forked from pool/libgcrypt
Pedro Monreal Gonzalez
b5b243be7f
* Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
140 lines
5.2 KiB
Diff
140 lines
5.2 KiB
Diff
From 2f6d2db1a4c28775a568c1f81ca127d2daebaf1c Mon Sep 17 00:00:00 2001
|
|
From: Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>
|
|
Date: Wed, 26 Feb 2025 12:29:54 -0300
|
|
Subject: [PATCH 03/14] cipher: Differentiate use of label K in the SLI
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* cipher/ecc.c (ecc_sign, ecc_verify): Use of label K is not allowed in
|
|
fips mode, differentiate with the GCRY_FIPS_FLAG_REJECT_PK_ECC_K flag.
|
|
* src/gcrypt.h.in: New GCRY_FIPS_FLAG_REJECT_PK_ECC_K.
|
|
* tests/t-fips-service-ind.c (check_pk_hash_sign_verify): Mark non
|
|
compliant use of label.
|
|
|
|
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
|
|
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
|
|
---
|
|
cipher/ecc.c | 26 +++++++++++++++++++++++++-
|
|
src/gcrypt.h.in | 2 ++
|
|
tests/t-fips-service-ind.c | 11 ++++++-----
|
|
3 files changed, 33 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/cipher/ecc.c b/cipher/ecc.c
|
|
index d331a014..569e41f6 100644
|
|
--- a/cipher/ecc.c
|
|
+++ b/cipher/ecc.c
|
|
@@ -961,7 +961,16 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
|
log_mpidump ("ecc_sign data", data);
|
|
|
|
if (ctx.label)
|
|
- rc = _gcry_mpi_scan (&k, GCRYMPI_FMT_USG, ctx.label, ctx.labellen, NULL);
|
|
+ {
|
|
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
+ {
|
|
+ rc = GPG_ERR_INV_DATA;
|
|
+ goto leave;
|
|
+ }
|
|
+ else
|
|
+ fips_service_indicator_mark_non_compliant ();
|
|
+ rc = _gcry_mpi_scan (&k, GCRYMPI_FMT_USG, ctx.label, ctx.labellen, NULL);
|
|
+ }
|
|
if (rc)
|
|
goto leave;
|
|
|
|
@@ -1118,6 +1127,21 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
|
|
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
|
|
if (rc)
|
|
goto leave;
|
|
+
|
|
+ if (ctx.label)
|
|
+ {
|
|
+ if (fips_mode ())
|
|
+ {
|
|
+ if(fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_ECC_K))
|
|
+ {
|
|
+ rc = GPG_ERR_INV_DATA;
|
|
+ goto leave;
|
|
+ }
|
|
+ else
|
|
+ fips_service_indicator_mark_non_compliant ();
|
|
+ }
|
|
+ }
|
|
+
|
|
if (DBG_CIPHER)
|
|
log_mpidump ("ecc_verify data", data);
|
|
|
|
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
|
|
index 1a6f7269..fe3db16a 100644
|
|
--- a/src/gcrypt.h.in
|
|
+++ b/src/gcrypt.h.in
|
|
@@ -1989,6 +1989,8 @@ char *gcry_get_config (int mode, const char *what);
|
|
#define GCRY_FIPS_FLAG_REJECT_PK_MD (1 << 6)
|
|
#define GCRY_FIPS_FLAG_REJECT_PK_GOST_SM2 (1 << 7)
|
|
#define GCRY_FIPS_FLAG_REJECT_CIPHER_MODE (1 << 8)
|
|
+/**/
|
|
+#define GCRY_FIPS_FLAG_REJECT_PK_ECC_K (1 << 10)
|
|
|
|
#define GCRY_FIPS_FLAG_REJECT_MD \
|
|
(GCRY_FIPS_FLAG_REJECT_MD_MD5 | GCRY_FIPS_FLAG_REJECT_MD_OTHERS)
|
|
diff --git a/tests/t-fips-service-ind.c b/tests/t-fips-service-ind.c
|
|
index a082b258..0ece55b8 100644
|
|
--- a/tests/t-fips-service-ind.c
|
|
+++ b/tests/t-fips-service-ind.c
|
|
@@ -728,7 +728,7 @@ check_pk_hash_sign_verify (void)
|
|
"ce4014c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9#)))",
|
|
"(data(flags raw)(hash %s %b)(label %b))",
|
|
"94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de",
|
|
- 0, 0
|
|
+ 1, 0,
|
|
}
|
|
};
|
|
int tvidx;
|
|
@@ -827,7 +827,7 @@ check_pk_hash_sign_verify (void)
|
|
if (ec == GPG_ERR_INV_OP)
|
|
{
|
|
/* libgcrypt is old, no support of the FIPS service indicator. */
|
|
- fail ("gcry_pk_hash test %d unexpectedly failed to check the FIPS service indicator.\n",
|
|
+ fail ("gcry_pk_hash_sign test %d unexpectedly failed to check the FIPS service indicator.\n",
|
|
tvidx);
|
|
goto next;
|
|
}
|
|
@@ -835,7 +835,7 @@ check_pk_hash_sign_verify (void)
|
|
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
|
|
{
|
|
/* Success with the FIPS service indicator == 0 expected, but != 0. */
|
|
- fail ("gcry_pk_hash test %d unexpectedly set the indicator in FIPS mode.\n",
|
|
+ fail ("gcry_pk_hash_sign test %d unexpectedly set the indicator in FIPS mode.\n",
|
|
tvidx);
|
|
goto next;
|
|
}
|
|
@@ -859,7 +859,7 @@ check_pk_hash_sign_verify (void)
|
|
if (ec == GPG_ERR_INV_OP)
|
|
{
|
|
/* libgcrypt is old, no support of the FIPS service indicator. */
|
|
- fail ("gcry_pk_hash test %d unexpectedly failed to check the FIPS service indicator.\n",
|
|
+ fail ("gcry_pk_hash_verify test %d unexpectedly failed to check the FIPS service indicator.\n",
|
|
tvidx);
|
|
goto next;
|
|
}
|
|
@@ -867,7 +867,7 @@ check_pk_hash_sign_verify (void)
|
|
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
|
|
{
|
|
/* Success with the FIPS service indicator == 0 expected, but != 0. */
|
|
- fail ("gcry_pk_hash test %d unexpectedly set the indicator in FIPS mode.\n",
|
|
+ fail ("gcry_pk_hash_verify test %d unexpectedly set the indicator in FIPS mode.\n",
|
|
tvidx);
|
|
goto next;
|
|
}
|
|
@@ -1834,6 +1834,7 @@ main (int argc, char **argv)
|
|
| GCRY_FIPS_FLAG_REJECT_CIPHER_MODE
|
|
| GCRY_FIPS_FLAG_REJECT_PK_MD
|
|
| GCRY_FIPS_FLAG_REJECT_PK_GOST_SM2
|
|
+ | GCRY_FIPS_FLAG_REJECT_PK_ECC_K
|
|
| GCRY_FIPS_FLAG_REJECT_COMPAT110)));
|
|
|
|
check_md_o_w_r_c (1);
|
|
--
|
|
2.49.0
|
|
|