From fa338aa7cd1e893679c3e1c47465dcb11f90abfb Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Sun, 28 Apr 2024 19:40:26 +0100 Subject: [PATCH] fips: zeroization of public security parameters (PSPs) ISO 19790:2012/Cor.1:2015 7.9 requires cryptographic module to provide methods to zeroise all unproctected security sensitive parameters (which inclues both Critical/Private **and** Public security parameters). And those that are temprorarly stored are required to be zeroised after they are no longer needed at security levels 2 and higher. Comply with the above requirements by always zeroising public security parameters whenever they are freed. This is currently done under the FIPS feature, however the requirement comes from the ISO 19790:2012 which may also be needed in other jurisdictions. If not always. Note FIPS 140-3 includes ISO 19790:2012 by reference. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24355) --- crypto/ec/ec_lib.c | 4 ++++ crypto/ffc/ffc_params.c | 8 ++++++++ crypto/rsa/rsa_lib.c | 5 +++++ providers/implementations/kdfs/hkdf.c | 4 ++++ providers/implementations/kdfs/pbkdf2.c | 4 ++++ 5 files changed, 25 insertions(+) diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index c92b4dcb0ac..f6309b30346 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -746,9 +746,13 @@ void EC_POINT_free(EC_POINT *point) if (point == NULL) return; +#ifdef FIPS_MODULE + EC_POINT_clear_free(point); +#else if (point->meth->point_finish != 0) point->meth->point_finish(point); OPENSSL_free(point); +#endif } void EC_POINT_clear_free(EC_POINT *point) diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index 680f85ffaf8..aa773101509 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -27,11 +27,19 @@ void ossl_ffc_params_init(FFC_PARAMS *params) void ossl_ffc_params_cleanup(FFC_PARAMS *params) { +#ifdef FIPS_MODULE + BN_clear_free(params->p); + BN_clear_free(params->q); + BN_clear_free(params->g); + BN_clear_free(params->j); + OPENSSL_clear_free(params->seed, params->seedlen); +#else BN_free(params->p); BN_free(params->q); BN_free(params->g); BN_free(params->j); OPENSSL_free(params->seed); +#endif ossl_ffc_params_init(params); } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 5350a4e659e..93ff9518759 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -159,8 +159,13 @@ void RSA_free(RSA *r) CRYPTO_THREAD_lock_free(r->lock); CRYPTO_FREE_REF(&r->references); +#ifdef FIPS_MODULE + BN_clear_free(r->n); + BN_clear_free(r->e); +#else BN_free(r->n); BN_free(r->e); +#endif BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 3f65346a2b0..06184680751 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -117,7 +117,11 @@ static void kdf_hkdf_reset(void *vctx) void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); +#ifdef FIPS_MODULE + OPENSSL_clear_free(ctx->salt, ctx->salt_len); +#else OPENSSL_free(ctx->salt); +#endif OPENSSL_free(ctx->prefix); OPENSSL_free(ctx->label); OPENSSL_clear_free(ctx->data, ctx->data_len); diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index f2d190c308f..bac839ebc62 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -90,7 +90,11 @@ static void *kdf_pbkdf2_new(void *provctx) static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) { ossl_prov_digest_reset(&ctx->digest); +#ifdef FIPS_MODULE + OPENSSL_clear_free(ctx->salt, ctx->salt_len); +#else OPENSSL_free(ctx->salt); +#endif OPENSSL_clear_free(ctx->pass, ctx->pass_len); memset(ctx, 0, sizeof(*ctx)); } -- 2.47.2