
# define PROV_R_FAILED_TO_SET_PARAMETER 104
|
||||
# define PROV_R_FAILED_TO_SIGN 175
|
||||
+# define PROV_R_FIPS_ENTROPY_INIT_FAILED 234
|
||||
# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227
|
||||
# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224
|
||||
# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225
|
||||
Index: openssl-3.1.4/providers/common/provider_err.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/common/provider_err.c
|
||||
+++ openssl-3.1.4/providers/common/provider_err.c
|
||||
@@ -54,6 +54,8 @@ static const ERR_STRING_DATA PROV_str_re
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER),
|
||||
"failed to set parameter"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SIGN), "failed to sign"},
|
||||
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_ENTROPY_INIT_FAILED),
|
||||
+ "fips module jitter entropy init failed"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR),
|
||||
"fips module conditional error"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE),
|
||||
Index: openssl-3.1.4/crypto/rand/build.info
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/rand/build.info
|
||||
+++ openssl-3.1.4/crypto/rand/build.info
|
||||
@@ -1,6 +1,6 @@
|
||||
LIBS=../../libcrypto
|
||||
|
||||
-$COMMON=rand_lib.c
|
||||
+$COMMON=rand_lib.c rand_jitter_entropy.c
|
||||
$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
|
||||
|
||||
IF[{- !$disabled{'egd'} -}]
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include "crypto/context.h"
|
||||
#include "internal/core.h"
|
||||
#include "indicator.h"
|
||||
+#include "prov/jitter_entropy.h"
|
||||
|
||||
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
|
||||
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
|
||||
@@ -603,6 +604,7 @@ const OSSL_SUSE_FIPSINDICATOR_ALGORITHM
|
||||
|
||||
static void fips_teardown(void *provctx)
|
||||
{
|
||||
+ FIPS_entropy_cleanup();
|
||||
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
|
||||
ossl_prov_ctx_free(provctx);
|
||||
}
|
||||
Index: openssl-3.1.4/util/libcrypto.num
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/util/libcrypto.num
|
||||
+++ openssl-3.1.4/util/libcrypto.num
|
||||
@@ -5441,3 +5441,5 @@ X509_get_default_cert_path_env
|
||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||
+FIPS_entropy_init ? 3_1_4 EXIST::FUNCTION:
|
||||
+FIPS_entropy_cleanup ? 3_1_4 EXIST::FUNCTION:
|
||||
Index: openssl-3.1.4/Configure
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/Configure
|
||||
+++ openssl-3.1.4/Configure
|
||||
@@ -454,6 +454,7 @@ my @disablables = (
|
||||
"fuzz-libfuzzer",
|
||||
"gost",
|
||||
"idea",
|
||||
+ "jitterentropy",
|
||||
"ktls",
|
||||
"legacy",
|
||||
"loadereng",
|
||||
@@ -550,6 +551,7 @@ our %disabled = ( # "what" => "c
|
||||
"external-tests" => "default",
|
||||
"fuzz-afl" => "default",
|
||||
"fuzz-libfuzzer" => "default",
|
||||
+ "jitterentropy" => "default",
|
||||
"ktls" => "default",
|
||||
"md2" => "default",
|
||||
"msan" => "default",
|
||||
@@ -763,7 +765,7 @@ my %cmdvars = (); # Stores
|
||||
my %unsupported_options = ();
|
||||
my %deprecated_options = ();
|
||||
# If you change this, update apps/version.c
|
||||
-my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom);
|
||||
+my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom jitterentropy);
|
||||
my @seed_sources = ();
|
||||
while (@argvcopy)
|
||||
{
|
||||
@@ -1231,6 +1233,9 @@ if (scalar(@seed_sources) == 0) {
|
||||
if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) {
|
||||
delete $disabled{'egd'};
|
||||
}
|
||||
+if (scalar(grep { $_ eq 'jitterentropy' } @seed_sources) > 0) {
|
||||
+ delete $disabled{'jitterentropy'};
|
||||
+}
|
||||
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
|
||||
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
|
||||
warn <<_____ if scalar(@seed_sources) == 1;
|
||||
Index: openssl-3.1.4/crypto/info.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/info.c
|
||||
+++ openssl-3.1.4/crypto/info.c
|
||||
@@ -15,6 +15,9 @@
|
||||
#include "internal/e_os.h"
|
||||
#include "buildinf.h"
|
||||
|
||||
+# include <stdio.h>
|
||||
+# include <jitterentropy.h>
|
||||
+
|
||||
#if defined(__arm__) || defined(__arm) || defined(__aarch64__)
|
||||
# include "arm_arch.h"
|
||||
# define CPU_INFO_STR_LEN 128
|
||||
@@ -128,6 +131,14 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings
|
||||
OPENSSL_strlcat(seeds, ")", sizeof(seeds)); \
|
||||
} while (0)
|
||||
|
||||
+ /* In FIPS mode, only jitterentropy is used for seeding and
|
||||
+ * reseeding the primary DRBG.
|
||||
+ */
|
||||
+ if (EVP_default_properties_is_fips_enabled(NULL)) {
|
||||
+ char jent_version_string[32];
|
||||
+ sprintf(jent_version_string, "jitterentropy (%d)", jent_version());
|
||||
+ add_seeds_string(jent_version_string);
|
||||
+ } else {
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
add_seeds_string("none");
|
||||
#endif
|
||||
@@ -156,6 +167,7 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings
|
||||
#ifdef OPENSSL_RAND_SEED_OS
|
||||
add_seeds_string("os-specific");
|
||||
#endif
|
||||
+ }
|
||||
seed_sources = seeds;
|
||||
}
|
||||
return 1;
|
||||
Index: openssl-3.1.4/INSTALL.md
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/INSTALL.md
|
||||
+++ openssl-3.1.4/INSTALL.md
|
||||
@@ -463,6 +463,12 @@ if provided by the CPU.
|
||||
Use librandom (not implemented yet).
|
||||
This source is ignored by the FIPS provider.
|
||||
|
||||
+### jitterentropy
|
||||
+
|
||||
+Use [jitterentropy-library](https://github.com/smuellerDD/jitterentropy-library)
|
||||
+dynamically linked. In FIPS mode, only the jitter RNG is used to seed and reseed
|
||||
+the primary DRBG.
|
||||
+
|
||||
### none
|
||||
|
||||
Disable automatic seeding. This is the default on some operating systems where
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 22 15:18:03 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
|
||||
|
||||
- Security fix: [bsc#1229465, CVE-2024-6119]
|
||||
* possible denial of service in X.509 name checks
|
||||
* openssl-CVE-2024-6119.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 22 16:42:52 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
@ -21,6 +28,121 @@ Mon Jul 15 05:52:07 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||
- Add reproducible.patch to fix bsc#1223336
|
||||
aes-gcm-avx512.pl: fix non-reproducibility issue
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 13:20:21 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Deny SHA-1 signature verification in FIPS provider [bsc#1221365]
|
||||
* SHA-1 is not allowed anymore in FIPS 186-5 for signature
|
||||
verification operations. After 12/31/2030, NIST will disallow
|
||||
SHA-1 for all of its usages.
|
||||
* Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 1 09:41:11 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: RSA keygen PCT requirements.
|
||||
* Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the
|
||||
self-test requirements are covered by do_rsa_pct() for both
|
||||
RSA-OAEP and RSA signatures [bsc#1221760]
|
||||
* Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753]
|
||||
* Add openssl-3-FIPS-PCT_rsa_keygen.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 19 15:51:52 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Check that the fips provider is available before setting
|
||||
it as the default provider in FIPS mode. [bsc#1220523]
|
||||
* Rebase openssl-Force-FIPS.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 10 20:50:41 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Port openssl to use jitterentropy [bsc#1220523]
|
||||
* Set the module in error state if the jitter RNG fails either on
|
||||
initialization or entropy gathering because health tests failed.
|
||||
* Add jitterentropy as a seeding source output also in crypto/info.c
|
||||
* Move the jitter entropy collector and the associated lock out
|
||||
of the header file to avoid redefinitions.
|
||||
* Add the fips_local.cnf symlink to the spec file. This simlink
|
||||
points to the openssl_fips.config file that is provided by the
|
||||
crypto-policies package.
|
||||
* Rebase openssl-3-jitterentropy-3.4.0.patch
|
||||
* Rebase openssl-FIPS-enforce-EMS-support.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 7 14:51:08 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
|
||||
|
||||
- FIPS: Block non-Approved Elliptic Curves [bsc#1221786]
|
||||
* Add patches
|
||||
- openssl-Add-changes-to-ectest-and-eccurve.patch
|
||||
- openssl-Remove-EC-curves.patch
|
||||
- openssl-Disable-explicit-ec.patch
|
||||
- openssl-skipped-tests-EC-curves.patch
|
||||
- openssl-FIPS-services-minimize.patch
|
||||
- FIPS: Service Level Indicator [bsc#1221365]
|
||||
* Add patches:
|
||||
- openssl-FIPS-Expose-a-FIPS-indicator.patch
|
||||
- openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
- openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
||||
- openssl-FIPS-RSA-disable-shake.patch
|
||||
- openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
- openssl-FIPS-Add-explicit-indicator-for-key-length.patch
|
||||
- openssl-FIPS-limit-rsa-encrypt.patch
|
||||
- openssl-FIPS-enforce-EMS-support.patch
|
||||
- openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
|
||||
- openssl-FIPS-services-minimize.patch
|
||||
- openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
- openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
||||
- openssl-FIPS-enforce-security-checks-during-initialization.patch
|
||||
- TODO: incomplete
|
||||
- FIPS: Output the FIPS-validation name and module version which uniquely
|
||||
identify the FIPS validated module. [bsc#1221751]
|
||||
* Add openssl-FIPS-release_num_in_version_string.patch
|
||||
- FIPS: Add required selftests: [bsc#1221760]
|
||||
* Add patches
|
||||
- openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
||||
- openssl-FIPS-Use-FFDHE2048-in-self-test.patch
|
||||
- openssl-FIPS-early-KATS.patch
|
||||
- openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||
- openssl-FIPS-140-3-keychecks.patch
|
||||
- FIPS: DH: Disable FIPS 186-4 Domain Parameters [bsc#1221821]
|
||||
Add openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
- FIPS: Recommendation for Password-Based Key Derivation [bsc#1221827]
|
||||
* Add additional check required by FIPS 140-3. Minimum value for
|
||||
PBKDF2 password is 20 characters.
|
||||
* Add patches:
|
||||
- openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
- openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
- FIPS: Zeroization is required [bsc#1221752]
|
||||
* Add openssl-FIPS-140-3-zeroization.patch
|
||||
- FIPS: Reseed DRBG [bsc#1220690, bsc#1220693, bsc#1220696]
|
||||
* Enable prediction resistance for primary DRBG
|
||||
* Add oversampling of the noise source to comply with requirements of
|
||||
NIST SP 800-90C
|
||||
* Change CRNG buf size to align with output size of the Jitter RNG
|
||||
* Add openssl-FIPS-140-3-DRBG.patch
|
||||
- FIPS: NIST SP 800-56Brev2 [bsc#1221824]
|
||||
* Add patches:
|
||||
- openssl-FIPS-limit-rsa-encrypt.patch
|
||||
- openssl-FIPS-RSA-encapsulate.patch
|
||||
- openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
||||
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 [bsc#1221787]
|
||||
* Add patches:
|
||||
- openssl-FIPS-services-minimize.patch
|
||||
- openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
|
||||
- openssl-Allow-disabling-of-SHA1-signatures.patch
|
||||
- openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||
- FIPS: Port openssl to use jitterentropy [bsc#1220523]
|
||||
* Add openssl-3-jitterentropy-3.4.0.patch
|
||||
* Add build dependency on jitterentropy-devel >= 3.4.0 and
|
||||
libjitterentropy3 >= 3.4.0
|
||||
- FIPS: NIST SP 800-56Arev3 [bsc#1221822]
|
||||
* Add openssl-FIPS-140-3-keychecks.patch
|
||||
- FIPS: Error state has to be enforced [bsc#1221753]
|
||||
* Add patches:
|
||||
- openssl-FIPS-140-3-keychecks.patch
|
||||
- openssl-FIPS-Enforce-error-state.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 6 15:12:10 UTC 2024 - Peter Simons <psimons@suse.com>
|
||||
|
||||
|
@ -100,6 +100,73 @@ Patch32: openssl-CVE-2024-4741.patch
|
||||
Patch33: reproducible.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1227138 CVE-2024-5535: SSL_select_next_proto buffer overread
|
||||
Patch34: openssl-CVE-2024-5535.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221786 FIPS: Use of non-Approved Elliptic Curves
|
||||
Patch35: openssl-Add-changes-to-ectest-and-eccurve.patch
|
||||
Patch36: openssl-Remove-EC-curves.patch
|
||||
Patch37: openssl-Disable-explicit-ec.patch
|
||||
Patch38: openssl-skipped-tests-EC-curves.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221753 bsc#1221760 bsc#1221822 FIPS: Extra public/private key checks required by FIPS-140-3
|
||||
Patch39: openssl-FIPS-140-3-keychecks.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221786 bsc#1221787 FIPS: Minimize fips services
|
||||
Patch40: openssl-FIPS-services-minimize.patch
|
||||
# PATCH-FIX-SUSE bsc#1221751 FIPS: Add release number to version string
|
||||
Patch41: openssl-FIPS-release_num_in_version_string.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Execute KATS before HMAC verification
|
||||
Patch42: openssl-FIPS-early-KATS.patch
|
||||
# PATCH-FIX-SUSE bsc#1221787 FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4
|
||||
Patch43: openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221787 FIPS: Selectively disallow SHA1 signatures
|
||||
Patch44: openssl-Allow-disabling-of-SHA1-signatures.patch
|
||||
Patch45: openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221824 FIPS: Service Level Indicator is needed
|
||||
Patch46: openssl-FIPS-limit-rsa-encrypt.patch
|
||||
Patch47: openssl-FIPS-Expose-a-FIPS-indicator.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Execute KATS before HMAC verification
|
||||
Patch48: openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221760 FIPS: Selftests are required
|
||||
Patch49: openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Selftests are required
|
||||
Patch50: openssl-FIPS-Use-FFDHE2048-in-self-test.patch
|
||||
# PATCH-FIX-FEDORA bsc#1220690 bsc#1220693 bsc#1220696 FIPS: Reseed DRBG
|
||||
Patch51: openssl-FIPS-140-3-DRBG.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221752 FIPS: Zeroisation is required
|
||||
Patch52: openssl-FIPS-140-3-zeroization.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch53: openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
Patch54: openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch55: openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch56: openssl-FIPS-Add-explicit-indicator-for-key-length.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221827 FIPS: Recommendation for Password-Based Key Derivation
|
||||
Patch57: openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch58: openssl-FIPS-RSA-disable-shake.patch
|
||||
Patch59: openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221824 FIPS: NIST SP 800-56Brev2 Section 6.4.1.2.1
|
||||
Patch60: openssl-FIPS-RSA-encapsulate.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221821 FIPS: Disable FIPS 186-4 Domain Parameters
|
||||
Patch61: openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
# PATCH-FIX-SUSE bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch62: openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221827 FIPS: Recommendation for Password-Based Key Derivation
|
||||
Patch63: openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch64: openssl-FIPS-enforce-EMS-support.patch
|
||||
# PATCH-FIX-SUSE bsc#1221824 FIPS: Add check for SP 800-56Brev2 Section 6.4.1.2.1
|
||||
Patch65: openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
||||
# PATCH-FIX-SUSE bsc#1220523 FIPS: Port openssl to use jitterentropy
|
||||
Patch66: openssl-3-jitterentropy-3.4.0.patch
|
||||
# PATCH-FIX-SUSE bsc#1221753 FIPS: Enforce error state
|
||||
Patch67: openssl-FIPS-Enforce-error-state.patch
|
||||
# PATCH-FIX-SUSE bsc#1221365 FIPS: Service Level Indicator is needed
|
||||
Patch68: openssl-FIPS-enforce-security-checks-during-initialization.patch
|
||||
# PATCH-FIX-SUSE bsc#1221753 bsc#1221760 FIPS: RSA keygen PCT requirements
|
||||
Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch
|
||||
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider
|
||||
Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks
|
||||
Patch71: openssl-CVE-2024-6119.patch
|
||||
BuildRequires: pkgconfig
|
||||
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
|
||||
BuildRequires: ulp-macros
|
||||
@ -155,6 +222,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
Summary: Development files for OpenSSL
|
||||
Requires: libopenssl3 = %{version}
|
||||
Requires: pkgconfig(zlib)
|
||||
Requires: jitterentropy-devel >= 3.4.0
|
||||
Recommends: %{name} = %{version}
|
||||
Provides: ssl-devel
|
||||
Conflicts: ssl-devel
|
||||
@ -170,7 +238,9 @@ that want to make use of the OpenSSL C API.
|
||||
%package -n libopenssl-3-fips-provider
|
||||
Summary: OpenSSL FIPS provider
|
||||
Requires: libopenssl3 >= %{version}
|
||||
Requires: libjitterentropy3 >= 3.4.0
|
||||
BuildRequires: fipscheck
|
||||
BuildRequires: jitterentropy-devel >= 3.4.0
|
||||
|
||||
%description -n libopenssl-3-fips-provider
|
||||
This package contains the OpenSSL FIPS provider.
|
||||
@ -206,6 +276,7 @@ export MACHINE=armv6l
|
||||
enable-ec_nistp_64_gcc_128 \
|
||||
%endif
|
||||
enable-fips \
|
||||
enable-jitterentropy \
|
||||
enable-ktls \
|
||||
zlib \
|
||||
--prefix=%{_prefix} \
|
||||
@ -219,10 +290,11 @@ export MACHINE=armv6l
|
||||
-DTERMIO \
|
||||
-DPURIFY \
|
||||
-D_GNU_SOURCE \
|
||||
'-DSUSE_OPENSSL_RELEASE="\"%{release}\""' \
|
||||
-DOPENSSL_NO_BUF_FREELISTS \
|
||||
$(getconf LFS_CFLAGS) \
|
||||
-Wall \
|
||||
--with-rand-seed=getrandom \
|
||||
--with-rand-seed=getrandom,jitterentropy \
|
||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config
|
||||
|
||||
# Show build configuration
|
||||
@ -266,10 +338,10 @@ LD_LIBRARY_PATH="$PWD" make test -j16
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
|
||||
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < %{buildroot}%{_libdir}/ossl-modules/fips.so > %{buildroot}%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
objcopy --update-section .rodata1=%{buildroot}%{_libdir}/ossl-modules/fips.so.hmac %{buildroot}%{_libdir}/ossl-modules/fips.so %{buildroot}%{_libdir}/ossl-modules/fips.so.mac \
|
||||
mv %{buildroot}%{_libdir}/ossl-modules/fips.so.mac %{buildroot}%{_libdir}/ossl-modules/fips.so \
|
||||
rm %{buildroot}%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
%{nil}
|
||||
|
||||
# show ciphers
|
||||
@ -316,6 +388,11 @@ mkdir %{buildroot}/%{sslengdef}
|
||||
ln -s %{sslengcnf} %{buildroot}/%{ssletcdir}/engines.d
|
||||
ln -s %{sslengdef} %{buildroot}/%{ssletcdir}/engdef.d
|
||||
|
||||
# Add the FIPS module configuration from crypto-policies since SP6
|
||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
|
||||
ln -s %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config %{buildroot}%{ssletcdir}/fips_local.cnf
|
||||
%endif
|
||||
|
||||
# Avoid file conflicts with man pages from other packages
|
||||
pushd %{buildroot}/%{_mandir}
|
||||
find . -type f -exec chmod 644 {} +
|
||||
@ -395,6 +472,9 @@ fi
|
||||
%config %{ssletcdir}/openssl-orig.cnf
|
||||
%config (noreplace) %{ssletcdir}/openssl.cnf
|
||||
%config (noreplace) %{ssletcdir}/ct_log_list.cnf
|
||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
|
||||
%config %{ssletcdir}/fips_local.cnf
|
||||
%endif
|
||||
%attr(700,root,root) %{ssletcdir}/private
|
||||
%dir %{sslengcnf}
|
||||
%dir %{sslengdef}
|
||||
|
877
openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
Normal file
877
openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
Normal file
@ -0,0 +1,877 @@
|
||||
From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:29 +0200
|
||||
Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
|
||||
Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||
Patch-id: 78
|
||||
Patch-status: |
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
include/crypto/evp.h | 7 ++
|
||||
include/openssl/core_names.h | 1 +
|
||||
include/openssl/kdf.h | 4 +
|
||||
providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++-
|
||||
providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++--
|
||||
providers/implementations/kdfs/sshkdf.c | 75 +++++++++++++++-
|
||||
providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++-
|
||||
providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++-
|
||||
providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++-
|
||||
9 files changed, 487 insertions(+), 22 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/include/crypto/evp.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/crypto/evp.h
|
||||
+++ openssl-3.1.4/include/crypto/evp.h
|
||||
@@ -219,6 +219,13 @@ struct evp_mac_st {
|
||||
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
|
||||
};
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
|
||||
+ * Additional Keys from a Cryptographic Key, "[t]he length of the
|
||||
+ * key-derivation key [i.e., the input key] shall be at least 112 bits". */
|
||||
+# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
|
||||
+#endif
|
||||
+
|
||||
struct evp_kdf_st {
|
||||
OSSL_PROVIDER *prov;
|
||||
int name_id;
|
||||
Index: openssl-3.1.4/include/openssl/core_names.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/core_names.h
|
||||
+++ openssl-3.1.4/include/openssl/core_names.h
|
||||
@@ -226,6 +226,7 @@ extern "C" {
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
||||
+#define OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator"
|
||||
|
||||
/* Known KDF names */
|
||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||
Index: openssl-3.1.4/include/openssl/kdf.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/kdf.h
|
||||
+++ openssl-3.1.4/include/openssl/kdf.h
|
||||
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *
|
||||
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
||||
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
||||
|
||||
+# define EVP_KDF_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/hkdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/hkdf.c
|
||||
@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params
|
||||
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
|
||||
static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
|
||||
static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
|
||||
+static OSSL_FUNC_kdf_newctx_fn kdf_tls1_3_new;
|
||||
static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
|
||||
static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
|
||||
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
|
||||
@@ -86,6 +87,10 @@ typedef struct {
|
||||
size_t data_len;
|
||||
unsigned char *info;
|
||||
size_t info_len;
|
||||
+ int is_tls13;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_HKDF;
|
||||
|
||||
static void *kdf_hkdf_new(void *provctx)
|
||||
@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, u
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
switch (ctx->mode) {
|
||||
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
||||
default:
|
||||
@@ -363,13 +373,15 @@ static int kdf_hkdf_get_ctx_params(void
|
||||
{
|
||||
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
size_t sz = kdf_hkdf_size(ctx);
|
||||
|
||||
- if (sz == 0)
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz))
|
||||
return 0;
|
||||
- return OSSL_PARAM_set_size_t(p, sz);
|
||||
}
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
|
||||
if (ctx->info == NULL || ctx->info_len == 0) {
|
||||
@@ -378,7 +390,68 @@ static int kdf_hkdf_get_ctx_params(void
|
||||
}
|
||||
return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
|
||||
}
|
||||
- return -2;
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR))
|
||||
+ != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ if (ctx->is_tls13) {
|
||||
+ if (md != NULL
|
||||
+ && !EVP_MD_is_a(md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(md, "SHA2-384")) {
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic
|
||||
+ * Module Validation Program, Section 2.4.B, (5): "The TLS 1.3
|
||||
+ * key derivation function documented in Section 7.1 of RFC
|
||||
+ * 8446. This is considered an approved CVL because the
|
||||
+ * underlying functions performed within the TLS 1.3 KDF map to
|
||||
+ * NIST approved standards, namely: SP 800-133rev2 (Section 6.3
|
||||
+ * Option #3), SP 800-56Crev2, and SP 800-108."
|
||||
+ *
|
||||
+ * RFC 8446 appendix B.4 only lists SHA-256 and SHA-384. */
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (md != NULL
|
||||
+ && (EVP_MD_is_a(md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(md, "SHAKE-256"))) {
|
||||
+ /* HKDF is a SP 800-56Cr2 TwoStep KDF, for which all SHA-1,
|
||||
+ * SHA-2 and SHA-3 are approved. SHAKE is not approved, because
|
||||
+ * of FIPS 140-3 IG, section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the
|
||||
+ * standalone algorithms." */
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ }
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -387,6 +460,9 @@ static const OSSL_PARAM *kdf_hkdf_gettab
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
@@ -717,6 +793,17 @@ static int prov_tls13_hkdf_generate_secr
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static void *kdf_tls1_3_new(void *provctx)
|
||||
+{
|
||||
+ KDF_HKDF *hkdf = kdf_hkdf_new(provctx);
|
||||
+
|
||||
+ if (hkdf != NULL)
|
||||
+ hkdf->is_tls13 = 1;
|
||||
+
|
||||
+ return hkdf;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -732,6 +819,11 @@ static int kdf_tls1_3_derive(void *vctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
switch (ctx->mode) {
|
||||
default:
|
||||
return 0;
|
||||
@@ -809,7 +901,7 @@ static const OSSL_PARAM *kdf_tls1_3_sett
|
||||
}
|
||||
|
||||
const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
|
||||
- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new },
|
||||
+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_3_new },
|
||||
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup },
|
||||
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
|
||||
{ OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/kbkdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
|
||||
@@ -59,6 +59,9 @@ typedef struct {
|
||||
kbkdf_mode mode;
|
||||
EVP_MAC_CTX *ctx_init;
|
||||
|
||||
+ /* HMAC digest algorithm, if any; used to compute FIPS indicator */
|
||||
+ PROV_DIGEST digest;
|
||||
+
|
||||
/* Names are lowercased versions of those found in SP800-108. */
|
||||
int r;
|
||||
unsigned char *ki;
|
||||
@@ -72,6 +75,9 @@ typedef struct {
|
||||
int use_l;
|
||||
int is_kmac;
|
||||
int use_separator;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KBKDF;
|
||||
|
||||
/* Definitions needed for typechecking. */
|
||||
@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx)
|
||||
void *provctx = ctx->provctx;
|
||||
|
||||
EVP_MAC_CTX_free(ctx->ctx_init);
|
||||
+ ossl_prov_digest_reset(&ctx->digest);
|
||||
OPENSSL_clear_free(ctx->context, ctx->context_len);
|
||||
OPENSSL_clear_free(ctx->label, ctx->label_len);
|
||||
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
|
||||
@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsi
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
|
||||
if (h == 0)
|
||||
goto done;
|
||||
@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vc
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
|
||||
+ return 0;
|
||||
+
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
|
||||
if (p != NULL
|
||||
&& OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
|
||||
@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_
|
||||
static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
|
||||
- if (p == NULL)
|
||||
+ if (p != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* KBKDF can produce results as large as you like. */
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ KBKDF *ctx = (KBKDF *)vctx;
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." Note that the digest is only used when the MAC
|
||||
+ * algorithm is HMAC. */
|
||||
+ if (ctx->ctx_init != NULL
|
||||
+ && EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC)) {
|
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||
+ if (md != NULL
|
||||
+ && (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
return -2;
|
||||
|
||||
- /* KBKDF can produce results as large as you like. */
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
ossl_unused void *provctx)
|
||||
{
|
||||
- static const OSSL_PARAM known_gettable_ctx_params[] =
|
||||
- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
|
||||
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ OSSL_PARAM_END
|
||||
+ };
|
||||
return known_gettable_ctx_params;
|
||||
}
|
||||
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/sshkdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
|
||||
@@ -49,6 +49,9 @@ typedef struct {
|
||||
char type; /* X */
|
||||
unsigned char *session_id;
|
||||
size_t session_id_len;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_SSHKDF;
|
||||
|
||||
static void *kdf_sshkdf_new(void *provctx)
|
||||
@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx,
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return SSHKDF(md, ctx->key, ctx->key_len,
|
||||
ctx->xcghash, ctx->xcghash_len,
|
||||
ctx->session_id, ctx->session_id_len,
|
||||
@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_sett
|
||||
static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ KDF_SSHKDF *ctx = vctx;
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms."
|
||||
+ *
|
||||
+ * Additionally, SP 800-135r1 section 5.2 specifies that the hash
|
||||
+ * function used in SSHKDF "is one of the hash functions specified in
|
||||
+ * FIPS 180-3.", which rules out SHA-3 and truncated variants of SHA-2.
|
||||
+ * */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA-1")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-224")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gett
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/sskdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/sskdf.c
|
||||
@@ -63,6 +63,10 @@ typedef struct {
|
||||
size_t salt_len;
|
||||
size_t out_len; /* optional KMAC parameter */
|
||||
int is_kmac;
|
||||
+ int is_x963kdf;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_SSKDF;
|
||||
|
||||
#define SSKDF_MAX_INLEN (1<<30)
|
||||
@@ -73,6 +77,7 @@ typedef struct {
|
||||
static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
|
||||
|
||||
static OSSL_FUNC_kdf_newctx_fn sskdf_new;
|
||||
+static OSSL_FUNC_kdf_newctx_fn x963kdf_new;
|
||||
static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
|
||||
static OSSL_FUNC_kdf_freectx_fn sskdf_free;
|
||||
static OSSL_FUNC_kdf_reset_fn sskdf_reset;
|
||||
@@ -297,6 +302,16 @@ static void *sskdf_new(void *provctx)
|
||||
return ctx;
|
||||
}
|
||||
|
||||
+static void *x963kdf_new(void *provctx)
|
||||
+{
|
||||
+ KDF_SSKDF *ctx = sskdf_new(provctx);
|
||||
+
|
||||
+ if (ctx)
|
||||
+ ctx->is_x963kdf = 1;
|
||||
+
|
||||
+ return ctx;
|
||||
+}
|
||||
+
|
||||
static void sskdf_reset(void *vctx)
|
||||
{
|
||||
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
|
||||
@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsi
|
||||
}
|
||||
md = ossl_prov_digest_md(&ctx->digest);
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
if (ctx->macctx != NULL) {
|
||||
/* H(x) = KMAC or H(x) = HMAC */
|
||||
int ret;
|
||||
@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, un
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||
ctx->info, ctx->info_len, 1, key, keylen);
|
||||
}
|
||||
@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vc
|
||||
{
|
||||
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx)))
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx));
|
||||
- return -2;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." */
|
||||
+ if (ctx->macctx == NULL
|
||||
+ || (ctx->macctx != NULL &&
|
||||
+ EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), OSSL_MAC_NAME_HMAC))) {
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ /* Table H-3 in ANS X9.63-2001 says that 160-bit hash functions
|
||||
+ * should only be used for 80-bit key agreement, but FIPS 140-3
|
||||
+ * requires a security strength of 112 bits, so SHA-1 cannot be
|
||||
+ * used with X9.63. See the discussion in
|
||||
+ * https://github.com/usnistgov/ACVP/issues/1403#issuecomment-1435300395.
|
||||
+ */
|
||||
+ if (ctx->is_x963kdf
|
||||
+ && ctx->digest.md != NULL
|
||||
+ && EVP_MD_is_a(ctx->digest.md, "SHA-1")) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_funct
|
||||
};
|
||||
|
||||
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
|
||||
- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new },
|
||||
+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x963kdf_new },
|
||||
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup },
|
||||
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free },
|
||||
{ OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset },
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/tls1_prf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
|
||||
@@ -104,6 +104,13 @@ typedef struct {
|
||||
/* Buffer of concatenated seed data */
|
||||
unsigned char seed[TLS1_PRF_MAXBUF];
|
||||
size_t seedlen;
|
||||
+
|
||||
+ /* MAC digest algorithm; used to compute FIPS indicator */
|
||||
+ PROV_DIGEST digest;
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} TLS1_PRF;
|
||||
|
||||
static void *kdf_tls1_prf_new(void *provctx)
|
||||
@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vct
|
||||
EVP_MAC_CTX_free(ctx->P_sha1);
|
||||
OPENSSL_clear_free(ctx->sec, ctx->seclen);
|
||||
OPENSSL_cleanse(ctx->seed, ctx->seedlen);
|
||||
+ ossl_prov_digest_reset(&ctx->digest);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->provctx = provctx;
|
||||
}
|
||||
@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vct
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
|
||||
/*
|
||||
* The seed buffer is prepended with a label.
|
||||
@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(v
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
|
||||
+ return 0;
|
||||
+
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
|
||||
OPENSSL_clear_free(ctx->sec, ctx->seclen);
|
||||
ctx->sec = NULL;
|
||||
@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_se
|
||||
static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
OSSL_PARAM *p;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ TLS1_PRF *ctx = vctx;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->seclen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3)
|
||||
+ * P_HASH uses either SHA-256, SHA-384 or SHA-512." */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
|
||||
+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
|
||||
@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_ge
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/x942kdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
|
||||
@@ -13,11 +13,13 @@
|
||||
#include <openssl/core_dispatch.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include <openssl/params.h>
|
||||
#include <openssl/proverr.h>
|
||||
#include "internal/packet.h"
|
||||
#include "internal/der.h"
|
||||
#include "internal/nelem.h"
|
||||
+#include "crypto/evp.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/implementations.h"
|
||||
@@ -49,6 +51,9 @@ typedef struct {
|
||||
const unsigned char *cek_oid;
|
||||
size_t cek_oid_len;
|
||||
int use_keybits;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int fips_indicator;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
} KDF_X942;
|
||||
|
||||
/*
|
||||
@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, un
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
|
||||
return 0;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
|
||||
der, der_len, ctr, key, keylen);
|
||||
OPENSSL_free(der);
|
||||
@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *
|
||||
{
|
||||
KDF_X942 *ctx = (KDF_X942 *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx));
|
||||
- return -2;
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||
+ * bits". */
|
||||
+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Verification Program, Section D.B and NIST Special Publication
|
||||
+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
|
||||
+ * strength < 112 bits is legacy use only, so all derived keys should
|
||||
+ * be longer than that. If a derived key has ever been shorter than
|
||||
+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
|
||||
+ * should also set the returned FIPS indicator to unapproved. */
|
||||
+ if (ctx->fips_indicator == EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+
|
||||
+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
|
||||
+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
|
||||
+ * extendable-output functions may only be used as the standalone
|
||||
+ * algorithms." */
|
||||
+ if (ctx->digest.md != NULL
|
||||
+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
|
||||
+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettabl
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, 0),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
1148
openssl-Add-changes-to-ectest-and-eccurve.patch
Normal file
1148
openssl-Add-changes-to-ectest-and-eccurve.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,217 @@
|
||||
From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
||||
Subject: Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures = yes
|
||||
|
||||
NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1
|
||||
in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because
|
||||
on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level
|
||||
to 2.
|
||||
|
||||
On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security
|
||||
level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and
|
||||
we want the legacy crypto policy to allow SHA-1 in TLS, the only option
|
||||
to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is
|
||||
SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to
|
||||
allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which
|
||||
will allow SHA-1 in OpenSSL 3).
|
||||
|
||||
The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because
|
||||
rh-allow-sha1-signatures will default to yes in Fedora (according to our
|
||||
current plans including until F38), and the security level in the
|
||||
DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the
|
||||
default configuration.
|
||||
|
||||
Related: rhbz#2055796
|
||||
Related: rhbz#2070977
|
||||
---
|
||||
crypto/x509/x509_vfy.c | 20 ++++++++++-
|
||||
doc/man5/config.pod | 7 ++++
|
||||
ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++-------
|
||||
test/recipes/25-test_verify.t | 4 +--
|
||||
4 files changed, 82 insertions(+), 16 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/crypto/x509/x509_vfy.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/x509/x509_vfy.c
|
||||
+++ openssl-3.1.4/crypto/x509/x509_vfy.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include "internal/dane.h"
|
||||
+#include "internal/sslconf.h"
|
||||
#include "crypto/x509.h"
|
||||
#include "x509_local.h"
|
||||
|
||||
@@ -3438,14 +3439,31 @@ static int check_sig_level(X509_STORE_CT
|
||||
{
|
||||
int secbits = -1;
|
||||
int level = ctx->param->auth_level;
|
||||
+ int nid;
|
||||
+ OSSL_LIB_CTX *libctx = NULL;
|
||||
|
||||
if (level <= 0)
|
||||
return 1;
|
||||
if (level > NUM_AUTH_LEVELS)
|
||||
level = NUM_AUTH_LEVELS;
|
||||
|
||||
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
||||
+ if (ctx->libctx)
|
||||
+ libctx = ctx->libctx;
|
||||
+ else if (cert->libctx)
|
||||
+ libctx = cert->libctx;
|
||||
+ else
|
||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
||||
+
|
||||
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
|
||||
return 0;
|
||||
|
||||
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
||||
+ && ctx->param->auth_level < 2)
|
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
||||
+ return 1;
|
||||
+
|
||||
return secbits >= minbits_table[level - 1];
|
||||
}
|
||||
Index: openssl-3.1.4/doc/man5/config.pod
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/doc/man5/config.pod
|
||||
+++ openssl-3.1.4/doc/man5/config.pod
|
||||
@@ -317,6 +317,13 @@ this option is set to B<no>. Because TL
|
||||
pseudorandom function (PRF) to derive key material, disabling
|
||||
B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
|
||||
|
||||
+Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
|
||||
+algorithms that use SHA1 in security level 1, despite the definition of
|
||||
+security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
|
||||
+This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
|
||||
+Fedora without requiring to set the security level to 0, which would include
|
||||
+further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
|
||||
+
|
||||
This is a downstream specific option, and normally it should be set up via crypto-policies.
|
||||
|
||||
=item B<fips_mode> (deprecated)
|
||||
Index: openssl-3.1.4/ssl/t1_lib.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/ssl/t1_lib.c
|
||||
+++ openssl-3.1.4/ssl/t1_lib.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/provider.h>
|
||||
#include <openssl/param_build.h>
|
||||
+#include "crypto/x509.h"
|
||||
#include "internal/sslconf.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "internal/sizes.h"
|
||||
@@ -1588,19 +1589,28 @@ int tls12_check_peer_sigalg(SSL *s, uint
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
|
||||
return 0;
|
||||
}
|
||||
- /*
|
||||
- * Make sure security callback allows algorithm. For historical
|
||||
- * reasons we have to pass the sigalg as a two byte char array.
|
||||
- */
|
||||
- sigalgstr[0] = (sig >> 8) & 0xff;
|
||||
- sigalgstr[1] = sig & 0xff;
|
||||
- secbits = sigalg_security_bits(s->ctx, lu);
|
||||
- if (secbits == 0 ||
|
||||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
||||
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
||||
- (void *)sigalgstr)) {
|
||||
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
||||
- return 0;
|
||||
+
|
||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
||||
+ && SSL_get_security_level(s) < 2) {
|
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
||||
+ } else {
|
||||
+ /*
|
||||
+ * Make sure security callback allows algorithm. For historical
|
||||
+ * reasons we have to pass the sigalg as a two byte char array.
|
||||
+ */
|
||||
+ sigalgstr[0] = (sig >> 8) & 0xff;
|
||||
+ sigalgstr[1] = sig & 0xff;
|
||||
+ secbits = sigalg_security_bits(s->ctx, lu);
|
||||
+ if (secbits == 0 ||
|
||||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
||||
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
||||
+ (void *)sigalgstr)) {
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
/* Store the sigalg the peer uses */
|
||||
s->s3.tmp.peer_sigalg = lu;
|
||||
@@ -2138,6 +2148,15 @@ static int tls12_sigalg_allowed(const SS
|
||||
}
|
||||
}
|
||||
|
||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
||||
+ && SSL_get_security_level(s) < 2) {
|
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
/* Finally see if security callback allows it */
|
||||
secbits = sigalg_security_bits(s->ctx, lu);
|
||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
||||
@@ -3007,6 +3026,8 @@ static int ssl_security_cert_sig(SSL *s,
|
||||
{
|
||||
/* Lookup signature algorithm digest */
|
||||
int secbits, nid, pknid;
|
||||
+ OSSL_LIB_CTX *libctx = NULL;
|
||||
+
|
||||
/* Don't check signature if self signed */
|
||||
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
|
||||
return 1;
|
||||
@@ -3015,6 +3036,26 @@ static int ssl_security_cert_sig(SSL *s,
|
||||
/* If digest NID not defined use signature NID */
|
||||
if (nid == NID_undef)
|
||||
nid = pknid;
|
||||
+
|
||||
+ if (x && x->libctx)
|
||||
+ libctx = x->libctx;
|
||||
+ else if (ctx && ctx->libctx)
|
||||
+ libctx = ctx->libctx;
|
||||
+ else if (s && s->ctx && s->ctx->libctx)
|
||||
+ libctx = s->ctx->libctx;
|
||||
+ else
|
||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
||||
+
|
||||
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
||||
+ && ((s != NULL && SSL_get_security_level(s) < 2)
|
||||
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
|
||||
+ ))
|
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
||||
+ return 1;
|
||||
+
|
||||
if (s)
|
||||
return ssl_security(s, op, secbits, nid, x);
|
||||
else
|
||||
Index: openssl-3.1.4/test/recipes/25-test_verify.t
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/25-test_verify.t
|
||||
+++ openssl-3.1.4/test/recipes/25-test_verify.t
|
||||
@@ -439,8 +439,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root
|
||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
|
||||
"CA with PSS signature using SHA256");
|
||||
|
||||
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
|
||||
- "Reject PSS signature using SHA1 and auth level 1");
|
||||
+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
+ "Reject PSS signature using SHA1 and auth level 2");
|
||||
|
||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
"PSS signature using SHA256 and auth level 2");
|
519
openssl-Allow-disabling-of-SHA1-signatures.patch
Normal file
519
openssl-Allow-disabling-of-SHA1-signatures.patch
Normal file
@ -0,0 +1,519 @@
|
||||
From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 13:07:07 +0200
|
||||
Subject: 0049-Allow-disabling-of-SHA1-signatures.patch
|
||||
|
||||
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
|
||||
Patch-id: 49
|
||||
Patch-status: |
|
||||
# Selectively disallow SHA1 signatures rhbz#2070977
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/context.c | 14 ++++
|
||||
crypto/evp/evp_cnf.c | 13 +++
|
||||
crypto/evp/m_sigver.c | 79 +++++++++++++++++++
|
||||
crypto/evp/pmeth_lib.c | 15 ++++
|
||||
doc/man5/config.pod | 13 +++
|
||||
include/crypto/context.h | 3 +
|
||||
include/internal/cryptlib.h | 3 +-
|
||||
include/internal/sslconf.h | 4 +
|
||||
providers/common/securitycheck.c | 20 +++++
|
||||
providers/common/securitycheck_default.c | 9 ++-
|
||||
providers/implementations/signature/dsa_sig.c | 11 ++-
|
||||
.../implementations/signature/ecdsa_sig.c | 4 +
|
||||
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
||||
ssl/t1_lib.c | 8 ++
|
||||
util/libcrypto.num | 2 +
|
||||
15 files changed, 209 insertions(+), 9 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/crypto/context.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/context.c
|
||||
+++ openssl-3.1.4/crypto/context.c
|
||||
@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st {
|
||||
void *fips_prov;
|
||||
#endif
|
||||
|
||||
+ void *legacy_digest_signatures;
|
||||
+
|
||||
unsigned int ischild:1;
|
||||
};
|
||||
|
||||
@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ct
|
||||
goto err;
|
||||
#endif
|
||||
|
||||
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
|
||||
+ if (ctx->legacy_digest_signatures == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
/* Low priority. */
|
||||
#ifndef FIPS_MODULE
|
||||
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
|
||||
@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB
|
||||
}
|
||||
#endif
|
||||
|
||||
+ if (ctx->legacy_digest_signatures != NULL) {
|
||||
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
|
||||
+ ctx->legacy_digest_signatures = NULL;
|
||||
+ }
|
||||
+
|
||||
/* Low priority. */
|
||||
#ifndef FIPS_MODULE
|
||||
if (ctx->child_provider != NULL) {
|
||||
@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
|
||||
return ctx->fips_prov;
|
||||
#endif
|
||||
|
||||
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
|
||||
+ return ctx->legacy_digest_signatures;
|
||||
+
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
Index: openssl-3.1.4/crypto/evp/evp_cnf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/evp/evp_cnf.c
|
||||
+++ openssl-3.1.4/crypto/evp/evp_cnf.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdio.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/sslconf.h"
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
|
||||
+ int m;
|
||||
+
|
||||
+ /* Detailed error already reported. */
|
||||
+ if (!X509V3_get_value_bool(oval, &m))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
|
||||
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
|
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
||||
+ return 0;
|
||||
+ }
|
||||
} else {
|
||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
||||
"name=%s, value=%s", oval->name, oval->value);
|
||||
Index: openssl-3.1.4/crypto/evp/m_sigver.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/evp/m_sigver.c
|
||||
+++ openssl-3.1.4/crypto/evp/m_sigver.c
|
||||
@@ -15,6 +15,69 @@
|
||||
#include "internal/provider.h"
|
||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
||||
#include "evp_local.h"
|
||||
+#include "crypto/context.h"
|
||||
+
|
||||
+typedef struct ossl_legacy_digest_signatures_st {
|
||||
+ int allowed;
|
||||
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
||||
+
|
||||
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
||||
+{
|
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
||||
+
|
||||
+ if (ldsigs != NULL) {
|
||||
+ OPENSSL_free(ldsigs);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
||||
+{
|
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
||||
+ /* Default to allow SHA-1 and support disabling it via config. */
|
||||
+ ldsigs->allowed = 1;
|
||||
+ return ldsigs;
|
||||
+}
|
||||
+
|
||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
||||
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
||||
+{
|
||||
+#ifndef FIPS_MODULE
|
||||
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||
+ return NULL;
|
||||
+#endif
|
||||
+
|
||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
|
||||
+}
|
||||
+
|
||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
||||
+{
|
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
||||
+
|
||||
+#ifndef FIPS_MODULE
|
||||
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
|
||||
+ /* This is to be used in tests if SHA-1 is disabled. */
|
||||
+ return 1;
|
||||
+#endif
|
||||
+
|
||||
+ /* Default to allow SHA-1 and support disabling it via config. */
|
||||
+ return ldsigs != NULL ? ldsigs->allowed : 1;
|
||||
+}
|
||||
+
|
||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
||||
+ int loadconfig)
|
||||
+{
|
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
||||
+
|
||||
+ if (ldsigs == NULL) {
|
||||
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ ldsigs->allowed = allow;
|
||||
+ return 1;
|
||||
+}
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
|
||||
@@ -251,6 +314,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
}
|
||||
}
|
||||
|
||||
+ if (ctx->reqdigest != NULL
|
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
||||
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
|
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
||||
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (ver) {
|
||||
if (signature->digest_verify_init == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
Index: openssl-3.1.4/crypto/evp/pmeth_lib.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/evp/pmeth_lib.c
|
||||
+++ openssl-3.1.4/crypto/evp/pmeth_lib.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include "internal/ffc.h"
|
||||
#include "internal/numbers.h"
|
||||
#include "internal/provider.h"
|
||||
+#include "internal/sslconf.h"
|
||||
#include "evp_local.h"
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
@@ -959,6 +960,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
|
||||
return -2;
|
||||
}
|
||||
|
||||
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
||||
+ && md != NULL
|
||||
+ && ctx->pkey != NULL
|
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
|
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
||||
+ int mdnid = EVP_MD_nid(md);
|
||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (fallback)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
||||
|
||||
Index: openssl-3.1.4/doc/man5/config.pod
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/doc/man5/config.pod
|
||||
+++ openssl-3.1.4/doc/man5/config.pod
|
||||
@@ -304,6 +304,21 @@ Within the algorithm properties section,
|
||||
The value may be anything that is acceptable as a property query
|
||||
string for EVP_set_default_properties().
|
||||
|
||||
+=item B<rh-allow-sha1-signatures>
|
||||
+
|
||||
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
|
||||
+it behaves as if it was set to B<yes>.
|
||||
+
|
||||
+When set to B<no>, any attempt to create or verify a signature with a SHA1
|
||||
+digest will fail. To test whether your software will work with future versions
|
||||
+of OpenSSL, set this option to B<no>. This setting also affects TLS, where
|
||||
+signature algorithms that use SHA1 as digest will no longer be supported if
|
||||
+this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
|
||||
+pseudorandom function (PRF) to derive key material, disabling
|
||||
+B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
|
||||
+
|
||||
+This is a downstream specific option, and normally it should be set up via crypto-policies.
|
||||
+
|
||||
=item B<fips_mode> (deprecated)
|
||||
|
||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
||||
Index: openssl-3.1.4/include/crypto/context.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/crypto/context.h
|
||||
+++ openssl-3.1.4/include/crypto/context.h
|
||||
@@ -40,3 +40,6 @@ void ossl_rand_crng_ctx_free(void *);
|
||||
void ossl_thread_event_ctx_free(void *);
|
||||
void ossl_fips_prov_ossl_ctx_free(void *);
|
||||
void ossl_release_default_drbg_ctx(void);
|
||||
+
|
||||
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
|
||||
+void ossl_ctx_legacy_digest_signatures_free(void *);
|
||||
Index: openssl-3.1.4/include/internal/cryptlib.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/internal/cryptlib.h
|
||||
+++ openssl-3.1.4/include/internal/cryptlib.h
|
||||
@@ -178,7 +178,8 @@ typedef struct ossl_ex_data_global_st {
|
||||
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
|
||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
|
||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
||||
|
||||
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
|
||||
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
|
||||
Index: openssl-3.1.4/include/internal/sslconf.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/internal/sslconf.h
|
||||
+++ openssl-3.1.4/include/internal/sslconf.h
|
||||
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name,
|
||||
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
|
||||
char **arg);
|
||||
|
||||
+/* Methods to support disabling all signatures with legacy digests */
|
||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
|
||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
||||
+ int loadconfig);
|
||||
#endif
|
||||
Index: openssl-3.1.4/providers/common/securitycheck.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/common/securitycheck.c
|
||||
+++ openssl-3.1.4/providers/common/securitycheck.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/securitycheck.h"
|
||||
+#include "internal/sslconf.h"
|
||||
|
||||
/*
|
||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
||||
@@ -243,6 +244,14 @@ int ossl_digest_get_approved_nid_with_sh
|
||||
mdnid = -1; /* disallowed by security checks */
|
||||
}
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
+
|
||||
+#ifndef FIPS_MODULE
|
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
||||
+ /* SHA1 is globally enabled by default, check whether we want to locally disable it. */
|
||||
+ if (mdnid == NID_sha1 && !sha1_allowed)
|
||||
+ mdnid = -1;
|
||||
+#endif
|
||||
+
|
||||
return mdnid;
|
||||
}
|
||||
|
||||
@@ -252,5 +261,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX
|
||||
if (ossl_securitycheck_enabled(ctx))
|
||||
return ossl_digest_get_approved_nid(md) != NID_undef;
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
+
|
||||
+#ifndef FIPS_MODULE
|
||||
+ {
|
||||
+ int mdnid = EVP_MD_nid(md);
|
||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
Index: openssl-3.1.4/providers/common/securitycheck_default.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/common/securitycheck_default.c
|
||||
+++ openssl-3.1.4/providers/common/securitycheck_default.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/securitycheck.h"
|
||||
#include "internal/nelem.h"
|
||||
+#include "internal/sslconf.h"
|
||||
|
||||
/* Disable the security checks in the default provider */
|
||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
||||
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL
|
||||
}
|
||||
|
||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
||||
- ossl_unused int sha1_allowed)
|
||||
+ int sha1_allowed)
|
||||
{
|
||||
int mdnid;
|
||||
+ int ldsigs_allowed;
|
||||
|
||||
static const OSSL_ITEM name_to_nid[] = {
|
||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
||||
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL
|
||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
||||
};
|
||||
|
||||
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
|
||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
||||
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
||||
if (mdnid == NID_undef)
|
||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
||||
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
||||
+ mdnid = -1;
|
||||
return mdnid;
|
||||
}
|
||||
Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/dsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/dsa_sig.c
|
||||
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
|
||||
mdprops = ctx->propq;
|
||||
|
||||
if (mdname != NULL) {
|
||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
WPACKET pkt;
|
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
||||
- sha1_allowed);
|
||||
+ int md_nid;
|
||||
size_t mdname_len = strlen(mdname);
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
+#else
|
||||
+ int sha1_allowed = 0;
|
||||
+#endif
|
||||
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
||||
+ sha1_allowed);
|
||||
|
||||
if (md == NULL || md_nid < 0) {
|
||||
if (md == NULL)
|
||||
Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/ecdsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
|
||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
|
||||
"%s could not be fetched", mdname);
|
||||
return 0;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
+#else
|
||||
+ sha1_allowed = 0;
|
||||
+#endif
|
||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
||||
sha1_allowed);
|
||||
if (md_nid < 0) {
|
||||
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "internal/sizes.h"
|
||||
+#include "internal/sslconf.h"
|
||||
#include "crypto/rsa.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/implementations.h"
|
||||
@@ -33,6 +34,7 @@
|
||||
#include "prov/securitycheck.h"
|
||||
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
|
||||
|
||||
OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
|
||||
|
||||
if (mdname != NULL) {
|
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||
+ int md_nid;
|
||||
+ size_t mdname_len = strlen(mdname);
|
||||
+#ifdef FIPS_MODULE
|
||||
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
||||
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
||||
+#else
|
||||
+ int sha1_allowed = 0;
|
||||
+#endif
|
||||
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
||||
sha1_allowed);
|
||||
- size_t mdname_len = strlen(mdname);
|
||||
|
||||
if (md == NULL
|
||||
|| md_nid <= 0
|
||||
@@ -1386,8 +1393,15 @@ static int rsa_set_ctx_params(void *vprs
|
||||
prsactx->pad_mode = pad_mode;
|
||||
|
||||
if (prsactx->md == NULL && pmdname == NULL
|
||||
- && pad_mode == RSA_PKCS1_PSS_PADDING)
|
||||
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||
pmdname = RSA_DEFAULT_DIGEST_NAME;
|
||||
+#ifndef FIPS_MODULE
|
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
|
||||
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
|
||||
if (pmgf1mdname != NULL
|
||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
||||
Index: openssl-3.1.4/ssl/t1_lib.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/ssl/t1_lib.c
|
||||
+++ openssl-3.1.4/ssl/t1_lib.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/provider.h>
|
||||
#include <openssl/param_build.h>
|
||||
+#include "internal/sslconf.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "internal/sizes.h"
|
||||
#include "internal/tlsgroups.h"
|
||||
@@ -1172,11 +1173,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
||||
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
||||
int ret = 0;
|
||||
+ int ldsigs_allowed;
|
||||
|
||||
if (cache == NULL || tmpkey == NULL)
|
||||
goto err;
|
||||
|
||||
ERR_set_mark();
|
||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
|
||||
for (i = 0, lu = sigalg_lookup_tbl;
|
||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
||||
EVP_PKEY_CTX *pctx;
|
||||
@@ -1196,6 +1199,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||
cache[i].enabled = 0;
|
||||
continue;
|
||||
}
|
||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
||||
+ && !ldsigs_allowed) {
|
||||
+ cache[i].enabled = 0;
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
||||
cache[i].enabled = 0;
|
||||
Index: openssl-3.1.4/util/libcrypto.num
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/util/libcrypto.num
|
||||
+++ openssl-3.1.4/util/libcrypto.num
|
||||
@@ -5439,3 +5439,5 @@ X509_get_default_cert_uri
|
||||
X509_get_default_cert_uri_env ? 3_1_0 EXIST::FUNCTION:
|
||||
X509_get_default_cert_path_env ? 3_1_0 EXIST::FUNCTION:
|
||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
255
openssl-CVE-2024-6119.patch
Normal file
255
openssl-CVE-2024-6119.patch
Normal file
@ -0,0 +1,255 @@
|
||||
commit 97ebe37033e8884f4cca5544a74376633c665e11
|
||||
Author: Viktor Dukhovni <viktor@openssl.org>
|
||||
Date: Wed Jun 19 21:04:11 2024 +1000
|
||||
|
||||
Avoid type errors in EAI-related name check logic.
|
||||
|
||||
The incorrectly typed data is read only, used in a compare operation, so
|
||||
neither remote code execution, nor memory content disclosure were possible.
|
||||
However, applications performing certificate name checks were vulnerable to
|
||||
denial of service.
|
||||
|
||||
The GENERAL_TYPE data type is a union, and we must take care to access the
|
||||
correct member, based on `gen->type`, not all the member fields have the same
|
||||
structure, and a segfault is possible if the wrong member field is read.
|
||||
|
||||
The code in question was lightly refactored with the intent to make it more
|
||||
obviously correct.
|
||||
|
||||
CVE-2024-6119
|
||||
|
||||
(cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1)
|
||||
|
||||
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
|
||||
index 1a18174995..a09414c972 100644
|
||||
--- a/crypto/x509/v3_utl.c
|
||||
+++ b/crypto/x509/v3_utl.c
|
||||
@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
|
||||
ASN1_STRING *cstr;
|
||||
|
||||
gen = sk_GENERAL_NAME_value(gens, i);
|
||||
- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) {
|
||||
- if (OBJ_obj2nid(gen->d.otherName->type_id) ==
|
||||
- NID_id_on_SmtpUTF8Mailbox) {
|
||||
- san_present = 1;
|
||||
-
|
||||
- /*
|
||||
- * If it is not a UTF8String then that is unexpected and we
|
||||
- * treat it as no match
|
||||
- */
|
||||
- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
|
||||
- cstr = gen->d.otherName->value->value.utf8string;
|
||||
-
|
||||
- /* Positive on success, negative on error! */
|
||||
- if ((rv = do_check_string(cstr, 0, equal, flags,
|
||||
- chk, chklen, peername)) != 0)
|
||||
- break;
|
||||
- }
|
||||
- } else
|
||||
+ switch (gen->type) {
|
||||
+ default:
|
||||
+ continue;
|
||||
+ case GEN_OTHERNAME:
|
||||
+ switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
|
||||
+ default:
|
||||
continue;
|
||||
- } else {
|
||||
- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME))
|
||||
+ case NID_id_on_SmtpUTF8Mailbox:
|
||||
+ /*-
|
||||
+ * https://datatracker.ietf.org/doc/html/rfc8398#section-3
|
||||
+ *
|
||||
+ * Due to name constraint compatibility reasons described
|
||||
+ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT
|
||||
+ * be used unless the local-part of the email address
|
||||
+ * contains non-ASCII characters. When the local-part is
|
||||
+ * ASCII, rfc822Name subjectAltName MUST be used instead
|
||||
+ * of SmtpUTF8Mailbox. This is compatible with legacy
|
||||
+ * software that supports only rfc822Name (and not
|
||||
+ * SmtpUTF8Mailbox). [...]
|
||||
+ *
|
||||
+ * SmtpUTF8Mailbox is encoded as UTF8String.
|
||||
+ *
|
||||
+ * If it is not a UTF8String then that is unexpected, and
|
||||
+ * we ignore the invalid SAN (neither set san_present nor
|
||||
+ * consider it a candidate for equality). This does mean
|
||||
+ * that the subject CN may be considered, as would be the
|
||||
+ * case when the malformed SmtpUtf8Mailbox SAN is instead
|
||||
+ * simply absent.
|
||||
+ *
|
||||
+ * When CN-ID matching is not desirable, applications can
|
||||
+ * choose to turn it off, doing so is at this time a best
|
||||
+ * practice.
|
||||
+ */
|
||||
+ if (check_type != GEN_EMAIL
|
||||
+ || gen->d.otherName->value->type != V_ASN1_UTF8STRING)
|
||||
+ continue;
|
||||
+ alt_type = 0;
|
||||
+ cstr = gen->d.otherName->value->value.utf8string;
|
||||
+ break;
|
||||
+ }
|
||||
+ break;
|
||||
+ case GEN_EMAIL:
|
||||
+ if (check_type != GEN_EMAIL)
|
||||
continue;
|
||||
- }
|
||||
- san_present = 1;
|
||||
- if (check_type == GEN_EMAIL)
|
||||
cstr = gen->d.rfc822Name;
|
||||
- else if (check_type == GEN_DNS)
|
||||
+ break;
|
||||
+ case GEN_DNS:
|
||||
+ if (check_type != GEN_DNS)
|
||||
+ continue;
|
||||
cstr = gen->d.dNSName;
|
||||
- else
|
||||
+ break;
|
||||
+ case GEN_IPADD:
|
||||
+ if (check_type != GEN_IPADD)
|
||||
+ continue;
|
||||
cstr = gen->d.iPAddress;
|
||||
+ break;
|
||||
+ }
|
||||
+ san_present = 1;
|
||||
/* Positive on success, negative on error! */
|
||||
if ((rv = do_check_string(cstr, alt_type, equal, flags,
|
||||
chk, chklen, peername)) != 0)
|
||||
diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t
|
||||
index 522982ddfb..e18735d89a 100644
|
||||
--- a/test/recipes/25-test_eai_data.t
|
||||
+++ b/test/recipes/25-test_eai_data.t
|
||||
@@ -21,16 +21,18 @@ setup("test_eai_data");
|
||||
#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
|
||||
#./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
|
||||
|
||||
-plan tests => 12;
|
||||
+plan tests => 16;
|
||||
|
||||
require_ok(srctop_file('test','recipes','tconversion.pl'));
|
||||
my $folder = "test/recipes/25-test_eai_data";
|
||||
|
||||
my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
|
||||
my $utf8_pem = srctop_file($folder, "utf8_leaf.pem");
|
||||
+my $kdc_pem = srctop_file($folder, "kdc-cert.pem");
|
||||
|
||||
my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
|
||||
my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem");
|
||||
+my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem");
|
||||
|
||||
my $out;
|
||||
my $outcnt = 0;
|
||||
@@ -56,10 +58,18 @@ SKIP: {
|
||||
|
||||
ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
|
||||
ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
|
||||
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
|
||||
|
||||
ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
|
||||
ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem])));
|
||||
|
||||
+# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
|
||||
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
|
||||
+# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
|
||||
+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
|
||||
+# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
|
||||
+ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
|
||||
+
|
||||
#Check that we get the expected failure return code
|
||||
with({ exit_checker => sub { return shift == 2; } },
|
||||
sub {
|
||||
diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem
|
||||
new file mode 100644
|
||||
index 0000000000..e8a2c6f55d
|
||||
--- /dev/null
|
||||
+++ b/test/recipes/25-test_eai_data/kdc-cert.pem
|
||||
@@ -0,0 +1,21 @@
|
||||
+-----BEGIN CERTIFICATE-----
|
||||
+MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
|
||||
+MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU
|
||||
+RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+
|
||||
+6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry
|
||||
+BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8
|
||||
+vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx
|
||||
+Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT
|
||||
+7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9
|
||||
+3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj
|
||||
+te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG
|
||||
+AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU
|
||||
+RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA
|
||||
+ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
+T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb
|
||||
+iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU
|
||||
+UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1
|
||||
+El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9
|
||||
+0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI
|
||||
+oDQ9fKfUOAmUFth2/R/eGA==
|
||||
+-----END CERTIFICATE-----
|
||||
diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem
|
||||
new file mode 100644
|
||||
index 0000000000..a74c96bf31
|
||||
--- /dev/null
|
||||
+++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem
|
||||
@@ -0,0 +1,16 @@
|
||||
+-----BEGIN CERTIFICATE-----
|
||||
+MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS
|
||||
+b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD
|
||||
+DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj
|
||||
+61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0
|
||||
+qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK
|
||||
+MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS
|
||||
+dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj
|
||||
+3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7
|
||||
+pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI
|
||||
+lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT
|
||||
+Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl
|
||||
+KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW
|
||||
+7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS
|
||||
+vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8
|
||||
+-----END CERTIFICATE-----
|
||||
diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh
|
||||
new file mode 100755
|
||||
index 0000000000..7a8dbc719f
|
||||
--- /dev/null
|
||||
+++ b/test/recipes/25-test_eai_data/kdc.sh
|
||||
@@ -0,0 +1,41 @@
|
||||
+#! /usr/bin/env bash
|
||||
+
|
||||
+# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and
|
||||
+# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS
|
||||
+# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should
|
||||
+# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox`
|
||||
+# should likewise lead to ASAN issues with email name checks.
|
||||
+
|
||||
+rm -f root-key.pem root-cert.pem
|
||||
+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \
|
||||
+ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem
|
||||
+
|
||||
+exts=$(
|
||||
+ printf "%s\n%s\n%s\n%s = " \
|
||||
+ "subjectKeyIdentifier = hash" \
|
||||
+ "authorityKeyIdentifier = keyid" \
|
||||
+ "basicConstraints = CA:false" \
|
||||
+ "subjectAltName"
|
||||
+ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name"
|
||||
+ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com"
|
||||
+ printf "%s, " "email:joe@example.com"
|
||||
+ printf "%s\n" "DNS:mx1.example.com"
|
||||
+ printf "[kdc_princ_name]\n"
|
||||
+ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n"
|
||||
+ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n"
|
||||
+ printf "[kdc_principal_seq]\n"
|
||||
+ printf "name_type = EXP:0, INTEGER:1\n"
|
||||
+ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n"
|
||||
+ printf "[kdc_principal_components]\n"
|
||||
+ printf "princ1 = GeneralString:krbtgt\n"
|
||||
+ printf "princ2 = GeneralString:TEST.EXAMPLE\n"
|
||||
+ )
|
||||
+
|
||||
+printf "%s\n" "$exts"
|
||||
+
|
||||
+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \
|
||||
+ -subj "/CN=TEST.EXAMPLE" |
|
||||
+ openssl x509 -req -out kdc-cert.pem \
|
||||
+ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \
|
||||
+ -set_serial 2 -days 36524 \
|
||||
+ -extfile <(printf "%s\n" "$exts")
|
330
openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Normal file
330
openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Normal file
@ -0,0 +1,330 @@
|
||||
From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:07:18 +0200
|
||||
Subject: [PATCH 43/48]
|
||||
0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
|
||||
Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
|
||||
Patch-id: 93
|
||||
---
|
||||
crypto/dh/dh_backend.c | 10 ++++
|
||||
crypto/dh/dh_check.c | 12 ++--
|
||||
crypto/dh/dh_gen.c | 12 +++-
|
||||
crypto/dh/dh_key.c | 13 ++--
|
||||
crypto/dh/dh_pmeth.c | 10 +++-
|
||||
providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
|
||||
test/endecode_test.c | 4 +-
|
||||
test/evp_libctx_test.c | 2 +-
|
||||
test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
|
||||
test/helpers/predefined_dhparams.h | 1 +
|
||||
test/recipes/80-test_cms.t | 4 +-
|
||||
test/recipes/80-test_ssl_old.t | 3 +
|
||||
12 files changed, 118 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
|
||||
index 726843fd30..24c65ca84f 100644
|
||||
--- a/crypto/dh/dh_backend.c
|
||||
+++ b/crypto/dh/dh_backend.c
|
||||
@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
|
||||
if (!dh_ffc_params_fromdata(dh, params))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (!ossl_dh_is_named_safe_prime_group(dh)) {
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required validation routines"
|
||||
+ " were removed from FIPS 186-5");
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
param_priv_len =
|
||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
|
||||
if (param_priv_len != NULL
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 0b391910d6..75581ca347 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret)
|
||||
nid = DH_get_nid((DH *)dh);
|
||||
if (nid != NID_undef)
|
||||
return 1;
|
||||
+
|
||||
/*
|
||||
- * OR
|
||||
- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
|
||||
- * validity tests.
|
||||
+ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
|
||||
*/
|
||||
- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
|
||||
- FFC_PARAM_TYPE_DH, ret, NULL);
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required validation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+ return 0;
|
||||
}
|
||||
#else
|
||||
int DH_check_params(const DH *dh, int *ret)
|
||||
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
|
||||
index 204662a81c..9961f21920 100644
|
||||
--- a/crypto/dh/dh_gen.c
|
||||
+++ b/crypto/dh/dh_gen.c
|
||||
@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
||||
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
|
||||
BN_GENCB *cb)
|
||||
{
|
||||
- int ret, res;
|
||||
+ int ret = 0;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
+ int res;
|
||||
+
|
||||
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
|
||||
ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
pbits, qbits, &res, cb);
|
||||
else
|
||||
-#endif
|
||||
ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
pbits, qbits, &res, cb);
|
||||
+#else
|
||||
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required generation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+#endif
|
||||
if (ret > 0)
|
||||
dh->dirty_cnt++;
|
||||
return ret;
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index 83773cceea..7e988368d3 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -321,8 +321,12 @@ static int generate_key(DH *dh)
|
||||
goto err;
|
||||
} else {
|
||||
#ifdef FIPS_MODULE
|
||||
- if (dh->params.q == NULL)
|
||||
- goto err;
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer"
|
||||
+ " allowed in FIPS mode, since the required"
|
||||
+ " generation routines were removed from FIPS"
|
||||
+ " 186-5");
|
||||
+ goto err;
|
||||
#else
|
||||
if (dh->params.q == NULL) {
|
||||
/* secret exponent length, must satisfy 2^(l-1) <= p */
|
||||
@@ -343,9 +347,7 @@ static int generate_key(DH *dh)
|
||||
if (!BN_clear_bit(priv_key, 0))
|
||||
goto err;
|
||||
}
|
||||
- } else
|
||||
-#endif
|
||||
- {
|
||||
+ } else {
|
||||
/* Do a partial check for invalid p, q, g */
|
||||
if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
|
||||
FFC_PARAM_TYPE_DH, NULL))
|
||||
@@ -361,6 +363,7 @@ static int generate_key(DH *dh)
|
||||
priv_key))
|
||||
goto err;
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
|
||||
index f201eede0d..30f90d15be 100644
|
||||
--- a/crypto/dh/dh_pmeth.c
|
||||
+++ b/crypto/dh/dh_pmeth.c
|
||||
@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
|
||||
prime_len, subprime_len, &res,
|
||||
pcb);
|
||||
else
|
||||
-# endif
|
||||
- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
|
||||
- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
|
||||
rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
|
||||
FFC_PARAM_TYPE_DH,
|
||||
prime_len, subprime_len, &res,
|
||||
pcb);
|
||||
+# else
|
||||
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
|
||||
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
|
||||
+ "FIPS 186-4 type domain parameters no longer allowed in"
|
||||
+ " FIPS mode, since the required generation routines were"
|
||||
+ " removed from FIPS 186-5");
|
||||
+# endif
|
||||
if (rv <= 0) {
|
||||
DH_free(ret);
|
||||
return NULL;
|
||||
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
index 9a7dde7c66..b3e7bca5ac 100644
|
||||
--- a/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||
@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
|
||||
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
|
||||
return 1; /* nothing to validate */
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* In FIPS provider, always check the domain parameters to disallow
|
||||
+ * operations on keys with FIPS 186-4 params. */
|
||||
+ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
|
||||
+#endif
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
|
||||
/*
|
||||
* Both of these functions check parameters. DH_check_params_ex()
|
||||
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
||||
index 53385028fc..169f3ccd73 100644
|
||||
--- a/test/endecode_test.c
|
||||
+++ b/test/endecode_test.c
|
||||
@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
|
||||
* for testing only. Use a minimum key size of 2048 for security purposes.
|
||||
*/
|
||||
if (strcmp(type, "DH") == 0)
|
||||
- return get_dh512(keyctx);
|
||||
+ return get_dh2048(keyctx);
|
||||
|
||||
if (strcmp(type, "X9.42 DH") == 0)
|
||||
- return get_dhx512(keyctx);
|
||||
+ return get_dhx_ffdhe2048(keyctx);
|
||||
# endif
|
||||
|
||||
/*
|
||||
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
|
||||
index a7913cda4c..96a35ac1cc 100644
|
||||
--- a/test/evp_libctx_test.c
|
||||
+++ b/test/evp_libctx_test.c
|
||||
@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
|
||||
|
||||
if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
|
||||
|| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
|
||||
- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
|
||||
+ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected))
|
||||
goto err;
|
||||
|
||||
if (expected) {
|
||||
diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
|
||||
index 4bdadc4143..e5186e4b4a 100644
|
||||
--- a/test/helpers/predefined_dhparams.c
|
||||
+++ b/test/helpers/predefined_dhparams.c
|
||||
@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
|
||||
dhx512_q, sizeof(dhx512_q));
|
||||
}
|
||||
|
||||
+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
|
||||
+{
|
||||
+ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for
|
||||
+ * non-well-known groups in FIPS mode. */
|
||||
+ static unsigned char dhx_p[] = {
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58,
|
||||
+ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
||||
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41,
|
||||
+ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
||||
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
|
||||
+ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
||||
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55,
|
||||
+ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
||||
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda,
|
||||
+ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
||||
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82,
|
||||
+ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
||||
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3,
|
||||
+ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
||||
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
|
||||
+ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
||||
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32,
|
||||
+ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
||||
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
|
||||
+ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
||||
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xff, 0xff, 0xff, 0xff
|
||||
+ };
|
||||
+ static unsigned char dhx_g[] = {
|
||||
+ 0x02
|
||||
+ };
|
||||
+ static unsigned char dhx_q[] = {
|
||||
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
|
||||
+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
||||
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
|
||||
+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
||||
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
|
||||
+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
||||
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
|
||||
+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
||||
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
|
||||
+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
||||
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
|
||||
+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
||||
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
|
||||
+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
||||
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
|
||||
+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
||||
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
|
||||
+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
||||
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
|
||||
+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
||||
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xff, 0xff, 0xff, 0xff
|
||||
+ };
|
||||
+
|
||||
+ return get_dh_from_pg(libctx, "X9.42 DH",
|
||||
+ dhx_p, sizeof(dhx_p),
|
||||
+ dhx_g, sizeof(dhx_g),
|
||||
+ dhx_q, sizeof(dhx_q));
|
||||
+}
|
||||
+
|
||||
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
|
||||
{
|
||||
static unsigned char dh1024_p[] = {
|
||||
diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
|
||||
index f0e8709062..2ff6d6e721 100644
|
||||
--- a/test/helpers/predefined_dhparams.h
|
||||
+++ b/test/helpers/predefined_dhparams.h
|
||||
@@ -12,6 +12,7 @@
|
||||
#ifndef OPENSSL_NO_DH
|
||||
EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
|
||||
+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
|
||||
EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
|
||||
EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
|
||||
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||
index 2a459856f0..afac836fa3 100644
|
||||
--- a/test/recipes/80-test_cms.t
|
||||
+++ b/test/recipes/80-test_cms.t
|
||||
@@ -627,10 +627,10 @@ my @smime_cms_param_tests = (
|
||||
],
|
||||
|
||||
[ "enveloped content test streaming S/MIME format, X9.42 DH",
|
||||
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
||||
+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
|
||||
"-stream", "-out", "{output}.cms",
|
||||
"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
|
||||
- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
|
||||
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
|
||||
"-in", "{output}.cms", "-out", "{output}.txt" ],
|
||||
\&final_compare
|
||||
]
|
||||
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
|
||||
index 527abcea6e..e1d38b1e62 100644
|
||||
--- a/test/recipes/80-test_ssl_old.t
|
||||
+++ b/test/recipes/80-test_ssl_old.t
|
||||
@@ -390,6 +390,9 @@ sub testssl {
|
||||
skip "skipping dhe1024dsa test", 1
|
||||
if ($no_dh);
|
||||
|
||||
+ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1
|
||||
+ if $provider eq "fips";
|
||||
+
|
||||
ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
|
||||
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
235
openssl-Disable-explicit-ec.patch
Normal file
235
openssl-Disable-explicit-ec.patch
Normal file
@ -0,0 +1,235 @@
|
||||
From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch
|
||||
|
||||
Patch-name: 0012-Disable-explicit-ec.patch
|
||||
Patch-id: 12
|
||||
Patch-status: |
|
||||
# Disable explicit EC curves
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/ec/ec_asn1.c | 11 ++++++++++
|
||||
crypto/ec/ec_lib.c | 6 +++++
|
||||
test/ectest.c | 22 ++++++++++---------
|
||||
test/endecode_test.c | 20 ++++++++---------
|
||||
.../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
|
||||
5 files changed, 39 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
|
||||
index 7a0b35a594..d19d57344e 100644
|
||||
--- a/crypto/ec/ec_asn1.c
|
||||
+++ b/crypto/ec/ec_asn1.c
|
||||
@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
|
||||
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
|
||||
group->decoded_from_explicit_params = 1;
|
||||
|
||||
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
||||
+ EC_GROUP_free(group);
|
||||
+ ECPKPARAMETERS_free(params);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (a) {
|
||||
EC_GROUP_free(*a);
|
||||
*a = group;
|
||||
@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
|
||||
goto err;
|
||||
}
|
||||
|
||||
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
|
||||
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
ret->version = priv_key->version;
|
||||
|
||||
if (priv_key->privateKey) {
|
||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
||||
index a84e088c19..6c37bf78ae 100644
|
||||
--- a/crypto/ec/ec_lib.c
|
||||
+++ b/crypto/ec/ec_lib.c
|
||||
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||
goto err;
|
||||
}
|
||||
if (named_group == group) {
|
||||
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
||||
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
||||
+ goto err;
|
||||
+ }
|
||||
+#if 0
|
||||
/*
|
||||
* If we did not find a named group then the encoding should be explicit
|
||||
* if it was specified
|
||||
@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||
goto err;
|
||||
}
|
||||
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
|
||||
+#endif
|
||||
} else {
|
||||
EC_GROUP_free(group);
|
||||
group = named_group;
|
||||
diff --git a/test/ectest.c b/test/ectest.c
|
||||
index 4890b0555e..e11aec5b3b 100644
|
||||
--- a/test/ectest.c
|
||||
+++ b/test/ectest.c
|
||||
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
||||
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|
||||
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|
||||
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|
||||
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
||||
+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
||||
EVP_PKEY_KEY_PARAMETERS, params), 0))
|
||||
goto err;
|
||||
-
|
||||
+/* As creating the key should fail, the rest of the test is pointless */
|
||||
+# if 0
|
||||
/*- Check that all the set values are retrievable -*/
|
||||
|
||||
/* There should be no match to a group name since the generator changed */
|
||||
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
||||
#endif
|
||||
)
|
||||
goto err;
|
||||
+#endif
|
||||
ret = 1;
|
||||
err:
|
||||
BN_free(order_out);
|
||||
@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
|
||||
|
||||
/* Compute keyexchange in both directions */
|
||||
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
||||
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
|
||||
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
||||
|| !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
|
||||
|| !TEST_int_gt(bsize, sslen)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
|
||||
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
|
||||
goto err;
|
||||
if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
||||
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
|
||||
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
||||
|| !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
|
||||
|| !TEST_int_gt(bsize, t)
|
||||
|| !TEST_int_le(sslen, t)
|
||||
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
|
||||
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
|
||||
goto err;
|
||||
-
|
||||
+#if 0
|
||||
/* Both sides should expect the same shared secret */
|
||||
if (!TEST_mem_eq(buf1, sslen, buf2, t))
|
||||
goto err;
|
||||
@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
|
||||
/* compare with previous result */
|
||||
|| !TEST_mem_eq(buf1, t, buf2, sslen))
|
||||
goto err;
|
||||
-
|
||||
+#endif
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
||||
index 14648287eb..9a437d8c64 100644
|
||||
--- a/test/endecode_test.c
|
||||
+++ b/test/endecode_test.c
|
||||
@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL;
|
||||
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
|
||||
static OSSL_PARAM_BLD *bld_prime = NULL;
|
||||
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
|
||||
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
|
||||
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
|
||||
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
||||
@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
||||
-DOMAIN_KEYS(ECExplicitPrime2G);
|
||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
|
||||
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
||||
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
||||
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
||||
@@ -1352,7 +1352,7 @@ int setup_tests(void)
|
||||
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
||||
|| !create_ec_explicit_prime_params(bld_prime)
|
||||
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
|
||||
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
|
||||
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|
||||
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
|
||||
@@ -1380,7 +1380,7 @@ int setup_tests(void)
|
||||
TEST_info("Generating EC keys...");
|
||||
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
|
||||
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
|
||||
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
|
||||
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
|
||||
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
|
||||
@@ -1423,8 +1423,8 @@ int setup_tests(void)
|
||||
ADD_TEST_SUITE_LEGACY(EC);
|
||||
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
|
||||
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
|
||||
- ADD_TEST_SUITE(ECExplicitPrime2G);
|
||||
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
|
||||
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
|
||||
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
|
||||
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
|
||||
@@ -1461,7 +1461,7 @@ void cleanup_tests(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_EC
|
||||
OSSL_PARAM_free(ec_explicit_prime_params_nc);
|
||||
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
|
||||
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
|
||||
OSSL_PARAM_BLD_free(bld_prime_nc);
|
||||
OSSL_PARAM_BLD_free(bld_prime);
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
@@ -1483,7 +1483,7 @@ void cleanup_tests(void)
|
||||
#ifndef OPENSSL_NO_EC
|
||||
FREE_DOMAIN_KEYS(EC);
|
||||
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
|
||||
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||
FREE_DOMAIN_KEYS(ECExplicitTri2G);
|
||||
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
index ec3c032aba..584ecee0eb 100644
|
||||
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||
@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
|
||||
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
-PrivateKey = EC_EXPLICIT
|
||||
------BEGIN PRIVATE KEY-----
|
||||
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
||||
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
||||
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
||||
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
|
||||
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
|
||||
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
|
||||
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
|
||||
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
|
||||
------END PRIVATE KEY-----
|
||||
-
|
||||
PrivateKey = B-163
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
|
||||
--
|
||||
2.41.0
|
||||
|
116
openssl-FIPS-140-3-DRBG.patch
Normal file
116
openssl-FIPS-140-3-DRBG.patch
Normal file
@ -0,0 +1,116 @@
|
||||
Index: openssl-3.1.4/providers/implementations/rands/drbg.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/rands/drbg.c
|
||||
+++ openssl-3.1.4/providers/implementations/rands/drbg.c
|
||||
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
|
||||
#endif
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ prediction_resistance = 1;
|
||||
+#endif
|
||||
/* Reseed using our sources in addition */
|
||||
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
||||
drbg->min_entropylen, drbg->max_entropylen,
|
||||
@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d
|
||||
reseed_required = 1;
|
||||
}
|
||||
if (drbg->parent != NULL
|
||||
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
|
||||
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* SUSE patches provide chain reseeding when necessary so just sync counters*/
|
||||
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
|
||||
+#else
|
||||
reseed_required = 1;
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
if (reseed_required || prediction_resistance) {
|
||||
if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0,
|
||||
Index: openssl-3.1.4/crypto/rand/prov_seed.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/rand/prov_seed.c
|
||||
+++ openssl-3.1.4/crypto/rand/prov_seed.c
|
||||
@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused
|
||||
size_t entropy_available;
|
||||
RAND_POOL *pool;
|
||||
|
||||
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
||||
+ /*
|
||||
+ * OpenSSL still implements an internal entropy pool of
|
||||
+ * some size that is hashed to get seed data.
|
||||
+ * Note that this is a conditioning step for which SP800-90C requires
|
||||
+ * 64 additional bits from the entropy source to claim the requested
|
||||
+ * amount of entropy.
|
||||
+ */
|
||||
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
||||
if (pool == NULL) {
|
||||
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
Index: openssl-3.1.4/providers/implementations/rands/crngt.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/rands/crngt.c
|
||||
+++ openssl-3.1.4/providers/implementations/rands/crngt.c
|
||||
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
|
||||
* to the nearest byte. If the entropy is of less than full quality,
|
||||
* the amount required should be scaled up appropriately here.
|
||||
*/
|
||||
- bytes_needed = (entropy + 7) / 8;
|
||||
+ /*
|
||||
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
|
||||
+ * + 128 bits during initial seeding
|
||||
+ */
|
||||
+ bytes_needed = (entropy + 128 + 7) / 8;
|
||||
if (bytes_needed < min_len)
|
||||
bytes_needed = min_len;
|
||||
if (bytes_needed > max_len)
|
||||
Index: openssl-3.1.4/providers/implementations/rands/drbg_local.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/rands/drbg_local.h
|
||||
+++ openssl-3.1.4/providers/implementations/rands/drbg_local.h
|
||||
@@ -38,7 +38,7 @@
|
||||
*
|
||||
* The value is in bytes.
|
||||
*/
|
||||
-#define CRNGT_BUFSIZ 16
|
||||
+#define CRNGT_BUFSIZ 32
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
Index: openssl-3.1.4/providers/implementations/rands/seed_src.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/rands/seed_src.c
|
||||
+++ openssl-3.1.4/providers/implementations/rands/seed_src.c
|
||||
@@ -104,7 +104,14 @@ static int seed_src_generate(void *vseed
|
||||
return 0;
|
||||
}
|
||||
|
||||
- pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
|
||||
+ /*
|
||||
+ * OpenSSL still implements an internal entropy pool of
|
||||
+ * some size that is hashed to get seed data.
|
||||
+ * Note that this is a conditioning step for which SP800-90C requires
|
||||
+ * 64 additional bits from the entropy source to claim the requested
|
||||
+ * amount of entropy.
|
||||
+ */
|
||||
+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen);
|
||||
if (pool == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
@@ -184,7 +191,14 @@ static size_t seed_get_seed(void *vseed,
|
||||
size_t i;
|
||||
RAND_POOL *pool;
|
||||
|
||||
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
||||
+ /*
|
||||
+ * OpenSSL still implements an internal entropy pool of
|
||||
+ * some size that is hashed to get seed data.
|
||||
+ * Note that this is a conditioning step for which SP800-90C requires
|
||||
+ * 64 additional bits from the entropy source to claim the requested
|
||||
+ * amount of entropy.
|
||||
+ */
|
||||
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
||||
if (pool == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
|
||||
return 0;
|
388
openssl-FIPS-140-3-keychecks.patch
Normal file
388
openssl-FIPS-140-3-keychecks.patch
Normal file
@ -0,0 +1,388 @@
|
||||
From b300beb172d5813b01b93bfd62fe191f8187fe1e Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 12:05:23 +0200
|
||||
Subject: [PATCH 20/48] 0044-FIPS-140-3-keychecks.patch
|
||||
|
||||
Patch-name: 0044-FIPS-140-3-keychecks.patch
|
||||
Patch-id: 44
|
||||
Patch-status: |
|
||||
# Extra public/private key checks required by FIPS-140-3
|
||||
---
|
||||
crypto/dh/dh_key.c | 26 ++++++++++
|
||||
.../implementations/exchange/ecdh_exch.c | 19 ++++++++
|
||||
providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++-
|
||||
providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
|
||||
.../implementations/signature/ecdsa_sig.c | 37 +++++++++++++--
|
||||
providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
|
||||
6 files changed, 162 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index 4e9705beef..83773cceea 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
BN_MONT_CTX *mont = NULL;
|
||||
BIGNUM *z = NULL, *pminus1;
|
||||
int ret = -1;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int validate = 0;
|
||||
+#endif
|
||||
|
||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
ctx = BN_CTX_new_ex(dh->libctx);
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
|
||||
#endif
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ int validate = 0;
|
||||
+#endif
|
||||
|
||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||
@@ -354,8 +367,21 @@ static int generate_key(DH *dh)
|
||||
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
|
||||
goto err;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||
+ goto err;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
dh->pub_key = pub_key;
|
||||
dh->priv_key = priv_key;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (ossl_dh_check_pairwise(dh) <= 0) {
|
||||
+ abort();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
dh->dirty_cnt++;
|
||||
ok = 1;
|
||||
err:
|
||||
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
|
||||
index 43caedb6df..73873f9758 100644
|
||||
--- a/providers/implementations/exchange/ecdh_exch.c
|
||||
+++ b/providers/implementations/exchange/ecdh_exch.c
|
||||
@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
|
||||
}
|
||||
|
||||
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
|
||||
+#ifdef FIPS_MODULE
|
||||
+ {
|
||||
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
|
||||
+ int check = 0;
|
||||
+
|
||||
+ if (bn_ctx == NULL) {
|
||||
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
|
||||
+ BN_CTX_free(bn_ctx);
|
||||
+
|
||||
+ if (check <= 0) {
|
||||
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
|
||||
+ goto end;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
||||
|
||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
index a37cbbdba8..bca3f3c674 100644
|
||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||
@@ -989,8 +989,17 @@ struct ec_gen_ctx {
|
||||
int selection;
|
||||
int ecdh_mode;
|
||||
EC_GROUP *gen_group;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ void *ecdsa_sig_ctx;
|
||||
+#endif
|
||||
};
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+void *ecdsa_newctx(void *provctx, const char *propq);
|
||||
+void ecdsa_freectx(void *vctx);
|
||||
+int do_ec_pct(void *, const char *, void *);
|
||||
+#endif
|
||||
+
|
||||
static void *ec_gen_init(void *provctx, int selection,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -1009,6 +1018,10 @@ static void *ec_gen_init(void *provctx, int selection,
|
||||
gctx = NULL;
|
||||
}
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (gctx != NULL)
|
||||
+ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL);
|
||||
+#endif
|
||||
return gctx;
|
||||
}
|
||||
|
||||
@@ -1279,6 +1292,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||
|
||||
if (gctx->ecdh_mode != -1)
|
||||
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* Pairwise consistency test */
|
||||
+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
|
||||
+ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
|
||||
+ abort();
|
||||
+#endif
|
||||
|
||||
if (gctx->group_check != NULL)
|
||||
ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check);
|
||||
@@ -1348,7 +1367,10 @@ static void ec_gen_cleanup(void *genctx)
|
||||
|
||||
if (gctx == NULL)
|
||||
return;
|
||||
-
|
||||
+#ifdef FIPS_MODULE
|
||||
+ ecdsa_freectx(gctx->ecdsa_sig_ctx);
|
||||
+ gctx->ecdsa_sig_ctx = NULL;
|
||||
+#endif
|
||||
EC_GROUP_free(gctx->gen_group);
|
||||
BN_free(gctx->p);
|
||||
BN_free(gctx->a);
|
||||
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
index 3ba12c4889..ff49f8fcd8 100644
|
||||
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
|
||||
@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
|
||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||
/* ACVP test parameters */
|
||||
OSSL_PARAM *acvp_test_params;
|
||||
+ void *prov_rsa_ctx;
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
|
||||
return gctx->cb(params, gctx->cbarg);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+void *rsa_newctx(void *provctx, const char *propq);
|
||||
+void rsa_freectx(void *vctx);
|
||||
+int do_rsa_pct(void *, const char *, void *);
|
||||
+#endif
|
||||
+
|
||||
static void *gen_init(void *provctx, int selection, int rsa_type,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
|
||||
|
||||
if (!rsa_gen_set_params(gctx, params))
|
||||
goto err;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (gctx != NULL)
|
||||
+ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL);
|
||||
+#endif
|
||||
return gctx;
|
||||
|
||||
err:
|
||||
@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||
|
||||
rsa = rsa_tmp;
|
||||
rsa_tmp = NULL;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ /* Pairwise consistency test */
|
||||
+ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
|
||||
+ abort();
|
||||
+#endif
|
||||
err:
|
||||
BN_GENCB_free(gencb);
|
||||
RSA_free(rsa_tmp);
|
||||
@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx)
|
||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||
ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
|
||||
gctx->acvp_test_params = NULL;
|
||||
+ rsa_freectx(gctx->prov_rsa_ctx);
|
||||
+ gctx->prov_rsa_ctx = NULL;
|
||||
#endif
|
||||
BN_clear_free(gctx->pub_exp);
|
||||
OPENSSL_free(gctx);
|
||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
||||
index 865d49d100..ebeb30e002 100644
|
||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
||||
@@ -32,7 +32,7 @@
|
||||
#include "crypto/ec.h"
|
||||
#include "prov/der_ec.h"
|
||||
|
||||
-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
|
||||
+OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
|
||||
static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
|
||||
static OSSL_FUNC_signature_sign_fn ecdsa_sign;
|
||||
@@ -43,7 +43,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
|
||||
static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
|
||||
static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
|
||||
static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
|
||||
-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
|
||||
+OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
|
||||
static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
|
||||
static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
|
||||
static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
|
||||
@@ -104,7 +104,7 @@ typedef struct {
|
||||
#endif
|
||||
} PROV_ECDSA_CTX;
|
||||
|
||||
-static void *ecdsa_newctx(void *provctx, const char *propq)
|
||||
+void *ecdsa_newctx(void *provctx, const char *propq)
|
||||
{
|
||||
PROV_ECDSA_CTX *ctx;
|
||||
|
||||
@@ -370,7 +370,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
|
||||
return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen);
|
||||
}
|
||||
|
||||
-static void ecdsa_freectx(void *vctx)
|
||||
+void ecdsa_freectx(void *vctx)
|
||||
{
|
||||
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
|
||||
|
||||
@@ -581,6 +581,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
|
||||
return EVP_MD_settable_ctx_params(ctx->md);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+int do_ec_pct(void *vctx, const char *mdname, void *ec)
|
||||
+{
|
||||
+ static const unsigned char data[32];
|
||||
+ unsigned char sigbuf[256];
|
||||
+ size_t siglen = sizeof(sigbuf);
|
||||
+
|
||||
+ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
|
||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
|
||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index cd5de6bd51..d4261e8f7d 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -34,7 +34,7 @@
|
||||
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||
|
||||
-static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
+OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||
static OSSL_FUNC_signature_verify_init_fn rsa_verify_init;
|
||||
static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init;
|
||||
@@ -47,7 +47,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final;
|
||||
static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init;
|
||||
static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_signverify_update;
|
||||
static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final;
|
||||
-static OSSL_FUNC_signature_freectx_fn rsa_freectx;
|
||||
+OSSL_FUNC_signature_freectx_fn rsa_freectx;
|
||||
static OSSL_FUNC_signature_dupctx_fn rsa_dupctx;
|
||||
static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params;
|
||||
static OSSL_FUNC_signature_gettable_ctx_params_fn rsa_gettable_ctx_params;
|
||||
@@ -170,7 +170,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen)
|
||||
return 1;
|
||||
}
|
||||
|
||||
-static void *rsa_newctx(void *provctx, const char *propq)
|
||||
+void *rsa_newctx(void *provctx, const char *propq)
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = NULL;
|
||||
char *propq_copy = NULL;
|
||||
@@ -977,7 +977,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
|
||||
return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen);
|
||||
}
|
||||
|
||||
-static void rsa_freectx(void *vprsactx)
|
||||
+void rsa_freectx(void *vprsactx)
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
|
||||
@@ -1455,6 +1455,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
|
||||
return EVP_MD_settable_ctx_params(prsactx->md);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
|
||||
+{
|
||||
+ static const unsigned char data[32];
|
||||
+ unsigned char *sigbuf = NULL;
|
||||
+ size_t siglen = 0;
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
|
||||
+ goto err;
|
||||
+ ret = 1;
|
||||
+
|
||||
+ err:
|
||||
+ OPENSSL_free(sigbuf);
|
||||
+ return ret;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
|
||||
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
|
||||
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
|
||||
--
|
||||
2.41.0
|
||||
|
81
openssl-FIPS-140-3-zeroization.patch
Normal file
81
openssl-FIPS-140-3-zeroization.patch
Normal file
@ -0,0 +1,81 @@
|
||||
Index: openssl-3.1.4/crypto/ffc/ffc_params.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/ffc/ffc_params.c
|
||||
+++ openssl-3.1.4/crypto/ffc/ffc_params.c
|
||||
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
|
||||
|
||||
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
|
||||
{
|
||||
- BN_free(params->p);
|
||||
- BN_free(params->q);
|
||||
- BN_free(params->g);
|
||||
- BN_free(params->j);
|
||||
+ BN_clear_free(params->p);
|
||||
+ BN_clear_free(params->q);
|
||||
+ BN_clear_free(params->g);
|
||||
+ BN_clear_free(params->j);
|
||||
OPENSSL_free(params->seed);
|
||||
ossl_ffc_params_init(params);
|
||||
}
|
||||
Index: openssl-3.1.4/crypto/rsa/rsa_lib.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/rsa/rsa_lib.c
|
||||
+++ openssl-3.1.4/crypto/rsa/rsa_lib.c
|
||||
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
|
||||
|
||||
CRYPTO_THREAD_lock_free(r->lock);
|
||||
|
||||
- BN_free(r->n);
|
||||
- BN_free(r->e);
|
||||
+ BN_clear_free(r->n);
|
||||
+ BN_clear_free(r->e);
|
||||
BN_clear_free(r->d);
|
||||
BN_clear_free(r->p);
|
||||
BN_clear_free(r->q);
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/hkdf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/hkdf.c
|
||||
@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
|
||||
void *provctx = ctx->provctx;
|
||||
|
||||
ossl_prov_digest_reset(&ctx->digest);
|
||||
- OPENSSL_free(ctx->salt);
|
||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
||||
OPENSSL_free(ctx->prefix);
|
||||
OPENSSL_free(ctx->label);
|
||||
OPENSSL_clear_free(ctx->data, ctx->data_len);
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/pbkdf2.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/pbkdf2.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/pbkdf2.c
|
||||
@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provct
|
||||
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
|
||||
{
|
||||
ossl_prov_digest_reset(&ctx->digest);
|
||||
- OPENSSL_free(ctx->salt);
|
||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
||||
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
Index: openssl-3.1.4/crypto/ec/ec_lib.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/ec/ec_lib.c
|
||||
+++ openssl-3.1.4/crypto/ec/ec_lib.c
|
||||
@@ -752,12 +752,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
|
||||
|
||||
void EC_POINT_free(EC_POINT *point)
|
||||
{
|
||||
+#ifdef FIPS_MODULE
|
||||
+ EC_POINT_clear_free(point);
|
||||
+#else
|
||||
if (point == NULL)
|
||||
return;
|
||||
|
||||
if (point->meth->point_finish != 0)
|
||||
point->meth->point_finish(point);
|
||||
OPENSSL_free(point);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void EC_POINT_clear_free(EC_POINT *point)
|
16
openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
16
openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Normal file
@ -0,0 +1,16 @@
|
||||
Index: openssl-3.1.4/crypto/rsa/rsa_sp800_56b_check.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/rsa/rsa_sp800_56b_check.c
|
||||
+++ openssl-3.1.4/crypto/rsa/rsa_sp800_56b_check.c
|
||||
@@ -405,7 +405,10 @@ int ossl_rsa_sp800_56b_check_keypair(con
|
||||
return 0;
|
||||
}
|
||||
/* (Step 3.b): check the modulus */
|
||||
- if (nbits != BN_num_bits(rsa->n)) {
|
||||
+ /* If nBits is not a positive even integer, output an indication of an
|
||||
+ * invalid key pair, and exit without further processing.
|
||||
+ */
|
||||
+ if (nbits <= 0 || nbits % 2 || nbits != BN_num_bits(rsa->n)) {
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||
return 0;
|
||||
}
|
108
openssl-FIPS-Add-explicit-indicator-for-key-length.patch
Normal file
108
openssl-FIPS-Add-explicit-indicator-for-key-length.patch
Normal file
@ -0,0 +1,108 @@
|
||||
From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Thu, 17 Nov 2022 18:08:24 +0100
|
||||
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
|
||||
|
||||
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
|
||||
specifies key lengths < 112 bytes are disallowed for HMAC generation and
|
||||
are legacy use for HMAC verification.
|
||||
|
||||
Add an explicit indicator that will mark shorter key lengths as
|
||||
unsupported. The indicator can be queries from the EVP_MAC_CTX object
|
||||
using EVP_MAC_CTX_get_params() with the
|
||||
OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR
|
||||
parameter.
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
include/crypto/evp.h | 7 +++++++
|
||||
include/openssl/evp.h | 3 +++
|
||||
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
|
||||
4 files changed, 28 insertions(+)
|
||||
|
||||
Index: openssl-3.1.4/include/crypto/evp.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/crypto/evp.h
|
||||
+++ openssl-3.1.4/include/crypto/evp.h
|
||||
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_m
|
||||
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
|
||||
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
|
||||
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
|
||||
+ * HMAC verification. */
|
||||
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
|
||||
+#endif
|
||||
+
|
||||
struct evp_mac_st {
|
||||
OSSL_PROVIDER *prov;
|
||||
int name_id;
|
||||
Index: openssl-3.1.4/include/openssl/evp.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/evp.h
|
||||
+++ openssl-3.1.4/include/openssl/evp.h
|
||||
@@ -1196,6 +1196,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX
|
||||
void *arg);
|
||||
|
||||
/* MAC stuff */
|
||||
+# define EVP_MAC_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
|
||||
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
|
||||
const char *properties);
|
||||
Index: openssl-3.1.4/providers/implementations/macs/hmac_prov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/macs/hmac_prov.c
|
||||
+++ openssl-3.1.4/providers/implementations/macs/hmac_prov.c
|
||||
@@ -21,6 +21,8 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
+#include "crypto/evp.h"
|
||||
+
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/provider_util.h"
|
||||
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, uns
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
||||
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vma
|
||||
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
|
||||
return 0;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR)) != NULL) {
|
||||
+ int fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
|
||||
+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
|
||||
+ * and legacy use for HMAC verification. */
|
||||
+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
|
||||
+ fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
Index: openssl-3.1.4/include/openssl/core_names.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/core_names.h
|
||||
+++ openssl-3.1.4/include/openssl/core_names.h
|
||||
@@ -175,6 +175,7 @@ extern "C" {
|
||||
#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
|
||||
#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
|
||||
#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
|
||||
+#define OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator" /* size_t */
|
||||
|
||||
/* Known MAC names */
|
||||
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
|
20
openssl-FIPS-Enforce-error-state.patch
Normal file
20
openssl-FIPS-Enforce-error-state.patch
Normal file
@ -0,0 +1,20 @@
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -805,6 +805,7 @@ int OSSL_provider_init_int(const OSSL_CO
|
||||
/* Error already raised */
|
||||
goto err;
|
||||
}
|
||||
+#if 0 /* Don't allow to skip the error state */
|
||||
/*
|
||||
* Disable the conditional error check if it's disabled in the fips config
|
||||
* file.
|
||||
@@ -812,6 +813,7 @@ int OSSL_provider_init_int(const OSSL_CO
|
||||
if (fgbl->selftest_params.conditional_error_check != NULL
|
||||
&& strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0)
|
||||
SELF_TEST_disable_conditional_error_state();
|
||||
+#endif
|
||||
|
||||
/* Enable or disable FIPS provider options */
|
||||
#define FIPS_SET_OPTION(fgbl, field) \
|
462
openssl-FIPS-Expose-a-FIPS-indicator.patch
Normal file
462
openssl-FIPS-Expose-a-FIPS-indicator.patch
Normal file
@ -0,0 +1,462 @@
|
||||
From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Tue, 7 Jun 2022 12:02:49 +0200
|
||||
Subject: [PATCH] fips: Expose a FIPS indicator
|
||||
|
||||
FIPS 140-3 requires us to indicate whether an operation was using
|
||||
approved services or not. The FIPS 140-3 implementation guidelines
|
||||
provide two basic approaches to doing this: implicit indicators, and
|
||||
explicit indicators.
|
||||
|
||||
Implicit indicators are basically the concept of "if the operation
|
||||
passes, it was approved". We were originally aiming for implicit
|
||||
indicators in our copy of OpenSSL. However, this proved to be a problem,
|
||||
because we wanted to certify a signature service, and FIPS 140-3
|
||||
requires that a signature service computes the digest to be signed
|
||||
within the boundaries of the FIPS module. Since we were planning to
|
||||
certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify
|
||||
would have to be blocked. Unfortunately, EVP_SignFinal uses
|
||||
EVP_PKEY_sign internally, but outside of fips.so and thus outside of the
|
||||
FIPS module boundary. This means that using implicit indicators in
|
||||
combination with certifying only fips.so would require us to block both
|
||||
EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used
|
||||
by most users of OpenSSL for signatures.
|
||||
|
||||
EVP_DigestSign would be acceptable, but has only been added in 3.0 and
|
||||
is thus not yet widely used.
|
||||
|
||||
As a consequence, we've decided to introduce explicit indicators so that
|
||||
EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but
|
||||
FIPS-aware applications can query the explicit indicator to check
|
||||
whether the operation was approved.
|
||||
|
||||
To avoid affecting the ABI and public API too much, this is implemented
|
||||
as an exported symbol in fips.so and a private header, so applications
|
||||
that wish to use this will have to dlopen(3) fips.so, locate the
|
||||
function using dlsym(3), and then call it. These applications will have
|
||||
to build against the private header in order to use the returned
|
||||
pointer.
|
||||
|
||||
Modify util/mkdef.pl to support exposing a symbol only for a specific
|
||||
provider identified by its name and path.
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
doc/build.info | 6 ++
|
||||
doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++
|
||||
providers/fips/fipsprov.c | 71 +++++++++++++
|
||||
providers/fips/indicator.h | 66 ++++++++++++
|
||||
util/mkdef.pl | 25 ++++-
|
||||
util/providers.num | 1 +
|
||||
6 files changed, 322 insertions(+), 1 deletion(-)
|
||||
create mode 100644 doc/man7/fips_module_indicators.pod
|
||||
create mode 100644 providers/fips/indicator.h
|
||||
|
||||
Index: openssl-3.1.4/doc/build.info
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/doc/build.info
|
||||
+++ openssl-3.1.4/doc/build.info
|
||||
@@ -4467,6 +4467,10 @@ DEPEND[html/man7/fips_module.html]=man7/
|
||||
GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
|
||||
DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
|
||||
GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
|
||||
+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
||||
+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
||||
+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
||||
+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
||||
DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
||||
GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
||||
DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod
|
||||
@@ -4712,6 +4716,7 @@ html/man7/ct.html \
|
||||
html/man7/des_modes.html \
|
||||
html/man7/evp.html \
|
||||
html/man7/fips_module.html \
|
||||
+html/man7/fips_module_indicators.html \
|
||||
html/man7/life_cycle-cipher.html \
|
||||
html/man7/life_cycle-digest.html \
|
||||
html/man7/life_cycle-kdf.html \
|
||||
@@ -4838,6 +4843,7 @@ man/man7/ct.7 \
|
||||
man/man7/des_modes.7 \
|
||||
man/man7/evp.7 \
|
||||
man/man7/fips_module.7 \
|
||||
+man/man7/fips_module_indicators.7 \
|
||||
man/man7/life_cycle-cipher.7 \
|
||||
man/man7/life_cycle-digest.7 \
|
||||
man/man7/life_cycle-kdf.7 \
|
||||
Index: openssl-3.1.4/doc/man7/fips_module_indicators.pod
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-3.1.4/doc/man7/fips_module_indicators.pod
|
||||
@@ -0,0 +1,155 @@
|
||||
+=pod
|
||||
+
|
||||
+=head1 NAME
|
||||
+
|
||||
+fips_module_indicators - SUSE OpenSSL FIPS module indicators guide
|
||||
+
|
||||
+=head1 DESCRIPTION
|
||||
+
|
||||
+This guide documents how the SUSE Linux Enterprise OpenSSL FIPS provider
|
||||
+implements Approved Security Service Indicators according to the FIPS 140-3
|
||||
+Implementation Guidelines, section 2.4.C. See
|
||||
+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>
|
||||
+for the FIPS 140-3 Implementation Guidelines.
|
||||
+
|
||||
+For all approved services except signatures, the SUSE OpenSSL FIPS provider
|
||||
+uses the return code as the indicator as understood by FIPS 140-3. That means
|
||||
+that every operation that succeeds denotes use of an approved security service.
|
||||
+Operations that do not succeed may not have been approved security services, or
|
||||
+may have been used incorrectly.
|
||||
+
|
||||
+For signatures, an explicit indicator API is available to determine whether
|
||||
+a selected operation is an approved security service, in combination with the
|
||||
+return code of the operation. For a signature operation to be approved, the
|
||||
+explicit indicator must claim it as approved, and it must succeed.
|
||||
+
|
||||
+=head2 Querying the explicit indicator
|
||||
+
|
||||
+The SUSE OpenSSL FIPS provider exports a symbol named
|
||||
+I<suse_ossl_query_fipsindicator> that provides information on which signature
|
||||
+operations are approved security functions. To use this function, either link
|
||||
+against I<fips.so> directly, or load it at runtime using dlopen(3) and
|
||||
+dlsym(3).
|
||||
+
|
||||
+ #include <openssl/core_dispatch.h>
|
||||
+ #include "providers/fips/indicator.h"
|
||||
+
|
||||
+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY);
|
||||
+ if (provider == NULL) {
|
||||
+ fprintf(stderr, "%s\n", dlerror());
|
||||
+ // handle error
|
||||
+ }
|
||||
+
|
||||
+ const OSSL_SUSE_FIPSINDICATOR_ALGORITHM *(*suse_ossl_query_fipsindicator)(int) \
|
||||
+ = dlsym(provider, "suse_ossl_query_fipsindicator");
|
||||
+ if (suse_ossl_query_fipsindicator == NULL) {
|
||||
+ fprintf(stderr, "%s\n", dlerror());
|
||||
+ fprintf(stderr, "Does your copy of fips.so have the required SUSE"
|
||||
+ " patches?\n");
|
||||
+ // handle error
|
||||
+ }
|
||||
+
|
||||
+Note that this uses the I<providers/fips/indicator.h> header, which is not
|
||||
+public. Install the I<openssl-3-debugsource> package from the I<Debuginfo-Pool>
|
||||
+repository using I<zypper install openssl-3-debugsource> and include
|
||||
+I</usr/src/debug/openssl-3.*/> in the compiler's include path.
|
||||
+
|
||||
+I<suse_ossl_query_fipsindicator> expects an operation ID as its only
|
||||
+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to
|
||||
+obtain the indicators for signature operations. On success, the return value is
|
||||
+a pointer to an array of I<OSSL_SUSE_FIPSINDICATOR_STRUCT>s. On failure, NULL is
|
||||
+returned. The last entry in the array is indicated by I<algorithm_names> being
|
||||
+NULL.
|
||||
+
|
||||
+ typedef struct ossl_suse_fipsindicator_algorithm_st {
|
||||
+ const char *algorithm_names; /* key */
|
||||
+ const char *property_definition; /* key */
|
||||
+ const OSSL_SUSE_FIPSINDICATOR_DISPATCH *indicators;
|
||||
+ } OSSL_SUSE_FIPSINDICATOR_ALGORITHM;
|
||||
+
|
||||
+ typedef struct ossl_suse_fipsindicator_dispatch_st {
|
||||
+ int function_id;
|
||||
+ int approved;
|
||||
+ } OSSL_SUSE_FIPSINDICATOR_DISPATCH;
|
||||
+
|
||||
+The I<algorithm_names> field is a colon-separated list of algorithm names from
|
||||
+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can
|
||||
+be used to locate the appropriate entry. See the example below, where
|
||||
+I<algorithm> contains the algorithm name to search for:
|
||||
+
|
||||
+ const OSSL_SUSE_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL;
|
||||
+ const OSSL_SUSE_FIPSINDICATOR_ALGORITHM *indicator =
|
||||
+ suse_ossl_query_fipsindicator(operation_id);
|
||||
+ if (indicator == NULL) {
|
||||
+ fprintf(stderr, "No indicator for operation, probably using implicit"
|
||||
+ " indicators.\n");
|
||||
+ // handle error
|
||||
+ }
|
||||
+
|
||||
+ for (; indicator->algorithm_names != NULL; ++indicator) {
|
||||
+ char *algorithm_names = strdup(indicator->algorithm_names);
|
||||
+ if (algorithm_names == NULL) {
|
||||
+ perror("strdup(3)");
|
||||
+ // handle error
|
||||
+ }
|
||||
+
|
||||
+ const char *algorithm_name = strtok(algorithm_names, ":");
|
||||
+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) {
|
||||
+ if (strcasecmp(algorithm_name, algorithm) == 0) {
|
||||
+ indicator_dispatch = indicator->indicators;
|
||||
+ free(algorithm_names);
|
||||
+ algorithm_names = NULL;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ free(algorithm_names);
|
||||
+ }
|
||||
+ if (indicator_dispatch == NULL) {
|
||||
+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm);
|
||||
+ // handle error
|
||||
+ }
|
||||
+
|
||||
+If an appropriate I<OSSL_SUSE_FIPSINDICATOR_DISPATCH> array is available for the
|
||||
+given algorithm name, it maps function IDs to their approval status. The last
|
||||
+entry is indicated by a zero I<function_id>. I<approved> is
|
||||
+I<OSSL_SUSE_FIPSINDICATOR_APPROVED> if the operation is an approved security
|
||||
+service, or part of an approved security service, or
|
||||
+I<OSSL_SUSE_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid.
|
||||
+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>,
|
||||
+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>.
|
||||
+
|
||||
+Assuming I<function_id> is the function in question, the following code can be
|
||||
+used to query the approval status:
|
||||
+
|
||||
+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) {
|
||||
+ if (indicator_dispatch->function_id == function_id) {
|
||||
+ switch (indicator_dispatch->approved) {
|
||||
+ case OSSL_SUSE_FIPSINDICATOR_APPROVED:
|
||||
+ // approved security service
|
||||
+ break;
|
||||
+ case OSSL_SUSE_FIPSINDICATOR_UNAPPROVED:
|
||||
+ // unapproved security service
|
||||
+ break;
|
||||
+ default:
|
||||
+ // invalid result
|
||||
+ break;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+=head1 SEE ALSO
|
||||
+
|
||||
+L<fips_module(7)>, L<provider(7)>
|
||||
+
|
||||
+=head1 COPYRIGHT
|
||||
+
|
||||
+Copyright 2022 Red Hat, Inc. All Rights Reserved.
|
||||
+Copyright 2024 SUSE LLC. All Rights Reserved.
|
||||
+
|
||||
+Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+this file except in compliance with the License. You can obtain a copy
|
||||
+in the file LICENSE in the source distribution or at
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -26,6 +26,7 @@
|
||||
#include "self_test.h"
|
||||
#include "crypto/context.h"
|
||||
#include "internal/core.h"
|
||||
+#include "indicator.h"
|
||||
|
||||
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
|
||||
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
|
||||
@@ -438,6 +439,68 @@ static const OSSL_ALGORITHM fips_signatu
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
+static const OSSL_SUSE_FIPSINDICATOR_DISPATCH suse_rsa_signature_indicators[] = {
|
||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { 0, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED }
|
||||
+};
|
||||
+
|
||||
+static const OSSL_SUSE_FIPSINDICATOR_DISPATCH suse_ecdsa_signature_indicators[] = {
|
||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_SUSE_FIPSINDICATOR_APPROVED },
|
||||
+ { 0, OSSL_SUSE_FIPSINDICATOR_UNAPPROVED }
|
||||
+};
|
||||
+
|
||||
+static const OSSL_SUSE_FIPSINDICATOR_ALGORITHM suse_indicator_fips_signature[] = {
|
||||
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES,
|
||||
+ suse_rsa_signature_indicators },
|
||||
+#ifndef OPENSSL_NO_EC
|
||||
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES,
|
||||
+ suse_ecdsa_signature_indicators },
|
||||
+#endif
|
||||
+ { NULL, NULL, NULL }
|
||||
+};
|
||||
+
|
||||
static const OSSL_ALGORITHM fips_asym_cipher[] = {
|
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
||||
{ NULL, NULL, NULL }
|
||||
@@ -520,6 +583,14 @@ static const OSSL_ALGORITHM *fips_query(
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+const OSSL_SUSE_FIPSINDICATOR_ALGORITHM *suse_ossl_query_fipsindicator(int operation_id) {
|
||||
+ switch (operation_id) {
|
||||
+ case OSSL_OP_SIGNATURE:
|
||||
+ return suse_indicator_fips_signature;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
|
||||
static void fips_teardown(void *provctx)
|
||||
{
|
||||
Index: openssl-3.1.4/providers/fips/indicator.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-3.1.4/providers/fips/indicator.h
|
||||
@@ -0,0 +1,66 @@
|
||||
+/*
|
||||
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef OPENSSL_FIPS_INDICATOR_H
|
||||
+# define OPENSSL_FIPS_INDICATOR_H
|
||||
+# pragma once
|
||||
+
|
||||
+# ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+# endif
|
||||
+
|
||||
+# define OSSL_SUSE_FIPSINDICATOR_UNAPPROVED (0)
|
||||
+# define OSSL_SUSE_FIPSINDICATOR_APPROVED (1)
|
||||
+
|
||||
+/*
|
||||
+ * FIPS indicator dispatch table element. function_id numbers and the
|
||||
+ * functions are defined in core_dispatch.h, see macros with
|
||||
+ * 'OSSL_CORE_MAKE_FUNC' in their names.
|
||||
+ *
|
||||
+ * An array of these is always terminated by function_id == 0
|
||||
+ */
|
||||
+typedef struct ossl_suse_fipsindicator_dispatch_st {
|
||||
+ int function_id;
|
||||
+ int approved;
|
||||
+} OSSL_SUSE_FIPSINDICATOR_DISPATCH;
|
||||
+
|
||||
+/*
|
||||
+ * Type to tie together algorithm names, property definition string and the
|
||||
+ * algorithm implementation's FIPS indicator status in the form of a FIPS
|
||||
+ * indicator dispatch table.
|
||||
+ *
|
||||
+ * An array of these is always terminated by algorithm_names == NULL
|
||||
+ */
|
||||
+typedef struct ossl_suse_fipsindicator_algorithm_st {
|
||||
+ const char *algorithm_names; /* key */
|
||||
+ const char *property_definition; /* key */
|
||||
+ const OSSL_SUSE_FIPSINDICATOR_DISPATCH *indicators;
|
||||
+} OSSL_SUSE_FIPSINDICATOR_ALGORITHM;
|
||||
+
|
||||
+/**
|
||||
+ * Query FIPS indicator status for the given operation. Possible values for
|
||||
+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms
|
||||
+ * use implicit indicators. The return value is an array of
|
||||
+ * OSSL_SUSE_FIPSINDICATOR_ALGORITHMs, terminated by an entry with
|
||||
+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of
|
||||
+ * algorithm names, 'property_definition' a comma-separated list of properties,
|
||||
+ * and 'indicators' is a list of OSSL_SUSE_FIPSINDICATOR_DISPATCH structs. This
|
||||
+ * list is terminated by function_id == 0. 'function_id' is one of the
|
||||
+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL.
|
||||
+ *
|
||||
+ * If there is no entry in the returned struct for the given operation_id,
|
||||
+ * algorithm name, or function_id, the algorithm is unapproved.
|
||||
+ */
|
||||
+const OSSL_SUSE_FIPSINDICATOR_ALGORITHM *suse_ossl_query_fipsindicator(int operation_id);
|
||||
+
|
||||
+# ifdef __cplusplus
|
||||
+}
|
||||
+# endif
|
||||
+
|
||||
+#endif
|
||||
Index: openssl-3.1.4/util/mkdef.pl
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/util/mkdef.pl
|
||||
+++ openssl-3.1.4/util/mkdef.pl
|
||||
@@ -153,7 +153,8 @@ $ordinal_opts{filter} =
|
||||
return
|
||||
$item->exists()
|
||||
&& platform_filter($item)
|
||||
- && feature_filter($item);
|
||||
+ && feature_filter($item)
|
||||
+ && fips_filter($item, $name);
|
||||
};
|
||||
my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file);
|
||||
|
||||
@@ -209,6 +210,28 @@ sub feature_filter {
|
||||
return $verdict;
|
||||
}
|
||||
|
||||
+sub fips_filter {
|
||||
+ my $item = shift;
|
||||
+ my $name = uc(shift);
|
||||
+ my @features = ( $item->features() );
|
||||
+
|
||||
+ # True if no features are defined
|
||||
+ return 1 if scalar @features == 0;
|
||||
+
|
||||
+ my @matches = grep(/^ONLY_.*$/, @features);
|
||||
+ if (@matches) {
|
||||
+ # There is at least one only_* flag on this symbol, check if any of
|
||||
+ # them match the name
|
||||
+ for (@matches) {
|
||||
+ if ($_ eq "ONLY_${name}") {
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
sub sorter_unix {
|
||||
my $by_name = OpenSSL::Ordinals::by_name();
|
||||
my %weight = (
|
||||
Index: openssl-3.1.4/util/providers.num
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/util/providers.num
|
||||
+++ openssl-3.1.4/util/providers.num
|
||||
@@ -1 +1,2 @@
|
||||
OSSL_provider_init 1 * EXIST::FUNCTION:
|
||||
+suse_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS
|
101
openssl-FIPS-RSA-disable-shake.patch
Normal file
101
openssl-FIPS-RSA-disable-shake.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:51:55 +0200
|
||||
Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch
|
||||
|
||||
Patch-name: 0085-FIPS-RSA-disable-shake.patch
|
||||
Patch-id: 85
|
||||
---
|
||||
crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
|
||||
crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
|
||||
2 files changed, 44 insertions(+)
|
||||
|
||||
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||
index b2f7f7dc4b..af2b0b026c 100644
|
||||
--- a/crypto/rsa/rsa_oaep.c
|
||||
+++ b/crypto/rsa/rsa_oaep.c
|
||||
@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
if (mgf1md == NULL)
|
||||
mgf1md = md;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
mdlen = EVP_MD_get_size(md);
|
||||
if (mdlen <= 0) {
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
|
||||
@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
#endif
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (mgf1md == NULL)
|
||||
mgf1md = md;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
mdlen = EVP_MD_get_size(md);
|
||||
|
||||
if (tlen <= 0 || flen <= 0)
|
||||
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
|
||||
index bb46ec64c7..c0fdf232da 100644
|
||||
--- a/crypto/rsa/rsa_pss.c
|
||||
+++ b/crypto/rsa/rsa_pss.c
|
||||
@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+
|
||||
hLen = EVP_MD_get_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+
|
||||
hLen = EVP_MD_get_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
--
|
||||
2.41.0
|
||||
|
47
openssl-FIPS-RSA-encapsulate.patch
Normal file
47
openssl-FIPS-RSA-encapsulate.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:01:48 +0200
|
||||
Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch
|
||||
|
||||
Patch-name: 0091-FIPS-RSA-encapsulate.patch
|
||||
Patch-id: 91
|
||||
---
|
||||
providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
||||
index 365ae3d7d6..8a6f585d0b 100644
|
||||
--- a/providers/implementations/kem/rsa_kem.c
|
||||
+++ b/providers/implementations/kem/rsa_kem.c
|
||||
@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
|
||||
*secretlen = nlen;
|
||||
return 1;
|
||||
}
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Step (2): Generate a random byte string z of nlen bytes where
|
||||
* 1 < z < n - 1
|
||||
@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
|
||||
return 1;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
||||
if (inlen != nlen) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
||||
--
|
||||
2.41.0
|
||||
|
296
openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
296
openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
@ -0,0 +1,296 @@
|
||||
From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Thu, 17 Nov 2022 13:53:31 +0100
|
||||
Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov
|
||||
|
||||
The current draft of FIPS 186-5 [1] no longer contains specifications
|
||||
for X9.31 signature padding. Instead, it contains the following
|
||||
information in Appendix E:
|
||||
|
||||
> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
|
||||
> this standard.
|
||||
|
||||
Since this situation is unlikely to change in future revisions of the
|
||||
draft, and future FIPS 140-3 validations of the provider will require
|
||||
X9.31 to be disabled or marked as not approved with an explicit
|
||||
indicator, disallow this padding mode now.
|
||||
|
||||
Remove the X9.31 tests from the acvp test, since they will always fail
|
||||
now.
|
||||
|
||||
[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
providers/implementations/signature/rsa_sig.c | 6 +
|
||||
test/acvp_test.inc | 214 ------------------
|
||||
2 files changed, 6 insertions(+), 214 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
@@ -1250,7 +1250,13 @@ static int rsa_set_ctx_params(void *vprs
|
||||
err_extra_text = "No padding not allowed with RSA-PSS";
|
||||
goto cont;
|
||||
case RSA_X931_PADDING:
|
||||
+#ifndef FIPS_MODULE
|
||||
err_extra_text = "X.931 padding not allowed with RSA-PSS";
|
||||
+#else /* !defined(FIPS_MODULE) */
|
||||
+ err_extra_text = "X.931 padding no longer allowed in FIPS mode,"
|
||||
+ " since it was removed from FIPS 186-5";
|
||||
+ goto bad_pad;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
cont:
|
||||
if (RSA_test_flags(prsactx->rsa,
|
||||
RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
|
||||
Index: openssl-3.1.4/test/acvp_test.inc
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/acvp_test.inc
|
||||
+++ openssl-3.1.4/test/acvp_test.inc
|
||||
@@ -1214,13 +1214,6 @@ static const struct rsa_siggen_st rsa_si
|
||||
NO_PSS_SALT_LEN,
|
||||
},
|
||||
{
|
||||
- "x931",
|
||||
- 2048,
|
||||
- "SHA384",
|
||||
- ITM(rsa_siggen0_msg),
|
||||
- NO_PSS_SALT_LEN,
|
||||
- },
|
||||
- {
|
||||
"pss",
|
||||
2048,
|
||||
"SHA384",
|
||||
@@ -1631,202 +1624,6 @@ static const unsigned char rsa_sigverpss
|
||||
0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b,
|
||||
};
|
||||
|
||||
-static const unsigned char rsa_sigverx931_0_n[] = {
|
||||
- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
|
||||
- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
|
||||
- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
|
||||
- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
|
||||
- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
|
||||
- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
|
||||
- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
|
||||
- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
|
||||
- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
|
||||
- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
|
||||
- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
|
||||
- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
|
||||
- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
|
||||
- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
|
||||
- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
|
||||
- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
|
||||
- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
|
||||
- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
|
||||
- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
|
||||
- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
|
||||
- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
|
||||
- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
|
||||
- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
|
||||
- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
|
||||
- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
|
||||
- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
|
||||
- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
|
||||
- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
|
||||
- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
|
||||
- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
|
||||
- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
|
||||
- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
|
||||
- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
|
||||
- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
|
||||
- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
|
||||
- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
|
||||
- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
|
||||
- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
|
||||
- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
|
||||
- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
|
||||
- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
|
||||
- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
|
||||
- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
|
||||
- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
|
||||
- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
|
||||
- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
|
||||
- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
|
||||
- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
|
||||
-
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_e[] = {
|
||||
- 0x01, 0x00, 0x01,
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_msg[] = {
|
||||
- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
|
||||
- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
|
||||
- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
|
||||
- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
|
||||
- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
|
||||
- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
|
||||
- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
|
||||
- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
|
||||
- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
|
||||
- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
|
||||
- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
|
||||
- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
|
||||
- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
|
||||
- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
|
||||
- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
|
||||
- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
|
||||
-
|
||||
-};
|
||||
-static const unsigned char rsa_sigverx931_0_sig[] = {
|
||||
- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
|
||||
- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
|
||||
- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
|
||||
- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
|
||||
- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
|
||||
- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
|
||||
- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
|
||||
- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
|
||||
- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
|
||||
- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
|
||||
- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
|
||||
- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
|
||||
- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
|
||||
- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
|
||||
- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
|
||||
- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
|
||||
- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
|
||||
- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
|
||||
- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
|
||||
- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
|
||||
- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
|
||||
- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
|
||||
- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
|
||||
- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
|
||||
- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
|
||||
- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
|
||||
- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
|
||||
- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
|
||||
- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
|
||||
- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
|
||||
- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
|
||||
- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
|
||||
- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
|
||||
- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
|
||||
- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
|
||||
- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
|
||||
- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
|
||||
- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
|
||||
- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
|
||||
- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
|
||||
- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
|
||||
- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
|
||||
- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
|
||||
- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
|
||||
- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
|
||||
- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
|
||||
- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
|
||||
- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
|
||||
-};
|
||||
-
|
||||
-#define rsa_sigverx931_1_n rsa_sigverx931_0_n
|
||||
-#define rsa_sigverx931_1_e rsa_sigverx931_0_e
|
||||
-static const unsigned char rsa_sigverx931_1_msg[] = {
|
||||
- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
|
||||
- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
|
||||
- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
|
||||
- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
|
||||
- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
|
||||
- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
|
||||
- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
|
||||
- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
|
||||
- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
|
||||
- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
|
||||
- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
|
||||
- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
|
||||
- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
|
||||
- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
|
||||
- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
|
||||
- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
|
||||
-};
|
||||
-
|
||||
-static const unsigned char rsa_sigverx931_1_sig[] = {
|
||||
- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
|
||||
- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
|
||||
- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
|
||||
- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
|
||||
- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
|
||||
- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
|
||||
- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
|
||||
- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
|
||||
- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
|
||||
- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
|
||||
- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
|
||||
- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
|
||||
- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
|
||||
- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
|
||||
- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
|
||||
- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
|
||||
- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
|
||||
- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
|
||||
- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
|
||||
- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
|
||||
- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
|
||||
- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
|
||||
- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
|
||||
- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
|
||||
- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
|
||||
- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
|
||||
- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
|
||||
- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
|
||||
- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
|
||||
- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
|
||||
- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
|
||||
- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
|
||||
- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
|
||||
- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
|
||||
- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
|
||||
- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
|
||||
- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
|
||||
- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
|
||||
- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
|
||||
- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
|
||||
- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
|
||||
- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
|
||||
- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
|
||||
- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
|
||||
- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
|
||||
- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
|
||||
- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
|
||||
- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
|
||||
-};
|
||||
-
|
||||
static const struct rsa_sigver_st rsa_sigver_data[] = {
|
||||
{
|
||||
"pkcs1", /* pkcs1v1.5 */
|
||||
@@ -1850,28 +1647,6 @@ static const struct rsa_sigver_st rsa_si
|
||||
NO_PSS_SALT_LEN,
|
||||
FAIL
|
||||
},
|
||||
- {
|
||||
- "x931",
|
||||
- 3072,
|
||||
- "SHA1",
|
||||
- ITM(rsa_sigverx931_0_msg),
|
||||
- ITM(rsa_sigverx931_0_n),
|
||||
- ITM(rsa_sigverx931_0_e),
|
||||
- ITM(rsa_sigverx931_0_sig),
|
||||
- NO_PSS_SALT_LEN,
|
||||
- PASS
|
||||
- },
|
||||
- {
|
||||
- "x931",
|
||||
- 3072,
|
||||
- "SHA256",
|
||||
- ITM(rsa_sigverx931_1_msg),
|
||||
- ITM(rsa_sigverx931_1_n),
|
||||
- ITM(rsa_sigverx931_1_e),
|
||||
- ITM(rsa_sigverx931_1_sig),
|
||||
- NO_PSS_SALT_LEN,
|
||||
- FAIL
|
||||
- },
|
||||
{
|
||||
"pss",
|
||||
4096,
|
378
openssl-FIPS-Use-FFDHE2048-in-self-test.patch
Normal file
378
openssl-FIPS-Use-FFDHE2048-in-self-test.patch
Normal file
@ -0,0 +1,378 @@
|
||||
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Fri, 22 Jul 2022 17:51:16 +0200
|
||||
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
|
||||
1 file changed, 172 insertions(+), 170 deletions(-)
|
||||
|
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||
index a29cc650b5..1b5623833f 100644
|
||||
--- a/providers/fips/self_test_data.inc
|
||||
+++ b/providers/fips/self_test_data.inc
|
||||
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/* DH KAT */
|
||||
+/* RFC7919 FFDHE2048 p */
|
||||
static const unsigned char dh_p[] = {
|
||||
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
|
||||
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
|
||||
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
|
||||
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
|
||||
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
|
||||
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
|
||||
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
|
||||
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
|
||||
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
|
||||
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
|
||||
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
|
||||
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
|
||||
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
|
||||
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
|
||||
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
|
||||
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
|
||||
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
|
||||
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
|
||||
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
|
||||
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
|
||||
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
|
||||
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
|
||||
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
|
||||
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
|
||||
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
|
||||
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
|
||||
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
|
||||
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
|
||||
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
|
||||
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
|
||||
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
|
||||
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
|
||||
-};
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
|
||||
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
||||
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
|
||||
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
|
||||
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
||||
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
|
||||
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
|
||||
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
||||
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
|
||||
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
|
||||
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
||||
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
|
||||
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
|
||||
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
||||
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
|
||||
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
|
||||
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
||||
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
|
||||
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
|
||||
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
||||
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
|
||||
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
|
||||
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
||||
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
|
||||
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
|
||||
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
||||
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
|
||||
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
|
||||
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
||||
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||
+};
|
||||
+/* RFC7919 FFDHE2048 q */
|
||||
static const unsigned char dh_q[] = {
|
||||
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
|
||||
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
|
||||
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
|
||||
- 0x11, 0xac, 0xb5, 0x7d
|
||||
-};
|
||||
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
|
||||
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
||||
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
|
||||
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
|
||||
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
||||
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
|
||||
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
|
||||
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
||||
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
|
||||
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
|
||||
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
||||
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
|
||||
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
|
||||
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
||||
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
|
||||
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
|
||||
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
||||
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
|
||||
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
|
||||
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
||||
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
|
||||
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
|
||||
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
||||
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
|
||||
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
|
||||
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
||||
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
|
||||
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
|
||||
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
||||
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||
+};
|
||||
+/* RFC7919 FFDHE2048 g */
|
||||
static const unsigned char dh_g[] = {
|
||||
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
|
||||
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
|
||||
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
|
||||
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
|
||||
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
|
||||
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
|
||||
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
|
||||
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
|
||||
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
|
||||
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
|
||||
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
|
||||
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
|
||||
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
|
||||
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
|
||||
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
|
||||
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
|
||||
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
|
||||
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
|
||||
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
|
||||
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
|
||||
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
|
||||
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
|
||||
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
|
||||
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
|
||||
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
|
||||
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
|
||||
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
|
||||
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
|
||||
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
|
||||
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
|
||||
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
|
||||
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
|
||||
+ 0x02
|
||||
};
|
||||
static const unsigned char dh_priv[] = {
|
||||
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
|
||||
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
|
||||
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
|
||||
- 0x40, 0xb8, 0xfc, 0xe6
|
||||
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
|
||||
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
|
||||
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
|
||||
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
|
||||
};
|
||||
static const unsigned char dh_pub[] = {
|
||||
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
|
||||
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
|
||||
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
|
||||
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
|
||||
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
|
||||
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
|
||||
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
|
||||
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
|
||||
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
|
||||
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
|
||||
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
|
||||
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
|
||||
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
|
||||
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
|
||||
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
|
||||
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
|
||||
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
|
||||
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
|
||||
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
|
||||
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
|
||||
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
|
||||
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
|
||||
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
|
||||
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
|
||||
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
|
||||
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
|
||||
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
|
||||
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
|
||||
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
|
||||
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
|
||||
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
|
||||
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
|
||||
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
|
||||
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
|
||||
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
|
||||
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
|
||||
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
|
||||
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
|
||||
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
|
||||
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
|
||||
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
|
||||
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
|
||||
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
|
||||
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
|
||||
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
|
||||
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
|
||||
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
|
||||
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
|
||||
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
|
||||
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
|
||||
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
|
||||
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
|
||||
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
|
||||
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
|
||||
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
|
||||
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
|
||||
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
|
||||
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
|
||||
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
|
||||
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
|
||||
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
|
||||
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
|
||||
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
|
||||
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
|
||||
+ 0x32
|
||||
};
|
||||
static const unsigned char dh_peer_pub[] = {
|
||||
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
|
||||
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
|
||||
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
|
||||
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
|
||||
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
|
||||
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
|
||||
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
|
||||
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
|
||||
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
|
||||
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
|
||||
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
|
||||
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
|
||||
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
|
||||
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
|
||||
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
|
||||
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
|
||||
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
|
||||
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
|
||||
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
|
||||
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
|
||||
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
|
||||
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
|
||||
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
|
||||
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
|
||||
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
|
||||
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
|
||||
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
|
||||
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
|
||||
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
|
||||
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
|
||||
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
|
||||
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
|
||||
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
|
||||
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
|
||||
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
|
||||
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
|
||||
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
|
||||
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
|
||||
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
|
||||
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
|
||||
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
|
||||
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
|
||||
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
|
||||
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
|
||||
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
|
||||
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
|
||||
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
|
||||
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
|
||||
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
|
||||
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
|
||||
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
|
||||
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
|
||||
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
|
||||
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
|
||||
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
|
||||
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
|
||||
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
|
||||
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
|
||||
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
|
||||
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
|
||||
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
|
||||
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
|
||||
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
|
||||
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
|
||||
+ 0x64
|
||||
};
|
||||
|
||||
static const unsigned char dh_secret_expected[] = {
|
||||
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
|
||||
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
|
||||
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
|
||||
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
|
||||
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
|
||||
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
|
||||
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
|
||||
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
|
||||
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
|
||||
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
|
||||
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
|
||||
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
|
||||
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
|
||||
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
|
||||
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
|
||||
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
|
||||
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
|
||||
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
|
||||
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
|
||||
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
|
||||
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
|
||||
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
|
||||
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
|
||||
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
|
||||
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
|
||||
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
|
||||
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
|
||||
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
|
||||
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
|
||||
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
|
||||
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
|
||||
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
|
||||
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
|
||||
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
|
||||
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
|
||||
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
|
||||
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
|
||||
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
|
||||
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
|
||||
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
|
||||
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
|
||||
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
|
||||
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
|
||||
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
|
||||
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
|
||||
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
|
||||
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
|
||||
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
|
||||
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
|
||||
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
|
||||
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
|
||||
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
|
||||
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
|
||||
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
|
||||
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
|
||||
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
|
||||
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
|
||||
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
|
||||
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
|
||||
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
|
||||
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
|
||||
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
|
||||
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
|
||||
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
|
||||
};
|
||||
|
||||
static const ST_KAT_PARAM dh_group[] = {
|
||||
--
|
||||
2.35.3
|
||||
|
350
openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Normal file
350
openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Normal file
@ -0,0 +1,350 @@
|
||||
From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 29/35]
|
||||
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||
|
||||
Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||
Patch-id: 73
|
||||
Patch-status: |
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
crypto/rsa/rsa_local.h | 8 ++
|
||||
crypto/rsa/rsa_oaep.c | 34 ++++++--
|
||||
include/openssl/core_names.h | 3 +
|
||||
providers/fips/self_test_data.inc | 79 ++++++++++---------
|
||||
providers/fips/self_test_kats.c | 7 ++
|
||||
.../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
|
||||
6 files changed, 128 insertions(+), 44 deletions(-)
|
||||
|
||||
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
|
||||
index ea70da05ad..dde57a1a0e 100644
|
||||
--- a/crypto/rsa/rsa_local.h
|
||||
+++ b/crypto/rsa/rsa_local.h
|
||||
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
|
||||
int tlen, const unsigned char *from,
|
||||
int flen);
|
||||
|
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||
+ unsigned char *to, int tlen,
|
||||
+ const unsigned char *from, int flen,
|
||||
+ const unsigned char *param,
|
||||
+ int plen, const EVP_MD *md,
|
||||
+ const EVP_MD *mgf1md,
|
||||
+ const char *suse_st_seed);
|
||||
+
|
||||
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
|
||||
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||
index d9be1a4f98..b2f7f7dc4b 100644
|
||||
--- a/crypto/rsa/rsa_oaep.c
|
||||
+++ b/crypto/rsa/rsa_oaep.c
|
||||
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||
param, plen, NULL, NULL);
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+extern int SUSE_FIPS_asym_cipher_st;
|
||||
+#endif /* FIPS_MODULE */
|
||||
+
|
||||
/*
|
||||
* Perform the padding as per NIST 800-56B 7.2.2.3
|
||||
* from (K) is the key material.
|
||||
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||
* Step numbers are included here but not in the constant time inverse below
|
||||
* to avoid complicating an already difficult enough function.
|
||||
*/
|
||||
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||
- unsigned char *to, int tlen,
|
||||
- const unsigned char *from, int flen,
|
||||
- const unsigned char *param,
|
||||
- int plen, const EVP_MD *md,
|
||||
- const EVP_MD *mgf1md)
|
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||
+ unsigned char *to, int tlen,
|
||||
+ const unsigned char *from, int flen,
|
||||
+ const unsigned char *param,
|
||||
+ int plen, const EVP_MD *md,
|
||||
+ const EVP_MD *mgf1md,
|
||||
+ const char *suse_st_seed)
|
||||
{
|
||||
int rv = 0;
|
||||
int i, emlen = tlen - 1;
|
||||
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||
db[emlen - flen - mdlen - 1] = 0x01;
|
||||
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
|
||||
/* step 3d: generate random byte string */
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (suse_st_seed != NULL && SUSE_FIPS_asym_cipher_st) {
|
||||
+ memcpy(seed, suse_st_seed, mdlen);
|
||||
+ } else
|
||||
+#endif
|
||||
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
|
||||
goto err;
|
||||
|
||||
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||
+ unsigned char *to, int tlen,
|
||||
+ const unsigned char *from, int flen,
|
||||
+ const unsigned char *param,
|
||||
+ int plen, const EVP_MD *md,
|
||||
+ const EVP_MD *mgf1md)
|
||||
+{
|
||||
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
|
||||
+ flen, param, plen, md,
|
||||
+ mgf1md, NULL);
|
||||
+}
|
||||
+
|
||||
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
const unsigned char *from, int flen,
|
||||
const unsigned char *param, int plen,
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||
index 5e3c132f5b..c0cce14297 100644
|
||||
--- a/include/openssl/core_names.h
|
||||
+++ b/include/openssl/core_names.h
|
||||
@@ -471,6 +471,9 @@ extern "C" {
|
||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
||||
+#ifdef FIPS_MODULE
|
||||
+#define OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED "suse-kat-oaep-seed"
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Encoder / decoder parameters
|
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||
index e0fdc0daa4..aa2012c04a 100644
|
||||
--- a/providers/fips/self_test_data.inc
|
||||
+++ b/providers/fips/self_test_data.inc
|
||||
@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
||||
};
|
||||
|
||||
/*-
|
||||
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
|
||||
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
||||
* ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
||||
* HP/UX PA-RISC compilers.
|
||||
*/
|
||||
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
|
||||
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
|
||||
+static const char oaep_fixed_seed[] = {
|
||||
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
|
||||
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
|
||||
+ 0x2e, 0x4b, 0x2c, 0xe6
|
||||
+};
|
||||
|
||||
static const ST_KAT_PARAM rsa_enc_params[] = {
|
||||
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
|
||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
||||
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED,
|
||||
+ oaep_fixed_seed),
|
||||
ST_KAT_PARAM_END()
|
||||
};
|
||||
|
||||
@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = {
|
||||
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
|
||||
};
|
||||
|
||||
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
|
||||
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
|
||||
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
||||
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
|
||||
};
|
||||
static const unsigned char rsa_asym_expected_encrypt[256] = {
|
||||
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
|
||||
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
|
||||
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
|
||||
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
|
||||
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
|
||||
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
|
||||
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
|
||||
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
|
||||
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
|
||||
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
|
||||
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
|
||||
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
|
||||
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
|
||||
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
|
||||
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
|
||||
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
|
||||
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
|
||||
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
|
||||
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
|
||||
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
|
||||
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
|
||||
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
|
||||
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
|
||||
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
|
||||
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
|
||||
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
|
||||
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
|
||||
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
|
||||
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
|
||||
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
|
||||
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
|
||||
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
|
||||
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
|
||||
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
|
||||
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
|
||||
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
|
||||
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
|
||||
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
|
||||
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
|
||||
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
|
||||
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
|
||||
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
|
||||
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
|
||||
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
|
||||
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
|
||||
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
|
||||
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
|
||||
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
|
||||
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
|
||||
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
|
||||
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
|
||||
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
|
||||
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
|
||||
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
|
||||
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
|
||||
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
|
||||
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
|
||||
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
|
||||
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
|
||||
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
|
||||
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
|
||||
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
|
||||
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
|
||||
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||
index 74ee25dcb6..a9bc8be7fa 100644
|
||||
--- a/providers/fips/self_test_kats.c
|
||||
+++ b/providers/fips/self_test_kats.c
|
||||
@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+int SUSE_FIPS_asym_cipher_st = 0;
|
||||
+
|
||||
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||
{
|
||||
int i, ret = 1;
|
||||
|
||||
+ SUSE_FIPS_asym_cipher_st = 1;
|
||||
+
|
||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
|
||||
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
|
||||
ret = 0;
|
||||
}
|
||||
+
|
||||
+ SUSE_FIPS_asym_cipher_st = 0;
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||
index 9cd8904131..40de5ce8fa 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -30,6 +30,9 @@
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/securitycheck.h"
|
||||
+#ifdef FIPS_MODULE
|
||||
+# include "crypto/rsa/rsa_local.h"
|
||||
+#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
@@ -75,6 +78,9 @@ typedef struct {
|
||||
/* TLS padding */
|
||||
unsigned int client_version;
|
||||
unsigned int alt_version;
|
||||
+#ifdef FIPS_MODULE
|
||||
+ char *suse_st_oaep_seed;
|
||||
+#endif /* FIPS_MODULE */
|
||||
} PROV_RSA_CTX;
|
||||
|
||||
static void *rsa_newctx(void *provctx)
|
||||
@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
}
|
||||
}
|
||||
ret =
|
||||
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
||||
+#ifdef FIPS_MODULE
|
||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
|
||||
+#else
|
||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
|
||||
+#endif
|
||||
+ prsactx->libctx, tbuf,
|
||||
rsasize, in, inlen,
|
||||
prsactx->oaep_label,
|
||||
prsactx->oaep_labellen,
|
||||
prsactx->oaep_md,
|
||||
- prsactx->mgf1_md);
|
||||
+ prsactx->mgf1_md
|
||||
+#ifdef FIPS_MODULE
|
||||
+ , prsactx->suse_st_oaep_seed
|
||||
+#endif
|
||||
+ );
|
||||
|
||||
if (!ret) {
|
||||
OPENSSL_free(tbuf);
|
||||
@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx)
|
||||
EVP_MD_free(prsactx->oaep_md);
|
||||
EVP_MD_free(prsactx->mgf1_md);
|
||||
OPENSSL_free(prsactx->oaep_label);
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OPENSSL_free(prsactx->suse_st_oaep_seed);
|
||||
+#endif /* FIPS_MODULE */
|
||||
|
||||
OPENSSL_free(prsactx);
|
||||
}
|
||||
@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
NULL, 0),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED, NULL, 0),
|
||||
+#endif /* FIPS_MODULE */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
|
||||
return known_gettable_ctx_params;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+extern int SUSE_FIPS_asym_cipher_st;
|
||||
+#endif /* FIPS_MODULE */
|
||||
+
|
||||
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||
prsactx->oaep_labellen = tmp_labellen;
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED);
|
||||
+ if (p != NULL && SUSE_FIPS_asym_cipher_st) {
|
||||
+ void *tmp_oaep_seed = NULL;
|
||||
+
|
||||
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
|
||||
+ return 0;
|
||||
+ OPENSSL_free(prsactx->suse_st_oaep_seed);
|
||||
+ prsactx->suse_st_oaep_seed = (char *)tmp_oaep_seed;
|
||||
+ }
|
||||
+#endif /* FIPS_MODULE */
|
||||
+
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
|
||||
if (p != NULL) {
|
||||
unsigned int client_version;
|
||||
--
|
||||
2.41.0
|
||||
|
309
openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Normal file
309
openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Normal file
@ -0,0 +1,309 @@
|
||||
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Fri, 15 Jul 2022 17:45:40 +0200
|
||||
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
|
||||
|
||||
In review for FIPS 140-3, the lack of a self-test for the digest_sign
|
||||
and digest_verify provider functions was highlighted as a problem. NIST
|
||||
no longer provides ACVP tests for the RSA SigVer primitive (see
|
||||
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
|
||||
recommends the use of functions that compute the digest and signature
|
||||
within the module, we have been advised in our module review that the
|
||||
self tests should also use the combined digest and signature APIs, i.e.
|
||||
the digest_sign and digest_verify provider functions.
|
||||
|
||||
Modify the signature self-test to use these instead by switching to
|
||||
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
|
||||
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
|
||||
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
|
||||
2 files changed, 56 insertions(+), 24 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/crypto/evp/m_sigver.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/evp/m_sigver.c
|
||||
+++ openssl-3.1.4/crypto/evp/m_sigver.c
|
||||
@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
||||
return 0;
|
||||
}
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
/*
|
||||
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
||||
@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
reinit = 0;
|
||||
if (e == NULL)
|
||||
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
||||
+#ifndef FIPS_MODULE
|
||||
else
|
||||
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
}
|
||||
if (ctx->pctx == NULL)
|
||||
return 0;
|
||||
@@ -134,8 +137,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
locpctx = ctx->pctx;
|
||||
ERR_set_mark();
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
if (evp_pkey_ctx_is_legacy(locpctx))
|
||||
goto legacy;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
/* do not reinitialize if pkey is set or operation is different */
|
||||
if (reinit
|
||||
@@ -220,8 +225,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
signature =
|
||||
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
||||
supported_sig, locpctx->propquery);
|
||||
+#ifndef FIPS_MODULE
|
||||
if (signature == NULL)
|
||||
goto legacy;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
break;
|
||||
}
|
||||
if (signature == NULL)
|
||||
@@ -305,6 +312,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
||||
if (ctx->fetched_digest != NULL) {
|
||||
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
||||
+#ifndef FIPS_MODULE
|
||||
} else {
|
||||
/* legacy engine support : remove the mark when this is deleted */
|
||||
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
||||
@@ -313,11 +321,13 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
goto err;
|
||||
}
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
}
|
||||
(void)ERR_pop_to_mark();
|
||||
}
|
||||
}
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
if (ctx->reqdigest != NULL
|
||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
||||
@@ -329,6 +339,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
if (ver) {
|
||||
if (signature->digest_verify_init == NULL) {
|
||||
@@ -361,6 +372,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||
return 0;
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
legacy:
|
||||
/*
|
||||
* If we don't have the full support we need with provided methods,
|
||||
@@ -432,6 +444,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
|
||||
ctx->pctx->flag_call_digest_custom = 1;
|
||||
|
||||
ret = 1;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
end:
|
||||
#ifndef FIPS_MODULE
|
||||
@@ -474,7 +487,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx
|
||||
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
||||
NULL);
|
||||
}
|
||||
-#endif /* FIPS_MDOE */
|
||||
|
||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
||||
{
|
||||
@@ -536,23 +548,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c
|
||||
return EVP_DigestUpdate(ctx, data, dsize);
|
||||
}
|
||||
|
||||
-#ifndef FIPS_MODULE
|
||||
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||
size_t *siglen)
|
||||
{
|
||||
- int sctx = 0, r = 0;
|
||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||
+ int r = 0;
|
||||
+#ifndef FIPS_MODULE
|
||||
+ int sctx = 0;
|
||||
+ EVP_PKEY_CTX *dctx;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
if (pctx == NULL
|
||||
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
||||
|| pctx->op.sig.algctx == NULL
|
||||
|| pctx->op.sig.signature == NULL)
|
||||
goto legacy;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
||||
sigret, siglen,
|
||||
sigret == NULL ? 0 : *siglen);
|
||||
+#ifndef FIPS_MODULE
|
||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||
if (dctx == NULL)
|
||||
return 0;
|
||||
@@ -561,8 +579,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
|
||||
sigret, siglen,
|
||||
*siglen);
|
||||
EVP_PKEY_CTX_free(dctx);
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
return r;
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
legacy:
|
||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
@@ -634,6 +654,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
}
|
||||
|
||||
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
||||
@@ -664,21 +685,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi
|
||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||
size_t siglen)
|
||||
{
|
||||
- unsigned char md[EVP_MAX_MD_SIZE];
|
||||
int r = 0;
|
||||
+#ifndef FIPS_MODULE
|
||||
+ unsigned char md[EVP_MAX_MD_SIZE];
|
||||
unsigned int mdlen = 0;
|
||||
int vctx = 0;
|
||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||
+ EVP_PKEY_CTX *dctx;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
if (pctx == NULL
|
||||
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
||||
|| pctx->op.sig.algctx == NULL
|
||||
|| pctx->op.sig.signature == NULL)
|
||||
goto legacy;
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
|
||||
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
||||
sig, siglen);
|
||||
+#ifndef FIPS_MODULE
|
||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||
if (dctx == NULL)
|
||||
return 0;
|
||||
@@ -686,8 +713,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
|
||||
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
|
||||
sig, siglen);
|
||||
EVP_PKEY_CTX_free(dctx);
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
return r;
|
||||
|
||||
+#ifndef FIPS_MODULE
|
||||
legacy:
|
||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
@@ -727,6 +756,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
|
||||
if (vctx || !r)
|
||||
return r;
|
||||
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
}
|
||||
|
||||
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||||
@@ -752,4 +782,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co
|
||||
return -1;
|
||||
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
||||
}
|
||||
-#endif /* FIPS_MODULE */
|
||||
Index: openssl-3.1.4/providers/fips/self_test_kats.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/self_test_kats.c
|
||||
+++ openssl-3.1.4/providers/fips/self_test_kats.c
|
||||
@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_S
|
||||
int ret = 0;
|
||||
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
||||
OSSL_PARAM_BLD *bld = NULL;
|
||||
+ EVP_MD *md = NULL;
|
||||
+ EVP_MD_CTX *ctx = NULL;
|
||||
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
- unsigned char sig[256];
|
||||
BN_CTX *bnctx = NULL;
|
||||
+ const char *msg = "Hello World!";
|
||||
+ unsigned char sig[256];
|
||||
size_t siglen = sizeof(sig);
|
||||
static const unsigned char dgst[] = {
|
||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||
@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_S
|
||||
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
||||
goto err;
|
||||
|
||||
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
||||
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
||||
- if (sctx == NULL
|
||||
- || EVP_PKEY_sign_init(sctx) <= 0)
|
||||
- goto err;
|
||||
-
|
||||
- /* set signature parameters */
|
||||
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
||||
- t->mdalgorithm,
|
||||
- strlen(t->mdalgorithm) + 1))
|
||||
- goto err;
|
||||
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
||||
+ * parameters and sign */
|
||||
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
||||
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (md == NULL || ctx == NULL)
|
||||
+ goto err;
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
||||
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
||||
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
||||
goto err;
|
||||
|
||||
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
||||
- || EVP_PKEY_verify_init(sctx) <= 0
|
||||
+ /* sctx is not freed automatically inside the FIPS module */
|
||||
+ EVP_PKEY_CTX_free(sctx);
|
||||
+ sctx = NULL;
|
||||
+
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||
goto err;
|
||||
|
||||
@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_S
|
||||
goto err;
|
||||
|
||||
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
||||
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
||||
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
||||
goto err;
|
||||
ret = 1;
|
||||
err:
|
||||
BN_CTX_free(bnctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
- EVP_PKEY_CTX_free(kctx);
|
||||
+ EVP_MD_free(md);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
+ /* sctx is not freed automatically inside the FIPS module */
|
||||
EVP_PKEY_CTX_free(sctx);
|
||||
+ EVP_PKEY_CTX_free(kctx);
|
||||
OSSL_PARAM_free(params);
|
||||
OSSL_PARAM_free(params_sig);
|
||||
OSSL_PARAM_BLD_free(bld);
|
40
openssl-FIPS-early-KATS.patch
Normal file
40
openssl-FIPS-early-KATS.patch
Normal file
@ -0,0 +1,40 @@
|
||||
Index: openssl-3.1.4/providers/fips/self_test.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/self_test.c
|
||||
+++ openssl-3.1.4/providers/fips/self_test.c
|
||||
@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||
if (ev == NULL)
|
||||
goto end;
|
||||
|
||||
+ /*
|
||||
+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
|
||||
+ */
|
||||
+ if (kats_already_passed == 0) {
|
||||
+ if (!SELF_TEST_kats(ev, st->libctx)) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
||||
+ goto end;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
module_checksum = fips_hmac_container;
|
||||
checksum_len = sizeof(fips_hmac_container);
|
||||
|
||||
@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||
}
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Only runs the KAT's during installation OR on_demand().
|
||||
- * NOTE: If the installation option 'self_test_onload' is chosen then this
|
||||
- * path will always be run, since kats_already_passed will always be 0.
|
||||
- */
|
||||
- if (on_demand_test || kats_already_passed == 0) {
|
||||
- if (!SELF_TEST_kats(ev, st->libctx)) {
|
||||
- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
||||
- goto end;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/* Verify that the RNG has been restored properly */
|
||||
rng = ossl_rand_get0_private_noncreating(st->libctx);
|
||||
if (rng != NULL)
|
227
openssl-FIPS-enforce-EMS-support.patch
Normal file
227
openssl-FIPS-enforce-EMS-support.patch
Normal file
@ -0,0 +1,227 @@
|
||||
From 9b02ad7225b74a5b9088b361caead0a41e570e93 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:40:56 +0200
|
||||
Subject: [PATCH 48/48] 0114-FIPS-enforce-EMS-support.patch
|
||||
|
||||
Patch-name: 0114-FIPS-enforce-EMS-support.patch
|
||||
Patch-id: 114
|
||||
Patch-status: |
|
||||
# We believe that some changes present in CentOS are not necessary
|
||||
# because ustream has a check for FIPS version
|
||||
---
|
||||
doc/man3/SSL_CONF_cmd.pod | 3 +++
|
||||
doc/man5/fips_config.pod | 13 +++++++++++
|
||||
include/openssl/fips_names.h | 8 +++++++
|
||||
include/openssl/ssl.h.in | 1 +
|
||||
providers/fips/fipsprov.c | 2 +-
|
||||
providers/implementations/kdfs/tls1_prf.c | 22 +++++++++++++++++++
|
||||
ssl/ssl_conf.c | 1 +
|
||||
ssl/statem/extensions_srvr.c | 8 ++++++-
|
||||
ssl/t1_enc.c | 11 ++++++++--
|
||||
.../30-test_evp_data/evpkdf_tls12_prf.txt | 10 +++++++++
|
||||
test/sslapitest.c | 2 +-
|
||||
11 files changed, 76 insertions(+), 5 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/doc/man3/SSL_CONF_cmd.pod
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/doc/man3/SSL_CONF_cmd.pod
|
||||
+++ openssl-3.1.4/doc/man3/SSL_CONF_cmd.pod
|
||||
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended ma
|
||||
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
|
||||
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
|
||||
|
||||
+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
|
||||
+This is a downstream specific option, and normally it should be set up via crypto-policies.
|
||||
+
|
||||
B<CANames>: use CA names extension, enabled by
|
||||
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
|
||||
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
|
||||
Index: openssl-3.1.4/doc/man5/fips_config.pod
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/doc/man5/fips_config.pod
|
||||
+++ openssl-3.1.4/doc/man5/fips_config.pod
|
||||
@@ -15,6 +15,19 @@ See the documentation for more informati
|
||||
|
||||
This functionality was added in OpenSSL 3.0.
|
||||
|
||||
+SUSE Linux Enterprise uses a supplementary downstream config for FIPS module located
|
||||
+in OpenSSL configuration directory and managed by crypto-policies. If present, it
|
||||
+should have the following format:
|
||||
+
|
||||
+ [fips_sect]
|
||||
+ tls1-prf-ems-check = 0
|
||||
+ activate = 1
|
||||
+
|
||||
+The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
|
||||
+presence of extended master secret or not.
|
||||
+
|
||||
+The B<activate> option enforces FIPS provider activation.
|
||||
+
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Index: openssl-3.1.4/include/openssl/fips_names.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/fips_names.h
|
||||
+++ openssl-3.1.4/include/openssl/fips_names.h
|
||||
@@ -70,6 +70,14 @@ extern "C" {
|
||||
*/
|
||||
# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
|
||||
|
||||
+/*
|
||||
+ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
|
||||
+ * This is disabled by default.
|
||||
+ *
|
||||
+ * Type: OSSL_PARAM_UTF8_STRING
|
||||
+ */
|
||||
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
|
||||
+
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
# endif
|
||||
Index: openssl-3.1.4/include/openssl/ssl.h.in
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/ssl.h.in
|
||||
+++ openssl-3.1.4/include/openssl/ssl.h.in
|
||||
@@ -420,6 +420,7 @@ typedef int (*SSL_async_callback_fn)(SSL
|
||||
* interoperability with CryptoPro CSP 3.x
|
||||
*/
|
||||
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
|
||||
+# define SSL_OP_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
|
||||
|
||||
/*
|
||||
* Option "collections."
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_L
|
||||
if (fgbl == NULL)
|
||||
return NULL;
|
||||
init_fips_option(&fgbl->fips_security_checks, 1);
|
||||
- init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
|
||||
+ init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */
|
||||
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
|
||||
return fgbl;
|
||||
}
|
||||
Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/kdfs/tls1_prf.c
|
||||
+++ openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
|
||||
@@ -222,6 +222,27 @@ static int kdf_tls1_prf_derive(void *vct
|
||||
}
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * The seed buffer is prepended with a label.
|
||||
+ * If EMS mode is enforced then the label "master secret" is not allowed,
|
||||
+ * We do the check this way since the PRF is used for other purposes, as well
|
||||
+ * as "extended master secret".
|
||||
+ */
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
||||
+ ctx->fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
|
||||
+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
|
||||
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
|
||||
ctx->sec, ctx->seclen,
|
||||
ctx->seed, ctx->seedlen,
|
||||
Index: openssl-3.1.4/ssl/ssl_conf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/ssl/ssl_conf.c
|
||||
+++ openssl-3.1.4/ssl/ssl_conf.c
|
||||
@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cct
|
||||
SSL_FLAG_TBL("ClientRenegotiation",
|
||||
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
|
||||
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
|
||||
+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_PERMIT_NOEMS_FIPS),
|
||||
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
|
||||
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
|
||||
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
|
||||
Index: openssl-3.1.4/ssl/statem/extensions_srvr.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/ssl/statem/extensions_srvr.c
|
||||
+++ openssl-3.1.4/ssl/statem/extensions_srvr.c
|
||||
@@ -11,6 +11,7 @@
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
+#include <openssl/fips.h>
|
||||
|
||||
#define COOKIE_STATE_FORMAT_VERSION 1
|
||||
|
||||
@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s
|
||||
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
|
||||
X509 *x, size_t chainidx)
|
||||
{
|
||||
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
|
||||
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
|
||||
+ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_PERMIT_NOEMS_FIPS) ) {
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
||||
+ return EXT_RETURN_FAIL;
|
||||
+ }
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
+ }
|
||||
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|
||||
|| !WPACKET_put_bytes_u16(pkt, 0)) {
|
||||
Index: openssl-3.1.4/ssl/t1_enc.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/ssl/t1_enc.c
|
||||
+++ openssl-3.1.4/ssl/t1_enc.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/trace.h>
|
||||
+#include <openssl/fips.h>
|
||||
|
||||
/* seed1 through seed5 are concatenated */
|
||||
static int tls1_PRF(SSL *s,
|
||||
@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s,
|
||||
}
|
||||
|
||||
err:
|
||||
- if (fatal)
|
||||
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
+ if (fatal) {
|
||||
+ /* The calls to this function are local so it's safe to implement the check */
|
||||
+ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
|
||||
+ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
|
||||
+ else
|
||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
+ }
|
||||
else
|
||||
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
|
||||
EVP_KDF_CTX_free(kctx);
|
||||
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
|
||||
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3
|
||||
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
|
||||
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
|
||||
|
||||
+Availablein = fips
|
||||
+KDF = TLS1-PRF
|
||||
+Ctrl.digest = digest:SHA256
|
||||
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
|
||||
+Ctrl.label = seed:master secret
|
||||
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
|
||||
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
|
||||
+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
|
||||
+Result = KDF_DERIVE_ERROR
|
||||
+
|
||||
FIPSversion = <=3.1.0
|
||||
KDF = TLS1-PRF
|
||||
Ctrl.digest = digest:SHA256
|
@ -0,0 +1,22 @@
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -107,7 +107,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_L
|
||||
return NULL;
|
||||
init_fips_option(&fgbl->fips_security_checks, 1);
|
||||
init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */
|
||||
- init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
|
||||
+ init_fips_option(&fgbl->fips_restricted_drgb_digests, 1); /* Enabled by default */
|
||||
return fgbl;
|
||||
}
|
||||
|
||||
@@ -820,8 +820,6 @@ int OSSL_provider_init_int(const OSSL_CO
|
||||
if (fgbl->field.option != NULL) { \
|
||||
if (strcmp(fgbl->field.option, "1") == 0) \
|
||||
fgbl->field.enabled = 1; \
|
||||
- else if (strcmp(fgbl->field.option, "0") == 0) \
|
||||
- fgbl->field.enabled = 0; \
|
||||
else \
|
||||
goto err; \
|
||||
}
|
568
openssl-FIPS-limit-rsa-encrypt.patch
Normal file
568
openssl-FIPS-limit-rsa-encrypt.patch
Normal file
@ -0,0 +1,568 @@
|
||||
From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch
|
||||
|
||||
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
|
||||
Patch-id: 58
|
||||
Patch-status: |
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
providers/common/securitycheck.c | 1 +
|
||||
.../implementations/asymciphers/rsa_enc.c | 35 +++++++++++
|
||||
.../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++-
|
||||
test/recipes/80-test_cms.t | 5 +-
|
||||
test/recipes/80-test_ssl_old.t | 27 +++++++--
|
||||
5 files changed, 118 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
||||
index e534ad0a5f..c017c658e5 100644
|
||||
--- a/providers/common/securitycheck.c
|
||||
+++ b/providers/common/securitycheck.c
|
||||
@@ -27,6 +27,7 @@
|
||||
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
|
||||
*/
|
||||
+/* SUSE build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
|
||||
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
|
||||
{
|
||||
int protect = 0;
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||
index d865968058..872967bcb3 100644
|
||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
|
||||
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
|
||||
}
|
||||
|
||||
+# ifdef FIPS_MODULE
|
||||
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
|
||||
+{
|
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING || prsactx->pad_mode == RSA_NO_PADDING
|
||||
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+# endif
|
||||
+
|
||||
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
size_t outsize, const unsigned char *in, size_t inlen)
|
||||
{
|
||||
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
|
||||
+# ifdef FIPS_MODULE
|
||||
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+# endif
|
||||
+
|
||||
if (out == NULL) {
|
||||
size_t len = RSA_size(prsactx->rsa);
|
||||
|
||||
@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
|
||||
+# ifdef FIPS_MODULE
|
||||
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+# endif
|
||||
+
|
||||
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
|
||||
if (out == NULL) {
|
||||
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
|
||||
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
index 8680797b90..95d5d51102 100644
|
||||
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||
@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
|
||||
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||
|
||||
# RSA decrypt
|
||||
-
|
||||
+Availablein = default
|
||||
Decrypt = RSA-2048
|
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
|
||||
Output = "Hello World"
|
||||
|
||||
# Corrupted ciphertext
|
||||
-FIPSversion = <3.2.0
|
||||
+Availablein = default
|
||||
Decrypt = RSA-2048
|
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
|
||||
Output = "Hello World"
|
||||
@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
|
||||
h90qjKHS9PvY4Q==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
|
||||
Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
|
||||
Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
|
||||
Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
|
||||
Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
|
||||
Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-1
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
|
||||
eG2e4XlBcKjI6A==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
|
||||
Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
|
||||
Output=2d
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
|
||||
Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
|
||||
Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
|
||||
Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-2
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
|
||||
Ya4qnqZe1onjY5o=
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
|
||||
Output=087820b569e8fa8d
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
|
||||
Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
|
||||
Output=d94cd0e08fa404ed89
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
|
||||
Output=6cc641b6b61e6f963974dad23a9013284ef1
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
|
||||
Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-3
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
|
||||
aD0x7TDrmEvkEro=
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
|
||||
Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
|
||||
Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
|
||||
Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
|
||||
Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
|
||||
Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-4
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
|
||||
MSwGUGLx60i3nRyDyw==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
|
||||
Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
|
||||
Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
|
||||
Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
|
||||
Output=15c5b9ee1185
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
|
||||
Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-5
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
|
||||
Yejn5Ly8mU2q+jBcRQ==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
|
||||
Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
|
||||
Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
|
||||
Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
|
||||
Output=684e3038c5c041f7
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
|
||||
Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-6
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
|
||||
FMlxv0gq65dqc3DC
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
|
||||
Output=47aae909
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
|
||||
Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
|
||||
Output=d976fc
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
|
||||
Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
|
||||
Output=bb47231ca5ea1d3ad46c99345d9a8a61
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-7
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
|
||||
2MiPa249Z+lh3Luj0A==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
|
||||
Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
|
||||
Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
|
||||
Output=8604ac56328c1ab5ad917861
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
|
||||
Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
|
||||
Output=4a5f4914bee25de3c69341de07
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-8
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
|
||||
tKo5Eb69iFQvBb4=
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
|
||||
Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
|
||||
Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
|
||||
Output=fd326429df9b890e09b54b18b8f34f1e24
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
|
||||
Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
|
||||
Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
|
||||
|
||||
+Availablein = default
|
||||
Decrypt=RSA-OAEP-9
|
||||
Ctrl = rsa_padding_mode:oaep
|
||||
Ctrl = rsa_mgf1_md:sha1
|
||||
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||
index cbec426137..9ba7fbeed2 100644
|
||||
--- a/test/recipes/80-test_cms.t
|
||||
+++ b/test/recipes/80-test_cms.t
|
||||
@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
|
||||
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
||||
"-aes256", "-stream", "-out", "{output}.cms",
|
||||
$smrsa1,
|
||||
@@ -1022,6 +1022,9 @@ sub check_availability {
|
||||
return "$tnam: skipped, DSA disabled\n"
|
||||
if ($no_dsa && $tnam =~ / DSA/);
|
||||
|
||||
+ return "$tnam: skipped, SUSE FIPS\n"
|
||||
+ if ($tnam =~ /no SUSE FIPS/);
|
||||
+
|
||||
return "";
|
||||
}
|
||||
|
||||
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
|
||||
index e2dcb68fb5..0775112b40 100644
|
||||
--- a/test/recipes/80-test_ssl_old.t
|
||||
+++ b/test/recipes/80-test_ssl_old.t
|
||||
@@ -493,6 +493,18 @@ sub testssl {
|
||||
# the default choice if TLSv1.3 enabled
|
||||
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
|
||||
my $ciphersuites = "";
|
||||
+ my %suse_skip_cipher = map {$_ => 1} qw(
|
||||
+AES256-GCM-SHA384:@SECLEVEL=0
|
||||
+AES256-CCM8:@SECLEVEL=0
|
||||
+AES256-CCM:@SECLEVEL=0
|
||||
+AES128-GCM-SHA256:@SECLEVEL=0
|
||||
+AES128-CCM8:@SECLEVEL=0
|
||||
+AES128-CCM:@SECLEVEL=0
|
||||
+AES256-SHA256:@SECLEVEL=0
|
||||
+AES128-SHA256:@SECLEVEL=0
|
||||
+AES256-SHA:@SECLEVEL=0
|
||||
+AES128-SHA:@SECLEVEL=0
|
||||
+ );
|
||||
foreach my $cipher (@{$ciphersuites{$protocol}}) {
|
||||
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
|
||||
note "*****SKIPPING $protocol $cipher";
|
||||
@@ -504,11 +516,16 @@ sub testssl {
|
||||
} else {
|
||||
$cipher = $cipher.':@SECLEVEL=0';
|
||||
}
|
||||
- ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||
- $cipher,
|
||||
- "-ciphersuites", $ciphersuites,
|
||||
- $flag || ()])),
|
||||
- "Testing $cipher");
|
||||
+ if ($provider eq "fips" && exists $suse_skip_cipher{$cipher}) {
|
||||
+ note "*****SKIPPING $cipher in SUSE FIPS mode";
|
||||
+ ok(1);
|
||||
+ } else {
|
||||
+ ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||
+ $cipher,
|
||||
+ "-ciphersuites", $ciphersuites,
|
||||
+ $flag || ()])),
|
||||
+ "Testing $cipher");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
next if $protocol eq "-tls1_3";
|
||||
--
|
||||
2.41.0
|
||||
|
27
openssl-FIPS-release_num_in_version_string.patch
Normal file
27
openssl-FIPS-release_num_in_version_string.patch
Normal file
@ -0,0 +1,27 @@
|
||||
Index: openssl-3.1.4/providers/fips/fipsprov.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
|
||||
+++ openssl-3.1.4/providers/fips/fipsprov.c
|
||||
@@ -194,18 +194,19 @@ static const OSSL_PARAM *fips_gettable_p
|
||||
|
||||
static int fips_get_params(void *provctx, OSSL_PARAM params[])
|
||||
{
|
||||
+#define SUSE_OPENSSL_VERSION_STR OPENSSL_VERSION_STR " SUSE release " SUSE_OPENSSL_RELEASE
|
||||
OSSL_PARAM *p;
|
||||
FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx),
|
||||
OSSL_LIB_CTX_FIPS_PROV_INDEX);
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
|
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
|
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "SUSE Linux Enterprise - OpenSSL FIPS Provider"))
|
||||
return 0;
|
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
|
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
|
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
|
||||
return 0;
|
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
|
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
|
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
|
||||
return 0;
|
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
|
||||
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
|
744
openssl-FIPS-services-minimize.patch
Normal file
744
openssl-FIPS-services-minimize.patch
Normal file
@ -0,0 +1,744 @@
|
||||
From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 12:55:57 +0200
|
||||
Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch
|
||||
|
||||
Patch-name: 0045-FIPS-services-minimize.patch
|
||||
Patch-id: 45
|
||||
Patch-status: |
|
||||
# Minimize fips services
|
||||
---
|
||||
apps/ecparam.c | 7 +++
|
||||
apps/req.c | 2 +-
|
||||
providers/common/capabilities.c | 2 +-
|
||||
providers/fips/fipsprov.c | 44 +++++++++++--------
|
||||
providers/fips/self_test_data.inc | 9 +++-
|
||||
providers/implementations/signature/rsa_sig.c | 26 +++++++++++
|
||||
ssl/ssl_ciph.c | 3 ++
|
||||
test/acvp_test.c | 2 +
|
||||
test/endecode_test.c | 4 ++
|
||||
test/evp_libctx_test.c | 9 +++-
|
||||
test/recipes/15-test_gendsa.t | 2 +-
|
||||
test/recipes/20-test_cli_fips.t | 3 +-
|
||||
test/recipes/30-test_evp.t | 16 +++----
|
||||
.../30-test_evp_data/evpmac_common.txt | 22 ++++++++++
|
||||
test/recipes/80-test_cms.t | 22 +++++-----
|
||||
test/recipes/80-test_ssl_old.t | 2 +-
|
||||
16 files changed, 128 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/apps/ecparam.c b/apps/ecparam.c
|
||||
index 9e9ad13683..9c66cf2434 100644
|
||||
--- a/apps/ecparam.c
|
||||
+++ b/apps/ecparam.c
|
||||
@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
|
||||
const char *comment = curves[n].comment;
|
||||
const char *sname = OBJ_nid2sn(curves[n].nid);
|
||||
|
||||
+ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1)
|
||||
+ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL))
|
||||
+ continue;
|
||||
+
|
||||
if (comment == NULL)
|
||||
comment = "CURVE DESCRIPTION NOT AVAILABLE";
|
||||
if (sname == NULL)
|
||||
diff --git a/apps/req.c b/apps/req.c
|
||||
index 23757044ab..5916914978 100644
|
||||
--- a/apps/req.c
|
||||
+++ b/apps/req.c
|
||||
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
|
||||
unsigned long chtype = MBSTRING_ASC, reqflag = 0;
|
||||
|
||||
#ifndef OPENSSL_NO_DES
|
||||
- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
|
||||
+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
|
||||
#endif
|
||||
|
||||
prog = opt_init(argc, argv, req_options);
|
||||
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
|
||||
index ed37e76969..eb836dfa6a 100644
|
||||
--- a/providers/common/capabilities.c
|
||||
+++ b/providers/common/capabilities.c
|
||||
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = {
|
||||
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
|
||||
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
|
||||
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
|
||||
-# endif
|
||||
TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
|
||||
TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
|
||||
+# endif
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
# ifndef OPENSSL_NO_DH
|
||||
/* Security bit values for FFDHE groups are as per RFC 7919 */
|
||||
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
|
||||
index 518226dfc6..29438faea8 100644
|
||||
--- a/providers/fips/fipsprov.c
|
||||
+++ b/providers/fips/fipsprov.c
|
||||
@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
|
||||
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
|
||||
* KMAC128 and KMAC256.
|
||||
*/
|
||||
- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
|
||||
+ /* We don't certify KECCAK in our FIPS provider */
|
||||
+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
|
||||
ossl_keccak_kmac_128_functions },
|
||||
{ PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
|
||||
- ossl_keccak_kmac_256_functions },
|
||||
+ ossl_keccak_kmac_256_functions }, */
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
|
||||
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
|
||||
ossl_cipher_capable_aes_cbc_hmac_sha256),
|
||||
#ifndef OPENSSL_NO_DES
|
||||
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
|
||||
+ /* We don't certify 3DES in our FIPS provider */
|
||||
+ /* UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||
+ UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
||||
#endif /* OPENSSL_NO_DES */
|
||||
{ { NULL, NULL, NULL }, NULL }
|
||||
};
|
||||
@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
|
||||
#endif
|
||||
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
|
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
|
||||
- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
|
||||
- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
|
||||
+ /* We don't certify KMAC in our FIPS provider */
|
||||
+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
|
||||
+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
|
||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
|
||||
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
|
||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
||||
+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
|
||||
+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/
|
||||
#endif
|
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
|
||||
ossl_kdf_tls1_prf_keyexch_functions },
|
||||
@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
|
||||
|
||||
static const OSSL_ALGORITHM fips_signature[] = {
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
|
||||
+ /* We don't certify DSA in our FIPS provider */
|
||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */
|
||||
#endif
|
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
|
||||
#ifndef OPENSSL_NO_EC
|
||||
- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
|
||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
||||
+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
|
||||
ossl_ed25519_signature_functions },
|
||||
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
|
||||
+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, */
|
||||
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
|
||||
#endif
|
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
|
||||
@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
PROV_DESCS_DHX },
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
|
||||
- PROV_DESCS_DSA },
|
||||
+ /* We don't certify DSA in our FIPS provider */
|
||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
|
||||
+ PROV_DESCS_DSA }, */
|
||||
#endif
|
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
|
||||
PROV_DESCS_RSA },
|
||||
@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
|
||||
PROV_DESCS_EC },
|
||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
|
||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
||||
+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
|
||||
PROV_DESCS_X25519 },
|
||||
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
|
||||
PROV_DESCS_X448 },
|
||||
{ PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
|
||||
PROV_DESCS_ED25519 },
|
||||
{ PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
|
||||
- PROV_DESCS_ED448 },
|
||||
+ PROV_DESCS_ED448 }, */
|
||||
#endif
|
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
|
||||
PROV_DESCS_TLS1_PRF_SIGN },
|
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||
index 2057378d3d..4b80bb70b9 100644
|
||||
--- a/providers/fips/self_test_data.inc
|
||||
+++ b/providers/fips/self_test_data.inc
|
||||
@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
|
||||
/*- CIPHER TEST DATA */
|
||||
|
||||
/* DES3 test data */
|
||||
+#if 0
|
||||
static const unsigned char des_ede3_cbc_pt[] = {
|
||||
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
|
||||
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
|
||||
@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = {
|
||||
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
|
||||
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
|
||||
};
|
||||
-
|
||||
+#endif
|
||||
/* AES-256 GCM test data */
|
||||
static const unsigned char aes_256_gcm_key[] = {
|
||||
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
|
||||
@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = {
|
||||
# endif /* OPENSSL_NO_EC2M */
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
-#ifndef OPENSSL_NO_DSA
|
||||
/* dsa 2048 */
|
||||
+#if 0
|
||||
+#ifndef OPENSSL_NO_DSA
|
||||
static const unsigned char dsa_p[] = {
|
||||
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
|
||||
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
|
||||
@@ -1590,6 +1592,7 @@ static const ST_KAT_PARAM dsa_key[] = {
|
||||
ST_KAT_PARAM_END()
|
||||
};
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
+#endif
|
||||
|
||||
/* Hash DRBG inputs for signature KATs */
|
||||
static const unsigned char sig_kat_entropyin[] = {
|
||||
@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
},
|
||||
# endif
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
+#if 0
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{
|
||||
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
||||
@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
||||
ITM(dsa_expected_sig)
|
||||
},
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
+#endif
|
||||
};
|
||||
|
||||
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
|
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||
index d4261e8f7d..2a5504d104 100644
|
||||
--- a/providers/implementations/signature/rsa_sig.c
|
||||
+++ b/providers/implementations/signature/rsa_sig.c
|
||||
@@ -689,6 +689,14 @@ static int rsa_verify_recover(void *vprsactx,
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
int ret;
|
||||
+# ifdef FIPS_MODULE
|
||||
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
||||
+
|
||||
+ if (rsabits < 2048) {
|
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+# endif
|
||||
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
@@ -777,6 +790,14 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
|
||||
{
|
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||
size_t rslen;
|
||||
+# ifdef FIPS_MODULE
|
||||
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
||||
+
|
||||
+ if (rsabits < 2048) {
|
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
+# endif
|
||||
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
||||
index a5e60e8839..f9af07d12b 100644
|
||||
--- a/ssl/ssl_ciph.c
|
||||
+++ b/ssl/ssl_ciph.c
|
||||
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
|
||||
ctx->disabled_mkey_mask = 0;
|
||||
ctx->disabled_auth_mask = 0;
|
||||
|
||||
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
|
||||
+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
|
||||
+
|
||||
/*
|
||||
* We ignore any errors from the fetches below. They are expected to fail
|
||||
* if theose algorithms are not available.
|
||||
diff --git a/test/acvp_test.c b/test/acvp_test.c
|
||||
index fee880d441..13d7a0ea8b 100644
|
||||
--- a/test/acvp_test.c
|
||||
+++ b/test/acvp_test.c
|
||||
@@ -1476,6 +1476,7 @@ int setup_tests(void)
|
||||
OSSL_NELEM(dh_safe_prime_keyver_data));
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
|
||||
+#if 0 /* SUSE FIPS provider doesn't have fips=yes property on DSA */
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
|
||||
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
|
||||
@@ -1483,6 +1484,7 @@ int setup_tests(void)
|
||||
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
|
||||
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
+#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
|
||||
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
||||
index 9a437d8c64..53385028fc 100644
|
||||
--- a/test/endecode_test.c
|
||||
+++ b/test/endecode_test.c
|
||||
@@ -1407,6 +1407,7 @@ int setup_tests(void)
|
||||
* so no legacy tests.
|
||||
*/
|
||||
#endif
|
||||
+ if (is_fips == 0) {
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
ADD_TEST_SUITE(DSA);
|
||||
ADD_TEST_SUITE_PARAMS(DSA);
|
||||
@@ -1417,6 +1418,7 @@ int setup_tests(void)
|
||||
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
|
||||
# endif
|
||||
#endif
|
||||
+ }
|
||||
#ifndef OPENSSL_NO_EC
|
||||
ADD_TEST_SUITE(EC);
|
||||
ADD_TEST_SUITE_PARAMS(EC);
|
||||
@@ -1431,10 +1433,12 @@ int setup_tests(void)
|
||||
ADD_TEST_SUITE(ECExplicitTri2G);
|
||||
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
|
||||
# endif
|
||||
+ if (is_fips == 0) {
|
||||
ADD_TEST_SUITE(ED25519);
|
||||
ADD_TEST_SUITE(ED448);
|
||||
ADD_TEST_SUITE(X25519);
|
||||
ADD_TEST_SUITE(X448);
|
||||
+ }
|
||||
/*
|
||||
* ED25519, ED448, X25519 and X448 have no support for
|
||||
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
|
||||
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
|
||||
index 2448c35a14..a7913cda4c 100644
|
||||
--- a/test/evp_libctx_test.c
|
||||
+++ b/test/evp_libctx_test.c
|
||||
@@ -21,6 +21,7 @@
|
||||
*/
|
||||
#include "internal/deprecated.h"
|
||||
#include <assert.h>
|
||||
+#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/provider.h>
|
||||
#include <openssl/dsa.h>
|
||||
@@ -726,7 +727,9 @@ int setup_tests(void)
|
||||
return 0;
|
||||
|
||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
|
||||
- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
|
||||
+ if (strcmp(prov_name, "fips") != 0) {
|
||||
+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
|
||||
+ }
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
|
||||
@@ -746,7 +749,9 @@ int setup_tests(void)
|
||||
ADD_TEST(kem_invalid_keytype);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
- ADD_TEST(test_cipher_tdes_randkey);
|
||||
+ if (strcmp(prov_name, "fips") != 0) {
|
||||
+ ADD_TEST(test_cipher_tdes_randkey);
|
||||
+ }
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
|
||||
index b495b08bda..69bd299521 100644
|
||||
--- a/test/recipes/15-test_gendsa.t
|
||||
+++ b/test/recipes/15-test_gendsa.t
|
||||
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
|
||||
plan skip_all => "This test is unsupported in a no-dsa build"
|
||||
if disabled("dsa");
|
||||
|
||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
+my $no_fips = 1;
|
||||
|
||||
plan tests =>
|
||||
($no_fips ? 0 : 2) # FIPS related tests
|
||||
diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
|
||||
index 6d3c5ba1bb..2ba47b5fca 100644
|
||||
--- a/test/recipes/20-test_cli_fips.t
|
||||
+++ b/test/recipes/20-test_cli_fips.t
|
||||
@@ -273,8 +273,7 @@ SKIP: {
|
||||
}
|
||||
|
||||
SKIP : {
|
||||
- skip "FIPS DSA tests because of no dsa in this build", 1
|
||||
- if disabled("dsa");
|
||||
+ skip "FIPS DSA tests because of no dsa in this build", 1;
|
||||
|
||||
subtest DSA => sub {
|
||||
my $testtext_prefix = 'DSA';
|
||||
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
|
||||
index 9d7040ced2..f8beb538d4 100644
|
||||
--- a/test/recipes/30-test_evp.t
|
||||
+++ b/test/recipes/30-test_evp.t
|
||||
@@ -42,10 +42,8 @@ my @files = qw(
|
||||
evpciph_aes_cts.txt
|
||||
evpciph_aes_wrap.txt
|
||||
evpciph_aes_stitched.txt
|
||||
- evpciph_des3_common.txt
|
||||
evpkdf_hkdf.txt
|
||||
evpkdf_kbkdf_counter.txt
|
||||
- evpkdf_kbkdf_kmac.txt
|
||||
evpkdf_pbkdf1.txt
|
||||
evpkdf_pbkdf2.txt
|
||||
evpkdf_ss.txt
|
||||
@@ -65,12 +63,6 @@ push @files, qw(
|
||||
evppkey_ffdhe.txt
|
||||
evppkey_dh.txt
|
||||
) unless $no_dh;
|
||||
-push @files, qw(
|
||||
- evpkdf_x942_des.txt
|
||||
- evpmac_cmac_des.txt
|
||||
- ) unless $no_des;
|
||||
-push @files, qw(evppkey_dsa.txt) unless $no_dsa;
|
||||
-push @files, qw(evppkey_ecx.txt) unless $no_ec;
|
||||
push @files, qw(
|
||||
evppkey_ecc.txt
|
||||
evppkey_ecdh.txt
|
||||
@@ -91,6 +83,7 @@ my @defltfiles = qw(
|
||||
evpciph_cast5.txt
|
||||
evpciph_chacha.txt
|
||||
evpciph_des.txt
|
||||
+ evpciph_des3_common.txt
|
||||
evpciph_idea.txt
|
||||
evpciph_rc2.txt
|
||||
evpciph_rc4.txt
|
||||
@@ -114,10 +107,17 @@ my @defltfiles = qw(
|
||||
evpmd_whirlpool.txt
|
||||
evppbe_scrypt.txt
|
||||
evppbe_pkcs12.txt
|
||||
+ evpkdf_kbkdf_kmac.txt
|
||||
evppkey_kdf_scrypt.txt
|
||||
evppkey_kdf_tls1_prf.txt
|
||||
evppkey_rsa.txt
|
||||
);
|
||||
+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa;
|
||||
+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec;
|
||||
+push @defltfiles, qw(
|
||||
+ evpkdf_x942_des.txt
|
||||
+ evpmac_cmac_des.txt
|
||||
+ ) unless $no_des;
|
||||
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
|
||||
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
|
||||
|
||||
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
|
||||
index 93195df97c..315413cd9b 100644
|
||||
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
|
||||
@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C
|
||||
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
|
||||
Result = MAC_INIT_ERROR
|
||||
|
||||
+Availablein = default
|
||||
Title = KMAC Tests (From NIST)
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
@@ -350,12 +351,14 @@ Ctrl = xof:0
|
||||
OutputSize = 32
|
||||
BlockSize = 168
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
Custom = "My Tagged Application"
|
||||
Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -363,6 +366,7 @@ Custom = "My Tagged Application"
|
||||
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
|
||||
Ctrl = size:32
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
|
||||
OutputSize = 64
|
||||
BlockSize = 136
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
Custom = ""
|
||||
Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -386,12 +392,14 @@ Ctrl = size:64
|
||||
|
||||
Title = KMAC XOF Tests (From NIST)
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
|
||||
XOF = 1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
@@ -399,6 +407,7 @@ Custom = "My Tagged Application"
|
||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
|
||||
XOF = 1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
|
||||
XOF = 1
|
||||
Ctrl = size:32
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
@@ -414,6 +424,7 @@ Custom = "My Tagged Application"
|
||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
|
||||
XOF = 1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -421,6 +432,7 @@ Custom = ""
|
||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
|
||||
XOF = 1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -431,6 +443,7 @@ XOF = 1
|
||||
|
||||
Title = KMAC long customisation string (from NIST ACVP)
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
|
||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
|
||||
@@ -441,12 +454,14 @@ XOF = 1
|
||||
|
||||
Title = KMAC XOF Tests via ctrl (From NIST)
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
|
||||
Ctrl = xof:1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
@@ -454,6 +469,7 @@ Custom = "My Tagged Application"
|
||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
|
||||
Ctrl = xof:1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
|
||||
Ctrl = xof:1
|
||||
Ctrl = size:32
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 00010203
|
||||
@@ -469,6 +486,7 @@ Custom = "My Tagged Application"
|
||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
|
||||
Ctrl = xof:1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -476,6 +494,7 @@ Custom = ""
|
||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
|
||||
Ctrl = xof:1
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -486,6 +505,7 @@ Ctrl = xof:1
|
||||
|
||||
Title = KMAC long customisation string via ctrl (from NIST ACVP)
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
|
||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
|
||||
@@ -496,6 +516,7 @@ Ctrl = xof:1
|
||||
|
||||
Title = KMAC long customisation string negative test
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC128
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR
|
||||
|
||||
Title = KMAC output is too large
|
||||
|
||||
+Availablein = default
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||
index 40dd585c18..cbec426137 100644
|
||||
--- a/test/recipes/80-test_cms.t
|
||||
+++ b/test/recipes/80-test_cms.t
|
||||
@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content DER format, DSA key",
|
||||
+ [ "signed content DER format, DSA key, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
|
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||
@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed detached content DER format, DSA key",
|
||||
+ [ "signed detached content DER format, DSA key, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
||||
@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed detached content DER format, add RSA signer (with DSA existing)",
|
||||
+ [ "signed detached content DER format, add RSA signer (with DSA existing), no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
||||
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
|
||||
@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming BER format, DSA key",
|
||||
+ [ "signed content test streaming BER format, DSA key, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-nodetach", "-stream",
|
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
||||
@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
|
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-nodetach", "-stream",
|
||||
"-signer", $smrsa1,
|
||||
@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
|
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-noattr", "-nodetach", "-stream",
|
||||
"-signer", $smrsa1,
|
||||
@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = (
|
||||
\&zero_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
|
||||
+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
|
||||
"-signer", $smrsa1,
|
||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
||||
@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
|
||||
+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont,
|
||||
"-signer", $smrsa1,
|
||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
||||
@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = (
|
||||
|
||||
my @smime_cms_tests = (
|
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
|
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
||||
"-nodetach", "-keyid",
|
||||
"-signer", $smrsa1,
|
||||
@@ -261,7 +261,7 @@ my @smime_cms_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
|
||||
+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
|
||||
"-signer", $smrsa1,
|
||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
||||
@@ -371,7 +371,7 @@ my @smime_cms_tests = (
|
||||
\&final_compare
|
||||
],
|
||||
|
||||
- [ "encrypted content test streaming PEM format, triple DES key",
|
||||
+ [ "encrypted content test streaming PEM format, triple DES key, no SUSE FIPS",
|
||||
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
|
||||
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
|
||||
"-stream", "-out", "{output}.cms" ],
|
||||
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
|
||||
index 50b74a1e29..e2dcb68fb5 100644
|
||||
--- a/test/recipes/80-test_ssl_old.t
|
||||
+++ b/test/recipes/80-test_ssl_old.t
|
||||
@@ -436,7 +436,7 @@ sub testssl {
|
||||
my @exkeys = ();
|
||||
my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
|
||||
|
||||
- if (!$no_dsa) {
|
||||
+ if (!$no_dsa && $provider ne "fips") {
|
||||
push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
149
openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
149
openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
@ -0,0 +1,149 @@
|
||||
From a325a23bc83f4efd60130001c417ca5b96bdbff1 Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Thu, 17 Nov 2022 19:33:02 +0100
|
||||
Subject: [PATCH] signature: Add indicator for PSS salt length
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
|
||||
5.5 "PKCS #1" says: "For RSASSA-PSS [...] the length (in bytes) of the
|
||||
salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
|
||||
the hash function output block (in bytes)."
|
||||
|
||||
It is not exactly clear from this text whether hLen refers to the
|
||||
message digest or the hash function used for the mask generation
|
||||
function MGF1. PKCS#1 v2.1 suggests it is the former:
|
||||
|
||||
| Typical salt lengths in octets are hLen (the length of the output of
|
||||
| the hash function Hash) and 0. In both cases the security of
|
||||
| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1.
|
||||
| Bellare and Rogaway [4] give a tight lower bound for the security of
|
||||
| the original RSA-PSS scheme, which corresponds roughly to the former
|
||||
| case, while Coron [12] gives a lower bound for the related Full Domain
|
||||
| Hashing scheme, which corresponds roughly to the latter case. In [13]
|
||||
| Coron provides a general treatment with various salt lengths ranging
|
||||
| from 0 to hLen; see [27] for discussion. See also [31], which adapts
|
||||
| the security proofs in [4][13] to address the differences between the
|
||||
| original and the present version of RSA-PSS as listed in Note 1 above.
|
||||
|
||||
Since OpenSSL defaults to creating signatures with the maximum salt
|
||||
length, blocking the use of longer salts would probably lead to
|
||||
significant problems in practice. Instead, introduce an explicit
|
||||
indicator that can be obtained from the EVP_PKEY_CTX object using
|
||||
EVP_PKEY_CTX_get_params() with the
|
||||
OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR
|
||||
parameter.
|
||||
|
||||
We also add indicator for RSA_NO_PADDING here to avoid patch-over-patch.
|
||||
Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
include/openssl/evp.h | 4 ++++
|
||||
providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++
|
||||
util/perl/OpenSSL/paramnames.pm | 23 ++++++++++---------
|
||||
3 files changed, 37 insertions(+), 11 deletions(-)
|
||||
|
||||
Index: openssl-3.1.4/include/openssl/evp.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/evp.h
|
||||
+++ openssl-3.1.4/include/openssl/evp.h
|
||||
@@ -801,6 +801,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CT
|
||||
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
|
||||
int *outl);
|
||||
|
||||
+# define EVP_SIGNATURE_SUSE_FIPS_INDICATOR_UNDETERMINED 0
|
||||
+# define EVP_SIGNATURE_SUSE_FIPS_INDICATOR_APPROVED 1
|
||||
+# define EVP_SIGNATURE_SUSE_FIPS_INDICATOR_NOT_APPROVED 2
|
||||
+
|
||||
__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||
EVP_PKEY *pkey);
|
||||
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
@@ -1167,6 +1167,24 @@ static int rsa_get_ctx_params(void *vprs
|
||||
}
|
||||
}
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR);
|
||||
+ if (p != NULL) {
|
||||
+ int fips_indicator = EVP_SIGNATURE_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||
+ if (prsactx->md == NULL) {
|
||||
+ fips_indicator = EVP_SIGNATURE_SUSE_FIPS_INDICATOR_UNDETERMINED;
|
||||
+ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) {
|
||||
+ fips_indicator = EVP_SIGNATURE_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ } else if (prsactx->pad_mode == RSA_NO_PADDING) {
|
||||
+ if (prsactx->md == NULL) /* Should always be the case */
|
||||
+ fips_indicator = EVP_SIGNATURE_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
+ }
|
||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -1176,6 +1194,9 @@ static const OSSL_PARAM known_gettable_c
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
Index: openssl-3.1.4/include/openssl/core_names.h
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/include/openssl/core_names.h
|
||||
+++ openssl-3.1.4/include/openssl/core_names.h
|
||||
@@ -458,6 +458,7 @@ extern "C" {
|
||||
#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \
|
||||
OSSL_PKEY_PARAM_MGF1_PROPERTIES
|
||||
#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
|
||||
+#define OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator"
|
||||
|
||||
/* Asym cipher parameters */
|
||||
#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
|
||||
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
|
||||
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
|
||||
@@ -696,8 +696,13 @@ static int rsa_verify_recover(void *vprs
|
||||
size_t rsabits = RSA_bits(prsactx->rsa);
|
||||
|
||||
if (rsabits < 2048) {
|
||||
- ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
- return 0;
|
||||
+ if (rsabits != 1024
|
||||
+ && rsabits != 1280
|
||||
+ && rsabits != 1536
|
||||
+ && rsabits != 1792) {
|
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
# endif
|
||||
|
||||
@@ -792,8 +797,13 @@ static int rsa_verify(void *vprsactx, co
|
||||
size_t rsabits = RSA_bits(prsactx->rsa);
|
||||
|
||||
if (rsabits < 2048) {
|
||||
- ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
- return 0;
|
||||
+ if (rsabits != 1024
|
||||
+ && rsabits != 1280
|
||||
+ && rsabits != 1536
|
||||
+ && rsabits != 1792) {
|
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
# endif
|
||||
|
@ -11,10 +11,10 @@ Patch-status: |
|
||||
crypto/provider_conf.c | 28 +++++++++++++++++++++++++++-
|
||||
1 file changed, 27 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
|
||||
index 058fb58837..5274265a70 100644
|
||||
--- a/crypto/provider_conf.c
|
||||
+++ b/crypto/provider_conf.c
|
||||
Index: openssl-3.1.4/crypto/provider_conf.c
|
||||
===================================================================
|
||||
--- openssl-3.1.4.orig/crypto/provider_conf.c
|
||||
+++ openssl-3.1.4/crypto/provider_conf.c
|
||||
@@ -10,6 +10,8 @@
|
||||
#include <string.h>
|
||||
#include <openssl/trace.h>
|
||||
@ -24,7 +24,7 @@ index 058fb58837..5274265a70 100644
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/safestack.h>
|
||||
#include <openssl/provider.h>
|
||||
@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
|
||||
@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_L
|
||||
if (path != NULL)
|
||||
ossl_provider_set_module_path(prov, path);
|
||||
|
||||
@ -33,7 +33,16 @@ index 058fb58837..5274265a70 100644
|
||||
|
||||
if (ok) {
|
||||
if (!ossl_provider_activate(prov, 1, 0)) {
|
||||
@@ -309,6 +311,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
|
||||
@@ -197,6 +199,8 @@ static int provider_conf_activate(OSSL_L
|
||||
}
|
||||
if (!ok)
|
||||
ossl_provider_free(prov);
|
||||
+ } else {
|
||||
+ ok = 1;
|
||||
}
|
||||
CRYPTO_THREAD_unlock(pcgbl->lock);
|
||||
|
||||
@@ -309,6 +313,33 @@ static int provider_conf_init(CONF_IMODU
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -55,6 +64,9 @@ index 058fb58837..5274265a70 100644
|
||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+ /* provider_conf_load can return 1 even when the test is failed so check explicitly */
|
||||
+ if (OSSL_PROVIDER_available(libctx, "fips") != 1)
|
||||
+ return 0;
|
||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
||||
+ return 0;
|
||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
||||
@ -64,5 +76,3 @@ index 058fb58837..5274265a70 100644
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
270
openssl-Remove-EC-curves.patch
Normal file
270
openssl-Remove-EC-curves.patch
Normal file
@ -0,0 +1,270 @@
|
||||
From 4a275f852b61238161c053774736dc07b3ade200 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 11:46:40 +0200
|
||||
Subject: [PATCH 11/48] 0011-Remove-EC-curves.patch
|
||||
|
||||
Patch-name: 0011-Remove-EC-curves.patch
|
||||
Patch-id: 11
|
||||
Patch-status: |
|
||||
# remove unsupported EC curves
|
||||
---
|
||||
apps/speed.c | 8 +---
|
||||
crypto/evp/ec_support.c | 87 ------------------------------------
|
||||
test/acvp_test.inc | 9 ----
|
||||
test/ecdsatest.h | 17 -------
|
||||
test/recipes/15-test_genec.t | 27 -----------
|
||||
5 files changed, 1 insertion(+), 147 deletions(-)
|
||||
|
||||
diff --git a/apps/speed.c b/apps/speed.c
|
||||
index cace25eda1..d527f12f18 100644
|
||||
--- a/apps/speed.c
|
||||
+++ b/apps/speed.c
|
||||
@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
|
||||
enum ec_curves_t {
|
||||
- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
||||
+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
|
||||
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
|
||||
@@ -395,8 +395,6 @@ enum ec_curves_t {
|
||||
};
|
||||
/* list of ecdsa curves */
|
||||
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
||||
- {"ecdsap160", R_EC_P160},
|
||||
- {"ecdsap192", R_EC_P192},
|
||||
{"ecdsap224", R_EC_P224},
|
||||
{"ecdsap256", R_EC_P256},
|
||||
{"ecdsap384", R_EC_P384},
|
||||
@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
||||
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
|
||||
/* list of ecdh curves, extension of |ecdsa_choices| list above */
|
||||
static const OPT_PAIR ecdh_choices[EC_NUM] = {
|
||||
- {"ecdhp160", R_EC_P160},
|
||||
- {"ecdhp192", R_EC_P192},
|
||||
{"ecdhp224", R_EC_P224},
|
||||
{"ecdhp256", R_EC_P256},
|
||||
{"ecdhp384", R_EC_P384},
|
||||
@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv)
|
||||
*/
|
||||
static const EC_CURVE ec_curves[EC_NUM] = {
|
||||
/* Prime Curves */
|
||||
- {"secp160r1", NID_secp160r1, 160},
|
||||
- {"nistp192", NID_X9_62_prime192v1, 192},
|
||||
{"nistp224", NID_secp224r1, 224},
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
|
||||
index 1ec10143d2..82b95294b4 100644
|
||||
--- a/crypto/evp/ec_support.c
|
||||
+++ b/crypto/evp/ec_support.c
|
||||
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
|
||||
static const EC_NAME2NID curve_list[] = {
|
||||
/* prime field curves */
|
||||
/* secg curves */
|
||||
- {"secp112r1", NID_secp112r1 },
|
||||
- {"secp112r2", NID_secp112r2 },
|
||||
- {"secp128r1", NID_secp128r1 },
|
||||
- {"secp128r2", NID_secp128r2 },
|
||||
- {"secp160k1", NID_secp160k1 },
|
||||
- {"secp160r1", NID_secp160r1 },
|
||||
- {"secp160r2", NID_secp160r2 },
|
||||
- {"secp192k1", NID_secp192k1 },
|
||||
- {"secp224k1", NID_secp224k1 },
|
||||
{"secp224r1", NID_secp224r1 },
|
||||
{"secp256k1", NID_secp256k1 },
|
||||
{"secp384r1", NID_secp384r1 },
|
||||
{"secp521r1", NID_secp521r1 },
|
||||
/* X9.62 curves */
|
||||
- {"prime192v1", NID_X9_62_prime192v1 },
|
||||
- {"prime192v2", NID_X9_62_prime192v2 },
|
||||
- {"prime192v3", NID_X9_62_prime192v3 },
|
||||
- {"prime239v1", NID_X9_62_prime239v1 },
|
||||
- {"prime239v2", NID_X9_62_prime239v2 },
|
||||
- {"prime239v3", NID_X9_62_prime239v3 },
|
||||
{"prime256v1", NID_X9_62_prime256v1 },
|
||||
/* characteristic two field curves */
|
||||
/* NIST/SECG curves */
|
||||
- {"sect113r1", NID_sect113r1 },
|
||||
- {"sect113r2", NID_sect113r2 },
|
||||
- {"sect131r1", NID_sect131r1 },
|
||||
- {"sect131r2", NID_sect131r2 },
|
||||
- {"sect163k1", NID_sect163k1 },
|
||||
- {"sect163r1", NID_sect163r1 },
|
||||
- {"sect163r2", NID_sect163r2 },
|
||||
- {"sect193r1", NID_sect193r1 },
|
||||
- {"sect193r2", NID_sect193r2 },
|
||||
- {"sect233k1", NID_sect233k1 },
|
||||
- {"sect233r1", NID_sect233r1 },
|
||||
- {"sect239k1", NID_sect239k1 },
|
||||
- {"sect283k1", NID_sect283k1 },
|
||||
- {"sect283r1", NID_sect283r1 },
|
||||
- {"sect409k1", NID_sect409k1 },
|
||||
- {"sect409r1", NID_sect409r1 },
|
||||
- {"sect571k1", NID_sect571k1 },
|
||||
- {"sect571r1", NID_sect571r1 },
|
||||
- /* X9.62 curves */
|
||||
- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
|
||||
- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
|
||||
- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
|
||||
- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
|
||||
- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
|
||||
- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
|
||||
- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
|
||||
- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
|
||||
- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
|
||||
- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
|
||||
- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
|
||||
- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
|
||||
- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
|
||||
- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
|
||||
- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
|
||||
- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
|
||||
- /*
|
||||
- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
|
||||
- * from X9.62]
|
||||
- */
|
||||
- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
|
||||
- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
|
||||
- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
|
||||
- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
|
||||
- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
|
||||
- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
|
||||
- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
|
||||
- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
|
||||
- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
|
||||
- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
|
||||
- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
|
||||
- /* IPSec curves */
|
||||
- {"Oakley-EC2N-3", NID_ipsec3 },
|
||||
- {"Oakley-EC2N-4", NID_ipsec4 },
|
||||
/* brainpool curves */
|
||||
- {"brainpoolP160r1", NID_brainpoolP160r1 },
|
||||
- {"brainpoolP160t1", NID_brainpoolP160t1 },
|
||||
- {"brainpoolP192r1", NID_brainpoolP192r1 },
|
||||
- {"brainpoolP192t1", NID_brainpoolP192t1 },
|
||||
- {"brainpoolP224r1", NID_brainpoolP224r1 },
|
||||
- {"brainpoolP224t1", NID_brainpoolP224t1 },
|
||||
{"brainpoolP256r1", NID_brainpoolP256r1 },
|
||||
{"brainpoolP256t1", NID_brainpoolP256t1 },
|
||||
{"brainpoolP320r1", NID_brainpoolP320r1 },
|
||||
@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name)
|
||||
/* Functions to translate between common NIST curve names and NIDs */
|
||||
|
||||
static const EC_NAME2NID nist_curves[] = {
|
||||
- {"B-163", NID_sect163r2},
|
||||
- {"B-233", NID_sect233r1},
|
||||
- {"B-283", NID_sect283r1},
|
||||
- {"B-409", NID_sect409r1},
|
||||
- {"B-571", NID_sect571r1},
|
||||
- {"K-163", NID_sect163k1},
|
||||
- {"K-233", NID_sect233k1},
|
||||
- {"K-283", NID_sect283k1},
|
||||
- {"K-409", NID_sect409k1},
|
||||
- {"K-571", NID_sect571k1},
|
||||
- {"P-192", NID_X9_62_prime192v1},
|
||||
{"P-224", NID_secp224r1},
|
||||
{"P-256", NID_X9_62_prime256v1},
|
||||
{"P-384", NID_secp384r1},
|
||||
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
|
||||
index ad11d3ae1e..894a0bff9d 100644
|
||||
--- a/test/acvp_test.inc
|
||||
+++ b/test/acvp_test.inc
|
||||
@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
|
||||
0xB1, 0xAC,
|
||||
};
|
||||
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
|
||||
- {
|
||||
- "SHA-1",
|
||||
- "P-192",
|
||||
- ITM(ecdsa_sigver_msg0),
|
||||
- ITM(ecdsa_sigver_pub0),
|
||||
- ITM(ecdsa_sigver_r0),
|
||||
- ITM(ecdsa_sigver_s0),
|
||||
- PASS,
|
||||
- },
|
||||
{
|
||||
"SHA2-512",
|
||||
"P-521",
|
||||
diff --git a/test/ecdsatest.h b/test/ecdsatest.h
|
||||
index 63fe319025..06b5c0aac5 100644
|
||||
--- a/test/ecdsatest.h
|
||||
+++ b/test/ecdsatest.h
|
||||
@@ -32,23 +32,6 @@ typedef struct {
|
||||
} ecdsa_cavs_kat_t;
|
||||
|
||||
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
||||
- /* prime KATs from X9.62 */
|
||||
- {NID_X9_62_prime192v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
||||
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
||||
- "5ca5c0d69716dfcb3474373902",
|
||||
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
||||
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
||||
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
||||
- {NID_X9_62_prime239v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
||||
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
||||
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
||||
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
||||
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
||||
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
||||
/* prime KATs from NIST CAVP */
|
||||
{NID_secp224r1, NID_sha224,
|
||||
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
||||
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
|
||||
index 2dfed387ca..c733b68f83 100644
|
||||
--- a/test/recipes/15-test_genec.t
|
||||
+++ b/test/recipes/15-test_genec.t
|
||||
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
|
||||
if disabled("ec");
|
||||
|
||||
my @prime_curves = qw(
|
||||
- secp112r1
|
||||
- secp112r2
|
||||
- secp128r1
|
||||
- secp128r2
|
||||
- secp160k1
|
||||
- secp160r1
|
||||
- secp160r2
|
||||
- secp192k1
|
||||
- secp224k1
|
||||
secp224r1
|
||||
secp256k1
|
||||
secp384r1
|
||||
secp521r1
|
||||
- prime192v1
|
||||
- prime192v2
|
||||
- prime192v3
|
||||
- prime239v1
|
||||
- prime239v2
|
||||
- prime239v3
|
||||
prime256v1
|
||||
- wap-wsg-idm-ecid-wtls6
|
||||
- wap-wsg-idm-ecid-wtls7
|
||||
- wap-wsg-idm-ecid-wtls8
|
||||
- wap-wsg-idm-ecid-wtls9
|
||||
- wap-wsg-idm-ecid-wtls12
|
||||
- brainpoolP160r1
|
||||
- brainpoolP160t1
|
||||
- brainpoolP192r1
|
||||
- brainpoolP192t1
|
||||
- brainpoolP224r1
|
||||
- brainpoolP224t1
|
||||
brainpoolP256r1
|
||||
brainpoolP256t1
|
||||
brainpoolP320r1
|
||||
@@ -136,7 +110,6 @@ push(@other_curves, 'SM2')
|
||||
if !disabled("sm2");
|
||||
|
||||
my @curve_aliases = qw(
|
||||
- P-192
|
||||
P-224
|
||||
P-256
|
||||
P-384
|
||||
--
|
||||
2.41.0
|
||||
|
171
openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
Normal file
171
openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
Normal file
@ -0,0 +1,171 @@
|
||||
Subject: [PATCH] Revert "Improve FIPS RSA keygen performance."
|
||||
|
||||
This reverts commit 3431dd4b3ee7933822586aab62972de4d8c0e9e5.
|
||||
---
|
||||
crypto/bn/bn_prime.c | 11 --------
|
||||
crypto/bn/bn_rsa_fips186_4.c | 49 ++++++------------------------------
|
||||
include/crypto/bn.h | 2 --
|
||||
3 files changed, 8 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
|
||||
index 79776f1ce5..ddd31a0252 100644
|
||||
--- a/crypto/bn/bn_prime.c
|
||||
+++ b/crypto/bn/bn_prime.c
|
||||
@@ -252,17 +252,6 @@ int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
|
||||
return bn_is_prime_int(w, checks, ctx, do_trial_division, cb);
|
||||
}
|
||||
|
||||
-/*
|
||||
- * Use this only for key generation.
|
||||
- * It always uses trial division. The number of checks
|
||||
- * (MR rounds) passed in is used without being clamped to a minimum value.
|
||||
- */
|
||||
-int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
|
||||
- BN_GENCB *cb)
|
||||
-{
|
||||
- return bn_is_prime_int(w, checks, ctx, 1, cb);
|
||||
-}
|
||||
-
|
||||
int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
|
||||
{
|
||||
return ossl_bn_check_prime(p, 0, ctx, 1, cb);
|
||||
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
|
||||
index e9f0d4038c..8a7b2ecf2f 100644
|
||||
--- a/crypto/bn/bn_rsa_fips186_4.c
|
||||
+++ b/crypto/bn/bn_rsa_fips186_4.c
|
||||
@@ -48,34 +48,6 @@ const BIGNUM ossl_bn_inv_sqrt_2 = {
|
||||
BN_FLG_STATIC_DATA
|
||||
};
|
||||
|
||||
-/*
|
||||
- * Refer to FIPS 186-5 Table B.1 for minimum rounds of Miller Rabin
|
||||
- * required for generation of RSA aux primes (p1, p2, q1 and q2).
|
||||
- */
|
||||
-static int bn_rsa_fips186_5_aux_prime_MR_rounds(int nbits)
|
||||
-{
|
||||
- if (nbits >= 4096)
|
||||
- return 44;
|
||||
- if (nbits >= 3072)
|
||||
- return 41;
|
||||
- if (nbits >= 2048)
|
||||
- return 38;
|
||||
- return 0; /* Error */
|
||||
-}
|
||||
-
|
||||
-/*
|
||||
- * Refer to FIPS 186-5 Table B.1 for minimum rounds of Miller Rabin
|
||||
- * required for generation of RSA primes (p and q)
|
||||
- */
|
||||
-static int bn_rsa_fips186_5_prime_MR_rounds(int nbits)
|
||||
-{
|
||||
- if (nbits >= 3072)
|
||||
- return 4;
|
||||
- if (nbits >= 2048)
|
||||
- return 5;
|
||||
- return 0; /* Error */
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* FIPS 186-5 Table A.1. "Min length of auxiliary primes p1, p2, q1, q2".
|
||||
* (FIPS 186-5 has an entry for >= 4096 bits).
|
||||
@@ -125,13 +97,11 @@ static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits)
|
||||
* Xp1 The passed in starting point to find a probably prime.
|
||||
* p1 The returned probable prime (first odd integer >= Xp1)
|
||||
* ctx A BN_CTX object.
|
||||
- * rounds The number of Miller Rabin rounds
|
||||
* cb An optional BIGNUM callback.
|
||||
* Returns: 1 on success otherwise it returns 0.
|
||||
*/
|
||||
static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1,
|
||||
BIGNUM *p1, BN_CTX *ctx,
|
||||
- int rounds,
|
||||
BN_GENCB *cb)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -147,7 +117,7 @@ static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1,
|
||||
i++;
|
||||
BN_GENCB_call(cb, 0, i);
|
||||
/* MR test with trial division */
|
||||
- tmp = ossl_bn_check_generated_prime(p1, rounds, ctx, cb);
|
||||
+ tmp = BN_check_prime(p1, ctx, cb);
|
||||
if (tmp > 0)
|
||||
break;
|
||||
if (tmp < 0)
|
||||
@@ -190,7 +160,7 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
|
||||
{
|
||||
int ret = 0;
|
||||
BIGNUM *p1i = NULL, *p2i = NULL, *Xp1i = NULL, *Xp2i = NULL;
|
||||
- int bitlen, rounds;
|
||||
+ int bitlen;
|
||||
|
||||
if (p == NULL || Xpout == NULL)
|
||||
return 0;
|
||||
@@ -207,7 +177,6 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
|
||||
bitlen = bn_rsa_fips186_5_aux_prime_min_size(nlen);
|
||||
if (bitlen == 0)
|
||||
goto err;
|
||||
- rounds = bn_rsa_fips186_5_aux_prime_MR_rounds(nlen);
|
||||
|
||||
/* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */
|
||||
if (Xp1 == NULL) {
|
||||
@@ -225,8 +194,8 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
|
||||
}
|
||||
|
||||
/* (Steps 4.2/5.2) - find first auxiliary probable primes */
|
||||
- if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, rounds, cb)
|
||||
- || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, rounds, cb))
|
||||
+ if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, cb)
|
||||
+ || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, cb))
|
||||
goto err;
|
||||
/* (Table B.1) auxiliary prime Max length check */
|
||||
if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >=
|
||||
@@ -274,11 +243,11 @@ err:
|
||||
*/
|
||||
int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
||||
const BIGNUM *r1, const BIGNUM *r2,
|
||||
- int nlen, const BIGNUM *e,
|
||||
- BN_CTX *ctx, BN_GENCB *cb)
|
||||
+ int nlen, const BIGNUM *e, BN_CTX *ctx,
|
||||
+ BN_GENCB *cb)
|
||||
{
|
||||
int ret = 0;
|
||||
- int i, imax, rounds;
|
||||
+ int i, imax;
|
||||
int bits = nlen >> 1;
|
||||
BIGNUM *tmp, *R, *r1r2x2, *y1, *r1x2;
|
||||
BIGNUM *base, *range;
|
||||
@@ -348,7 +317,6 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
||||
* The number has been updated to 20 * nlen/2 as used in
|
||||
* FIPS186-5 Appendix B.9 Step 9.
|
||||
*/
|
||||
- rounds = bn_rsa_fips186_5_prime_MR_rounds(nlen);
|
||||
imax = 20 * bits; /* max = 20/2 * nbits */
|
||||
for (;;) {
|
||||
if (Xin == NULL) {
|
||||
@@ -378,9 +346,8 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
||||
if (BN_copy(y1, Y) == NULL
|
||||
|| !BN_sub_word(y1, 1))
|
||||
goto err;
|
||||
-
|
||||
if (BN_are_coprime(y1, e, ctx)) {
|
||||
- int rv = ossl_bn_check_generated_prime(Y, rounds, ctx, cb);
|
||||
+ int rv = BN_check_prime(Y, ctx, cb);
|
||||
|
||||
if (rv > 0)
|
||||
goto end;
|
||||
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
|
||||
index 4d11e0e4b1..cf69bea848 100644
|
||||
--- a/include/crypto/bn.h
|
||||
+++ b/include/crypto/bn.h
|
||||
@@ -95,8 +95,6 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
|
||||
|
||||
int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
|
||||
BN_GENCB *cb, int enhanced, int *status);
|
||||
-int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
|
||||
- BN_GENCB *cb);
|
||||
|
||||
const BIGNUM *ossl_bn_get0_small_factors(void);
|
||||
|
||||
--
|
||||
2.44.0
|
||||
|
@ -0,0 +1,75 @@
|
||||
From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 16:12:33 +0200
|
||||
Subject: [PATCH 46/48]
|
||||
0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
|
||||
Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
|
||||
Patch-id: 112
|
||||
---
|
||||
providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++--
|
||||
1 file changed, 37 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
|
||||
index 11820d1e69..bae2238ab5 100644
|
||||
--- a/providers/implementations/kdfs/pbkdf2.c
|
||||
+++ b/providers/implementations/kdfs/pbkdf2.c
|
||||
@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx,
|
||||
|
||||
static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
+#ifdef FIPS_MODULE
|
||||
+ KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM *p;
|
||||
+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
|
||||
+
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
|
||||
+ any_valid = 1;
|
||||
+
|
||||
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR))
|
||||
+ != NULL) {
|
||||
+ int fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_APPROVED;
|
||||
+
|
||||
+ /* The lower_bound_checks parameter enables checks required by FIPS. If
|
||||
+ * those checks are disabled, the PBKDF2 implementation will also
|
||||
+ * support non-approved parameters (e.g., salt lengths < 16 bytes, see
|
||||
+ * NIST SP 800-132 section 5.1). */
|
||||
+ if (!ctx->lower_bound_checks)
|
||||
+ fips_indicator = EVP_KDF_SUSE_FIPS_INDICATOR_NOT_APPROVED;
|
||||
|
||||
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
|
||||
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||
- return -2;
|
||||
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
|
||||
+ return 0;
|
||||
+
|
||||
+ any_valid = 1;
|
||||
+ }
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
+
|
||||
+ if (!any_valid)
|
||||
+ return -2;
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
|
||||
@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
|
||||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
+#ifdef FIPS_MODULE
|
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR, NULL),
|
||||
+#endif /* defined(FIPS_MODULE) */
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
--
|
||||
2.41.0
|
||||
|
69
openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Normal file
69
openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Normal file
@ -0,0 +1,69 @@
|
||||
From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||||
Date: Mon, 21 Aug 2023 15:47:55 +0200
|
||||
Subject: [PATCH 39/48]
|
||||
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
|
||||
Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||
Patch-id: 84
|
||||
---
|
||||
providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
|
||||
1 file changed, 26 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
|
||||
index 349c3dd657..11820d1e69 100644
|
||||
--- a/providers/implementations/kdfs/pbkdf2.c
|
||||
+++ b/providers/implementations/kdfs/pbkdf2.c
|
||||
@@ -35,6 +35,21 @@
|
||||
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
|
||||
#define KDF_PBKDF2_MIN_ITERATIONS 1000
|
||||
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
|
||||
+/* The Implementation Guidance for FIPS 140-3 says in section D.N
|
||||
+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
|
||||
+ * shall document in the module’s Security Policy the length of
|
||||
+ * a password/passphrase used in key derivation and establish an upper bound
|
||||
+ * for the probability of having this parameter guessed at random. This
|
||||
+ * probability shall take into account not only the length of the
|
||||
+ * password/passphrase, but also the difficulty of guessing it. The decision on
|
||||
+ * the minimum length of a password used for key derivation is the vendor’s,
|
||||
+ * but the vendor shall at a minimum informally justify the decision."
|
||||
+ *
|
||||
+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
|
||||
+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
|
||||
+ * combined with an implicit indicator (i.e., returning an error) would cause
|
||||
+ * the module to fail ACVP testing. */
|
||||
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (20)
|
||||
|
||||
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
|
||||
static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
|
||||
@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
ctx->lower_bound_checks = pkcs5 == 0;
|
||||
}
|
||||
|
||||
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
|
||||
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
|
||||
+ if (ctx->lower_bound_checks != 0
|
||||
+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
|
||||
if (ctx->lower_bound_checks != 0
|
||||
@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
|
||||
}
|
||||
|
||||
if (lower_bound_checks) {
|
||||
+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
+ return 0;
|
||||
+ }
|
||||
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||
return 0;
|
||||
--
|
||||
2.41.0
|
||||
|
1102
openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
1102
openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
File diff suppressed because it is too large
Load Diff
58
openssl-skipped-tests-EC-curves.patch
Normal file
58
openssl-skipped-tests-EC-curves.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
||||
Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch
|
||||
|
||||
Patch-name: 0013-skipped-tests-EC-curves.patch
|
||||
Patch-id: 13
|
||||
Patch-status: |
|
||||
# Skipped tests from former 0011-Remove-EC-curves.patch
|
||||
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
||||
---
|
||||
test/recipes/15-test_ec.t | 2 +-
|
||||
test/recipes/65-test_cmp_protect.t | 2 +-
|
||||
test/recipes/65-test_cmp_vfy.t | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
|
||||
index 0638d626e7..c0efd77649 100644
|
||||
--- a/test/recipes/15-test_ec.t
|
||||
+++ b/test/recipes/15-test_ec.t
|
||||
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub {
|
||||
|
||||
subtest 'Check loading of fips and non-fips keys' => sub {
|
||||
plan skip_all => "FIPS is disabled"
|
||||
- if $no_fips;
|
||||
+ if 1; #SUSE specific, original value is $no_fips;
|
||||
|
||||
plan tests => 2;
|
||||
|
||||
diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
|
||||
index 631603df7c..4cb2ffebbc 100644
|
||||
--- a/test/recipes/65-test_cmp_protect.t
|
||||
+++ b/test/recipes/65-test_cmp_protect.t
|
||||
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
|
||||
plan skip_all => "This test is not supported in a shared library build on Windows"
|
||||
if $^O eq 'MSWin32' && !disabled("shared");
|
||||
|
||||
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
||||
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
||||
|
||||
my @basic_cmd = ("cmp_protect_test",
|
||||
data_file("server.pem"),
|
||||
diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
|
||||
index f722800e27..26a01786bb 100644
|
||||
--- a/test/recipes/65-test_cmp_vfy.t
|
||||
+++ b/test/recipes/65-test_cmp_vfy.t
|
||||
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
|
||||
plan skip_all => "This test is not supported in a no-ec build"
|
||||
if disabled("ec");
|
||||
|
||||
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
||||
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
||||
|
||||
my @basic_cmd = ("cmp_vfy_test",
|
||||
data_file("server.crt"), data_file("client.crt"),
|
||||
--
|
||||
2.41.0
|
||||
|
Loading…
Reference in New Issue
Block a user