testing/openssl-3
SHA256
7
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity
Files
5f909683e2890171ba001269945d1418741c672af7aaaa44de5f71f1b3623c98
openssl-3/openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch

112 lines
4.8 KiB
Diff
Raw Normal View History

- Update to 3.5.0: * Changes: - Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. - The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. - All BIO_meth_get_*() functions were deprecated. * New features: - Support for server side QUIC (RFC 9000) - Support for 3rd party QUIC stacks including 0-RTT support - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP - Support added for opaque symmetric key objects (EVP_SKEY) - Support for multiple TLS keyshares and improved TLS key establishment group configurability - API support for pipelining in provided cipher algorithms * Remove patches: - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch - openssl-3-add-defines-CPACF-funcs.patch - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - openssl-3-add-xof-state-handling-s3_absorb.patch - openssl-3-fix-state-handling-sha3_absorb_s390x.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=139
2025-04-16 13:02:20 +00:00
From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 21 Aug 2023 15:47:55 +0200
Subject: [PATCH 39/48]
0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Patch-id: 84
---
providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
Index: openssl-3.5.0-beta1/providers/implementations/kdfs/pbkdf2.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/kdfs/pbkdf2.c
+++ openssl-3.5.0-beta1/providers/implementations/kdfs/pbkdf2.c
@@ -36,6 +36,21 @@
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
#define KDF_PBKDF2_MIN_ITERATIONS 1000
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
+/* The Implementation Guidance for FIPS 140-3 says in section D.N
+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
+ * shall document in the modules Security Policy the length of
+ * a password/passphrase used in key derivation and establish an upper bound
+ * for the probability of having this parameter guessed at random. This
+ * probability shall take into account not only the length of the
+ * password/passphrase, but also the difficulty of guessing it. The decision on
+ * the minimum length of a password used for key derivation is the vendors,
+ * but the vendor shall at a minimum informally justify the decision."
+ *
+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
+ * combined with an implicit indicator (i.e., returning an error) would cause
+ * the module to fail ACVP testing. */
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
@@ -179,8 +194,8 @@ static int pbkdf2_set_membuf(unsigned ch
}
static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
- size_t keylen, int *error,
- const char **desc)
+ size_t keylen, size_t passlen,
+ int *error, const char **desc)
{
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
*error = PROV_R_KEY_SIZE_TOO_SMALL;
@@ -188,6 +203,12 @@ static int pbkdf2_lower_bound_check_pass
*desc = "Key size";
return 0;
}
+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
+ *error = PROV_R_INVALID_INPUT_LENGTH;
+ if (desc != NULL)
+ *desc = "Password length";
+ return 0;
+ }
if (saltlen < KDF_PBKDF2_MIN_SALT_LEN) {
*error = PROV_R_INVALID_SALT_LENGTH;
if (desc != NULL)
@@ -205,13 +226,13 @@ static int pbkdf2_lower_bound_check_pass
}
#ifdef FIPS_MODULE
-static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen)
+static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen, size_t passlen)
{
OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
int error = 0;
const char *desc = NULL;
int approved = pbkdf2_lower_bound_check_passed(ctx->salt_len, ctx->iter,
- keylen, &error, &desc);
+ keylen, passlen, &error, &desc);
if (!approved) {
if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx,
@@ -283,9 +304,15 @@ static int kdf_pbkdf2_set_ctx_params(voi
#endif
}
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
+ if (ctx->lower_bound_checks != 0
+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
return 0;
+ }
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
if (ctx->lower_bound_checks != 0
@@ -400,13 +427,13 @@ static int pbkdf2_derive(KDF_PBKDF2 *ctx
}
#ifdef FIPS_MODULE
- if (!fips_lower_bound_check_passed(ctx, keylen))
+ if (!fips_lower_bound_check_passed(ctx, keylen, passlen))
return 0;
#else
if (lower_bound_checks) {
int error = 0;
int passed = pbkdf2_lower_bound_check_passed(saltlen, iter, keylen,
- &error, NULL);
+ passlen, &error, NULL);
if (!passed) {
ERR_raise(ERR_LIB_PROV, error);
Copy Permalink