From: Pauli Date: Mon, 29 Jul 2024 02:39:39 +0000 (+1000) Subject: fips: support signature-digest-checks in FIPS provider X-Git-Tag: openssl-3.4.0-alpha1~155 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc5c86b8c1f986c3692d275a38ed131e4fb67c36;p=thirdparty%2Fopenssl.git fips: support signature-digest-checks in FIPS provider Fixes #24936 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/25020) --- diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h index be2c10bc9b9..cb1cfb2e435 100644 --- a/providers/common/include/prov/fipscommon.h +++ b/providers/common/include/prov/fipscommon.h @@ -15,6 +15,7 @@ int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); int FIPS_eddsa_no_verify_digested(OSSL_LIB_CTX *libctx); int FIPS_no_short_mac(OSSL_LIB_CTX *libctx); int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); +int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx); int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx); int FIPS_tls13_kdf_digest_check(OSSL_LIB_CTX *libctx); int FIPS_tls1_prf_digest_check(OSSL_LIB_CTX *libctx); diff --git a/providers/common/include/prov/fipsindicator.h b/providers/common/include/prov/fipsindicator.h index 55178fdbda2..4d674643b14 100644 --- a/providers/common/include/prov/fipsindicator.h +++ b/providers/common/include/prov/fipsindicator.h @@ -133,7 +133,8 @@ int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, - const char *desc); + const char *desc, + OSSL_FIPS_IND_CHECK_CB *config_check_f); #else # define OSSL_FIPS_IND_DECLARE diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index a90233e701c..617d3bd2b78 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -99,7 +99,8 @@ int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, - const char *desc) + const char *desc, + OSSL_FIPS_IND_CHECK_CB *config_check_f) { int approved; @@ -110,7 +111,7 @@ int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, if (!approved) { if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1", - ossl_securitycheck_enabled)) { + config_check_f)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); return 0; } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 4041909ac35..fa6c38f4188 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -96,6 +96,7 @@ typedef struct fips_global_st { FIPS_OPTION fips_eddsa_no_verify_digested; FIPS_OPTION fips_no_short_mac; FIPS_OPTION fips_restricted_drgb_digests; + FIPS_OPTION fips_signature_digest_check; FIPS_OPTION fips_hkdf_digest_check; FIPS_OPTION fips_tls13_kdf_digest_check; FIPS_OPTION fips_tls1_prf_digest_check; @@ -133,6 +134,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) init_fips_option(&fgbl->fips_eddsa_no_verify_digested, 0); init_fips_option(&fgbl->fips_no_short_mac, 1); init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); + init_fips_option(&fgbl->fips_signature_digest_check, 0); init_fips_option(&fgbl->fips_hkdf_digest_check, 0); init_fips_option(&fgbl->fips_tls13_kdf_digest_check, 0); init_fips_option(&fgbl->fips_tls1_prf_digest_check, 0); @@ -214,7 +216,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters. */ - OSSL_PARAM core_params[30], *p = core_params; + OSSL_PARAM core_params[31], *p = core_params; *p++ = OSSL_PARAM_construct_utf8_ptr( OSSL_PROV_PARAM_CORE_MODULE_FILENAME, @@ -257,6 +259,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) fips_no_short_mac); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST, fips_restricted_drgb_digests); + FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK, + fips_signature_digest_check); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HKDF_DIGEST_CHECK, fips_hkdf_digest_check); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS13_KDF_DIGEST_CHECK, @@ -344,6 +348,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) fips_no_short_mac); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, fips_restricted_drgb_digests); + FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK, + fips_signature_digest_check); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HKDF_DIGEST_CHECK, fips_hkdf_digest_check); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS13_KDF_DIGEST_CHECK, @@ -916,6 +922,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, FIPS_SET_OPTION(fgbl, fips_eddsa_no_verify_digested); FIPS_SET_OPTION(fgbl, fips_no_short_mac); FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests); + FIPS_SET_OPTION(fgbl, fips_signature_digest_check); FIPS_SET_OPTION(fgbl, fips_hkdf_digest_check); FIPS_SET_OPTION(fgbl, fips_tls13_kdf_digest_check); FIPS_SET_OPTION(fgbl, fips_tls1_prf_digest_check); @@ -1137,6 +1144,7 @@ FIPS_FEATURE_CHECK(FIPS_eddsa_no_verify_digested, fips_eddsa_no_verify_digested) FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac) FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled, fips_restricted_drgb_digests) +FIPS_FEATURE_CHECK(FIPS_fips_signature_digest_check, fips_signature_digest_check) FIPS_FEATURE_CHECK(FIPS_hkdf_digest_check, fips_hkdf_digest_check) FIPS_FEATURE_CHECK(FIPS_tls13_kdf_digest_check, fips_tls13_kdf_digest_check) FIPS_FEATURE_CHECK(FIPS_tls1_prf_digest_check, fips_tls1_prf_digest_check) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index 23441adfdaf..72b245049ff 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -159,7 +159,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, /* XOF digests don't work */ if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); - return 0; + goto err; } #ifdef FIPS_MODULE { @@ -168,7 +168,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, md_nid, sha1_allowed, - desc)) + desc, + &FIPS_fips_signature_digest_check)) goto err; } #endif @@ -234,7 +235,7 @@ static int dsa_check_key(PROV_DSA_CTX *ctx, int sign, const char *desc) if (!approved) { if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, ctx->libctx, desc, "DSA Key", - ossl_securitycheck_enabled)) { + FIPS_fips_signature_digest_check)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 706b5491757..58d9488cf49 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -273,7 +273,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, /* XOF digests don't work */ if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); - return 0; + goto err; } #ifdef FIPS_MODULE @@ -282,7 +282,8 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc)) + md_nid, sha1_allowed, desc, + &FIPS_fips_signature_digest_check)) goto err; } #endif diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 2776213b54c..7eded5b0583 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -343,11 +343,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, "digest=%s", mdname); goto err; } - /* XOF digests are not allowed except for RSA PSS */ - if (ctx->pad_mode != RSA_PKCS1_PSS_PADDING - && (EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) { + /* + * XOF digests are not allowed except for RSA PSS. + * We don't support XOF digests with RSA PSS (yet), so just fail. + * When we do support them, uncomment the second clause. + */ + if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0 + /* && ctx->pad_mode != RSA_PKCS1_PSS_PADDING */) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); - return 0; + goto err; } #ifdef FIPS_MODULE { @@ -356,7 +360,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc)) + md_nid, sha1_allowed, desc, + &FIPS_fips_signature_digest_check)) goto err; } #endif