From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Thu, 17 Nov 2022 13:53:31 +0100 Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov The current draft of FIPS 186-5 [1] no longer contains specifications for X9.31 signature padding. Instead, it contains the following information in Appendix E: > ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from > this standard. Since this situation is unlikely to change in future revisions of the draft, and future FIPS 140-3 validations of the provider will require X9.31 to be disabled or marked as not approved with an explicit indicator, disallow this padding mode now. Remove the X9.31 tests from the acvp test, since they will always fail now. [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf Signed-off-by: Clemens Lang --- providers/implementations/signature/rsa_sig.c | 6 + test/acvp_test.inc | 214 ------------------ 2 files changed, 6 insertions(+), 214 deletions(-) Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c =================================================================== --- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c +++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c @@ -1250,7 +1250,13 @@ static int rsa_set_ctx_params(void *vprs err_extra_text = "No padding not allowed with RSA-PSS"; goto cont; case RSA_X931_PADDING: +#ifndef FIPS_MODULE err_extra_text = "X.931 padding not allowed with RSA-PSS"; +#else /* !defined(FIPS_MODULE) */ + err_extra_text = "X.931 padding no longer allowed in FIPS mode," + " since it was removed from FIPS 186-5"; + goto bad_pad; +#endif /* !defined(FIPS_MODULE) */ cont: if (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) Index: openssl-3.1.4/test/acvp_test.inc =================================================================== --- openssl-3.1.4.orig/test/acvp_test.inc +++ openssl-3.1.4/test/acvp_test.inc @@ -1214,13 +1214,6 @@ static const struct rsa_siggen_st rsa_si NO_PSS_SALT_LEN, }, { - "x931", - 2048, - "SHA384", - ITM(rsa_siggen0_msg), - NO_PSS_SALT_LEN, - }, - { "pss", 2048, "SHA384", @@ -1631,202 +1624,6 @@ static const unsigned char rsa_sigverpss 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, }; -static const unsigned char rsa_sigverx931_0_n[] = { - 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad, - 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83, - 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87, - 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6, - 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c, - 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73, - 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10, - 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6, - 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79, - 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7, - 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b, - 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02, - 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41, - 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f, - 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf, - 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d, - 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54, - 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e, - 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04, - 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79, - 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16, - 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e, - 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b, - 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8, - 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89, - 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b, - 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62, - 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73, - 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b, - 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f, - 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77, - 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33, - 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66, - 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4, - 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c, - 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28, - 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8, - 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4, - 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0, - 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07, - 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60, - 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a, - 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e, - 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e, - 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81, - 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a, - 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45, - 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7, - -}; -static const unsigned char rsa_sigverx931_0_e[] = { - 0x01, 0x00, 0x01, -}; -static const unsigned char rsa_sigverx931_0_msg[] = { - 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47, - 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd, - 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9, - 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52, - 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41, - 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54, - 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c, - 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf, - 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47, - 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01, - 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f, - 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67, - 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41, - 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd, - 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca, - 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00, - -}; -static const unsigned char rsa_sigverx931_0_sig[] = { - 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb, - 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3, - 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e, - 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00, - 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18, - 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc, - 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5, - 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f, - 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75, - 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74, - 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4, - 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1, - 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19, - 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82, - 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef, - 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5, - 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2, - 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04, - 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf, - 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a, - 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c, - 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d, - 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74, - 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75, - 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd, - 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57, - 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07, - 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05, - 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c, - 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca, - 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57, - 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e, - 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a, - 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e, - 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b, - 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a, - 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10, - 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d, - 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52, - 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f, - 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda, - 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59, - 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37, - 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15, - 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec, - 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0, - 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13, - 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb, -}; - -#define rsa_sigverx931_1_n rsa_sigverx931_0_n -#define rsa_sigverx931_1_e rsa_sigverx931_0_e -static const unsigned char rsa_sigverx931_1_msg[] = { - 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8, - 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d, - 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9, - 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3, - 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26, - 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f, - 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2, - 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5, - 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42, - 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59, - 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd, - 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72, - 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45, - 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44, - 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42, - 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55, -}; - -static const unsigned char rsa_sigverx931_1_sig[] = { - 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5, - 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67, - 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95, - 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a, - 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3, - 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69, - 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23, - 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14, - 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75, - 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f, - 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37, - 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef, - 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60, - 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94, - 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93, - 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde, - 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b, - 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99, - 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb, - 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef, - 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6, - 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe, - 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9, - 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63, - 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9, - 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48, - 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd, - 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16, - 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8, - 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54, - 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66, - 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56, - 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99, - 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90, - 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3, - 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25, - 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34, - 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70, - 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75, - 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3, - 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53, - 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c, - 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07, - 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85, - 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab, - 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b, - 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4, - 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d, -}; - static const struct rsa_sigver_st rsa_sigver_data[] = { { "pkcs1", /* pkcs1v1.5 */ @@ -1850,28 +1647,6 @@ static const struct rsa_sigver_st rsa_si NO_PSS_SALT_LEN, FAIL }, - { - "x931", - 3072, - "SHA1", - ITM(rsa_sigverx931_0_msg), - ITM(rsa_sigverx931_0_n), - ITM(rsa_sigverx931_0_e), - ITM(rsa_sigverx931_0_sig), - NO_PSS_SALT_LEN, - PASS - }, - { - "x931", - 3072, - "SHA256", - ITM(rsa_sigverx931_1_msg), - ITM(rsa_sigverx931_1_n), - ITM(rsa_sigverx931_1_e), - ITM(rsa_sigverx931_1_sig), - NO_PSS_SALT_LEN, - FAIL - }, { "pss", 4096,