FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures

These algorithms do not have OIDS (Note that RSA does have OIDS),
and are not valid values for FIPS.
Note that this was only possible if the "ECDSA" algorithm is fetched.
Note that "ECDSA-SHA512-256" and "ECDSA-SHA512-224" are not currently
fetchable.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28377)

diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c
index c02fa960c096912cc7287963a31b16df66516943..5581e13d2d53cce405f7a286d46e15ae9bde47f0 100644 (file)
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@@ -98,18 +98,33 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id,
 int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id,
                                     OSSL_LIB_CTX *libctx,
                                     int nid, int sha1_allowed,
+                                    int sha512_trunc_allowed,
                                     const char *desc,
                                     OSSL_FIPS_IND_CHECK_CB *config_check_f)
 {
     int approved;
+    const char *op = "none";
 
-    if (nid == NID_undef)
+    switch (nid) {
+    case NID_undef:
         approved = 0;
-    else
-        approved = sha1_allowed || nid != NID_sha1;
+        break;
+    case NID_sha512_224:
+    case NID_sha512_256:
+        approved = sha512_trunc_allowed;
+        op = "Digest Truncated SHA512";
+        break;
+    case NID_sha1:
+        approved = sha1_allowed;
+        op = "Digest SHA1";
+        break;
+    default:
+        approved = 1;
+        break;
+    }
 
     if (!approved) {
-        if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1",
+        if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, op,
                                          config_check_f)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
             return 0;

diff --git a/providers/fips/include/fips/fipsindicator.h b/providers/fips/include/fips/fipsindicator.h
index f2939bb45b19ec37cf70df7e9cd020b86f123c34..c682f6e173829c8f6e08b9a7c7e20955e9ced196 100644 (file)
--- a/providers/fips/include/fips/fipsindicator.h
+++ b/providers/fips/include/fips/fipsindicator.h
@@ -144,6 +144,7 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *li
 int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id,
                                     OSSL_LIB_CTX *libctx,
                                     int nid, int sha1_allowed,
+                                    int sha512_trunc_allowed,
                                     const char *desc,
                                     OSSL_FIPS_IND_CHECK_CB *config_check_f);
 

diff --git a/providers/implementations/signature/dsa_sig.c.in b/providers/implementations/signature/dsa_sig.c.in
index 2014227c573cceefbfae79c16a70beb8c64a2f52..5b64a0cd160c211a34e3dca91694bd754c3a3eda 100644 (file)
--- a/providers/implementations/signature/dsa_sig.c.in
+++ b/providers/implementations/signature/dsa_sig.c.in
@@ -196,7 +196,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
             if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                                  OSSL_FIPS_IND_SETTABLE1,
                                                  ctx->libctx,
-                                                 md_nid, sha1_allowed, desc,
+                                                 md_nid, sha1_allowed, 0, desc,
                                                  ossl_fips_config_signature_digest_check))
                 goto err;
         }

diff --git a/providers/implementations/signature/ecdsa_sig.c.in b/providers/implementations/signature/ecdsa_sig.c.in
index 029bb5beec2ed4b30116abfaecf808d991f0c618..741f5ffc473eccdfa6cf03956ca86a9c028fb356 100644 (file)
--- a/providers/implementations/signature/ecdsa_sig.c.in
+++ b/providers/implementations/signature/ecdsa_sig.c.in
@@ -222,7 +222,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
         if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                              OSSL_FIPS_IND_SETTABLE1,
                                              ctx->libctx,
-                                             md_nid, sha1_allowed, desc,
+                                             md_nid, sha1_allowed, 0, desc,
                                              ossl_fips_config_signature_digest_check))
             goto err;
     }

diff --git a/providers/implementations/signature/rsa_sig.c.in b/providers/implementations/signature/rsa_sig.c.in
index 3e5831613a90e41bed22b5ded7006e8bc01c0d37..2c9d0c85f6d0017ff2b38442af5724b5e9f77f8c 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c.in
+++ b/providers/implementations/signature/rsa_sig.c.in
@@ -414,7 +414,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
             if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                                  OSSL_FIPS_IND_SETTABLE1,
                                                  ctx->libctx,
-                                                 md_nid, sha1_allowed, desc,
+                                                 md_nid, sha1_allowed, 1, desc,
                                                  ossl_fips_config_signature_digest_check))
                 goto err;
         }

diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index b0e1f4197bf8dee9e966e86426f16b254b3c5102..924f9f0e97947c3f0a7c73ac5666750d2694186a 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -268,6 +268,15 @@ Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Result = KEYOP_MISMATCH
 
+FIPSversion = >=3.6.0
+Sign = P-256
+Securitycheck = 1
+Unapproved = 1
+CtrlInit = digest-check:0
+Ctrl = digest:SHA512-224
+Input = "0123456789ABCDEF1234"
+Result = KEYOP_ERROR
+
 Title = XOF disallowed
 
 DigestVerify = SHAKE256