FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures

These algorithms do not have OIDS (Note that RSA does have OIDS),
and are not valid values for FIPS.
Note that this was only possible if the "ECDSA" algorithm is fetched.
Note that "ECDSA-SHA512-256" and "ECDSA-SHA512-224" are not currently
fetchable.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28377)

(cherry picked from commit 5ce54ae14bd1ad1934dfe493fe39d89eb1d5b72d)

diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c
index c02fa960c096912cc7287963a31b16df66516943..5581e13d2d53cce405f7a286d46e15ae9bde47f0 100644 (file)
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@@ -98,18 +98,33 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id,
 int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id,
                                     OSSL_LIB_CTX *libctx,
                                     int nid, int sha1_allowed,
+                                    int sha512_trunc_allowed,
                                     const char *desc,
                                     OSSL_FIPS_IND_CHECK_CB *config_check_f)
 {
     int approved;
+    const char *op = "none";
 
-    if (nid == NID_undef)
+    switch (nid) {
+    case NID_undef:
         approved = 0;
-    else
-        approved = sha1_allowed || nid != NID_sha1;
+        break;
+    case NID_sha512_224:
+    case NID_sha512_256:
+        approved = sha512_trunc_allowed;
+        op = "Digest Truncated SHA512";
+        break;
+    case NID_sha1:
+        approved = sha1_allowed;
+        op = "Digest SHA1";
+        break;
+    default:
+        approved = 1;
+        break;
+    }
 
     if (!approved) {
-        if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1",
+        if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, op,
                                          config_check_f)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
             return 0;

diff --git a/providers/fips/include/fips/fipsindicator.h b/providers/fips/include/fips/fipsindicator.h
index 045d2108d549a0ad528179e85a7d7959d7109253..7efe62669ae893f155c23b91c21af937d72f7f7a 100644 (file)
--- a/providers/fips/include/fips/fipsindicator.h
+++ b/providers/fips/include/fips/fipsindicator.h
@@ -134,6 +134,7 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *li
 int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id,
                                     OSSL_LIB_CTX *libctx,
                                     int nid, int sha1_allowed,
+                                    int sha512_trunc_allowed,
                                     const char *desc,
                                     OSSL_FIPS_IND_CHECK_CB *config_check_f);
 

diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index c5adbf80021bab6577dc5e78e4b1184d9806dce1..887f6cbb901894f2ddf9b8283e29a52ad9533c50 100644 (file)
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -193,7 +193,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
             if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                                  OSSL_FIPS_IND_SETTABLE1,
                                                  ctx->libctx,
-                                                 md_nid, sha1_allowed, desc,
+                                                 md_nid, sha1_allowed, 0, desc,
                                                  ossl_fips_config_signature_digest_check))
                 goto err;
         }

diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 4018a772ff131fc4d66e0deefce4bedadb92d3ab..73bfbf4aa9c1525dcb8275c623977d8ab8816df6 100644 (file)
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -219,7 +219,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
         if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                              OSSL_FIPS_IND_SETTABLE1,
                                              ctx->libctx,
-                                             md_nid, sha1_allowed, desc,
+                                             md_nid, sha1_allowed, 0, desc,
                                              ossl_fips_config_signature_digest_check))
             goto err;
     }

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 5d52c63e7ed3a11cfa108a8d2f8a317e744a2b77..ff127a462ef24813233dd8222d466f6f0c1d0af9 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -411,7 +411,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
             if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
                                                  OSSL_FIPS_IND_SETTABLE1,
                                                  ctx->libctx,
-                                                 md_nid, sha1_allowed, desc,
+                                                 md_nid, sha1_allowed, 1, desc,
                                                  ossl_fips_config_signature_digest_check))
                 goto err;
         }

diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index 54b143beada4cffc1f945deb74276283879ec563..7d850f4bb8064a7d480a2f167d626eb912127069 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -261,6 +261,15 @@ Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Result = KEYOP_MISMATCH
 
+FIPSversion = >=3.6.0
+Sign = P-256
+Securitycheck = 1
+Unapproved = 1
+CtrlInit = digest-check:0
+Ctrl = digest:SHA512-224
+Input = "0123456789ABCDEF1234"
+Result = KEYOP_ERROR
+
 Title = XOF disallowed
 
 DigestVerify = SHAKE256