openssl-1_1/openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
Pedro Monreal Gonzalez 18ecb7a582 - Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
  * SSL_select_next_proto buffer overread
  * Add openssl-CVE-2024-5535.patch

- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
  security vulnerability. Calling the function SSL_free_buffers()
  potentially caused memory to be accessed that was previously
  freed in some situations and a malicious attacker could attempt
  to engineer a stituation where this occurs to facilitate a
  denial-of-service attack. [CVE-2024-4741, bsc#1225551]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
2024-07-25 08:07:48 +00:00

137 lines
6.4 KiB
Diff

---
crypto/fips/fips_sli.c | 21 +++++++++++++++++++
crypto/kdf/pbkdf2.c | 6 +++++
include/internal/fips_sli_local.h | 3 ++
test/fips_slitest.c | 41 ++++++++++++++++++++++----------------
4 files changed, 54 insertions(+), 17 deletions(-)
--- a/crypto/fips/fips_sli.c
+++ b/crypto/fips/fips_sli.c
@@ -231,6 +231,27 @@ FIPS_STATUS fips_sli_get_kdf_keylen_stat
return FIPS_NONAPPROVED;
}
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes) {
+ if (saltlen_bytes >= 128/8)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter) {
+ if (iter >= 1000)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes) {
+ if (passlen_bytes >= 20)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
void fips_sli_check_key_rsa_keygen_EVP_PKEY_CTX(EVP_PKEY_CTX * ctx, const RSA * rsa) {
fips_sli_check_key_rsa_siggen_EVP_PKEY_CTX(ctx, rsa);
}
--- a/crypto/kdf/pbkdf2.c
+++ b/crypto/kdf/pbkdf2.c
@@ -187,6 +187,12 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMP
fips_sli_check_hash_kdf_struct_evp_kdf_impl_st(impl);
fips_sli_fsm_struct_evp_kdf_impl_st(impl,
fips_sli_get_kdf_keylen_status(keylen));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_saltlen_status(impl->salt_len));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_iteration_status(impl->iter));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_passlen_status(impl->pass_len));
return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
impl->salt, impl->salt_len, impl->iter,
impl->md, key, keylen);
--- a/include/internal/fips_sli_local.h
+++ b/include/internal/fips_sli_local.h
@@ -70,6 +70,9 @@ FIPS_STATUS fips_sli_get_hash_status_ssh
FIPS_STATUS fips_sli_get_hash_status_pbkdf2(const EVP_MD * md);
FIPS_STATUS fips_sli_get_hash_status_kdf_tls1_prf(const EVP_MD * md);
FIPS_STATUS fips_sli_get_kdf_keylen_status(size_t keylen_bytes);
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes);
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter);
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes);
/* Check if used curve is okay for and in this context */
void fips_sli_check_curve_siggen_EVP_PKEY_CTX(EVP_PKEY_CTX *ctx, const EC_GROUP *group);
--- a/test/fips_slitest.c
+++ b/test/fips_slitest.c
@@ -490,36 +490,41 @@ typedef struct {
int nid_digest;
const uint8_t key_expected[32]; // length has to be 32
} SLI_PBKDF2_TEST;
-
static const SLI_PBKDF2_TEST pbkdf2_tests[] = {
{
- 1, 4200, NID_sha256, {
- 0xE7, 0xBE, 0x37, 0x75, 0x9D, 0x53, 0x3E, 0x5A, 0x06, 0x20, 0xC9, 0xA5, 0x3A, 0x8D, 0xA2, 0x9E,
- 0x9C, 0x27, 0xDF, 0x26, 0x24, 0xAB, 0xD8, 0x8E, 0x56, 0xE5, 0xB9, 0xF5, 0xA0, 0xD6, 0xD5, 0xEE
+ 1, 4096, NID_sha1, {
+ 0x3D, 0x2E, 0xEC, 0x4F, 0xE4, 0x1C, 0x84, 0x9B, 0x80, 0xC8, 0xD8, 0x36, 0x62, 0xC0, 0xE4, 0x4A,
+ 0x8B, 0x29, 0x1A, 0x96, 0x4C, 0xF2, 0xF0, 0x70, 0x38, 0xB6, 0xB8, 0x9A, 0x48, 0x61, 0x2C, 0x5A
+ }
+ },
+ {
+ 1, 4096, NID_sha256, {
+ 0x34, 0x8C, 0x89, 0xDB, 0xCB, 0xD3, 0x2B, 0x2F, 0x32, 0xD8, 0x14, 0xB8, 0x11, 0x6E, 0x84, 0xCF,
+ 0x2B, 0x17, 0x34, 0x7E, 0xBC, 0x18, 0x00, 0x18, 0x1C, 0x4E, 0x2A, 0x1F, 0xB8, 0xDD, 0x53, 0xE1
}
},
{
1, 1347, NID_sha256, {
- 0xFB, 0xBB, 0xEC, 0x28, 0x5B, 0x48, 0xE7, 0xC2, 0x54, 0x4E, 0x65, 0x0F, 0x1E, 0xC8, 0xB5, 0x1C,
- 0xF5, 0xAD, 0xAE, 0x2A, 0x21, 0x56, 0x94, 0xD2, 0xE1, 0xB7, 0xC8, 0x7D, 0x7A, 0x0D, 0x63, 0x86
+ 0xD5, 0x99, 0x16, 0xFF, 0x8A, 0xBC, 0x26, 0x37, 0xAF, 0x4B, 0x26, 0xF1, 0x7E, 0x56, 0x8B, 0x7A,
+ 0x00, 0x16, 0xA9, 0xF2, 0x7D, 0x96, 0xDB, 0x33, 0x0A, 0xD0, 0x5F, 0xC3, 0x0C, 0x22, 0xA2, 0xD0
}
},
{
- 1, 4200, NID_sha1, {
- 0x45, 0x96, 0x78, 0xF3, 0x92, 0x74, 0xAC, 0x5B, 0x1F, 0x2B, 0xD3, 0x75, 0x1A, 0xBA, 0x5D, 0xBE,
- 0xF2, 0xDE, 0xE9, 0x88, 0x16, 0x4B, 0x0B, 0x84, 0x94, 0xD9, 0xC2, 0x2D, 0xC1, 0xB9, 0xB0, 0x8A
+ 1, 4096, NID_sha512, {
+ 0x8C, 0x05, 0x11, 0xF4, 0xC6, 0xE5, 0x97, 0xC6, 0xAC, 0x63, 0x15, 0xD8, 0xF0, 0x36, 0x2E, 0x22,
+ 0x5F, 0x3C, 0x50, 0x14, 0x95, 0xBA, 0x23, 0xB8, 0x68, 0xC0, 0x05, 0x17, 0x4D, 0xC4, 0xEE, 0x71
}
},
{
- 1, 4200, NID_sha3_512, {
- 0x1E, 0x77, 0xC8, 0x28, 0x9A, 0x79, 0x2E, 0x25, 0x85, 0x8D, 0x73, 0xB3, 0x0D, 0xA1, 0x26, 0x65,
- 0xC0, 0x04, 0x7D, 0x91, 0xB6, 0x5F, 0x89, 0x5E, 0x01, 0x82, 0x23, 0x35, 0x19, 0x2E, 0x5C, 0x09
+ 1, 4096, NID_sha3_512, {
+ 0xD6, 0x07, 0x91, 0xA4, 0xED, 0x27, 0x19, 0x5D, 0x81, 0x3F, 0x35, 0x51, 0x03, 0x51, 0xB9, 0xD1,
+ 0xFF, 0x9A, 0xD4, 0x26, 0x21, 0x53, 0x94, 0x46, 0x09, 0x50, 0xA4, 0xFE, 0x03, 0xDD, 0x9F, 0x54
}
},
{
- 0, 1347, NID_md5, {
- 0xC2, 0x78, 0x16, 0xDC, 0xD1, 0xC5, 0x71, 0xBD, 0x4A, 0x06, 0x2B, 0x38, 0x50, 0xE7, 0x4E, 0xC2,
- 0x0E, 0x74, 0x9D, 0xB1, 0x59, 0xA8, 0xFF, 0x11, 0x24, 0x68, 0xD0, 0xCF, 0x69, 0xE5, 0x30, 0x36
+ 0, 4096, NID_md5, {
+ 0x8D, 0x5D, 0x0A, 0xAD, 0x94, 0xD1, 0x44, 0x20, 0x42, 0x9F, 0xBC, 0x7E, 0x5B, 0x08, 0x7D, 0x7A,
+ 0x55, 0x27, 0xE6, 0x5D, 0xFD, 0x0D, 0x48, 0x6A, 0x31, 0x0E, 0x8A, 0x7B, 0x6F, 0xF5, 0xA2, 0x1B
}
}
};
@@ -527,8 +532,10 @@ static const size_t pbkdf2_tests_len = s
static int test_PKCS5_PBKDF2_HMAC(int pbkdf2_tests_idx) {
int success = 0;
- const char password[] = "password";
- const unsigned char salt[] = {'s', 'a', 'l', 't'};
+ const char password[] = "passwordPASSWORDpassword";
+ const unsigned char salt[] = {'s', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
+ 's', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
+ 's', 'a', 'l', 't'};
const size_t password_len = sizeof(password) / sizeof(password[0]);
const size_t salt_len = sizeof(salt) / sizeof(salt[0]);