fips: add option to disable PKCS#1 version 1.5 padding

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)

diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
index 63c57874e897018ae2113c1a9959c709ef20291f..07c30a7e4fa28f75ec989e0a33615d672194827f 100644 (file)
--- a/include/openssl/fips_names.h
+++ b/include/openssl/fips_names.h
@@ -149,9 +149,14 @@ extern "C" {
 # define OSSL_PROV_FIPS_PARAM_TDES_ENCRYPT_DISABLED "tdes-encrypt-disabled"
 
 /*
+ * A boolean that determines if PKCS#1 v1.5 padding is allowed for key
+ * agreement and transport operations.
+ * See SP800-131A r2 for further information.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
  */
 # define OSSL_PROV_FIPS_PARAM_RSA_PKCS15_PADDING_DISABLED \
-            "rsa-pkcs15_padding_disabled"
+            "rsa-pkcs15-padding-disabled"
 /*
  * A boolean that determines if X9.31 padding can be used for RSA signing.
  * X9.31 RSA has been removed from FIPS 186-5, and is no longer approved for

diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h
index f93f7b66a2c61ee7c717eb5f3e1671d6d9a361b7..c3284a0d29212c7301e3262801d3542a99855d27 100644 (file)
--- a/providers/common/include/prov/fipscommon.h
+++ b/providers/common/include/prov/fipscommon.h
@@ -23,6 +23,7 @@ int FIPS_sskdf_digest_check(OSSL_LIB_CTX *libctx);
 int FIPS_x963kdf_digest_check(OSSL_LIB_CTX *libctx);
 int FIPS_dsa_sign_check(OSSL_LIB_CTX *libctx);
 int FIPS_tdes_encrypt_check(OSSL_LIB_CTX *libctx);
+int FIPS_rsa_pkcs15_padding_disabled(OSSL_LIB_CTX *libctx);
 int FIPS_rsa_sign_x931_disallowed(OSSL_LIB_CTX *libctx);
 int FIPS_hkdf_key_check(OSSL_LIB_CTX *libctx);
 int FIPS_tls13_kdf_key_check(OSSL_LIB_CTX *libctx);

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 80c84119bf7f7d59aa149b34ede6d75a6d52bbec..3ef42796aaf378b4e47144aca6625d7e13725dc0 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -98,6 +98,7 @@ typedef struct fips_global_st {
     FIPS_OPTION fips_x963kdf_digest_check;
     FIPS_OPTION fips_dsa_sign_disallowed;
     FIPS_OPTION fips_tdes_encrypt_disallowed;
+    FIPS_OPTION fips_rsa_pkcs15_padding_disabled;
     FIPS_OPTION fips_rsa_sign_x931_disallowed;
     FIPS_OPTION fips_hkdf_key_check;
     FIPS_OPTION fips_tls13_kdf_key_check;
@@ -133,6 +134,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
     init_fips_option(&fgbl->fips_x963kdf_digest_check, 0);
     init_fips_option(&fgbl->fips_dsa_sign_disallowed, 0);
     init_fips_option(&fgbl->fips_tdes_encrypt_disallowed, 0);
+    init_fips_option(&fgbl->fips_rsa_pkcs15_padding_disabled, 0);
     init_fips_option(&fgbl->fips_rsa_sign_x931_disallowed, 0);
     init_fips_option(&fgbl->fips_hkdf_key_check, 0);
     init_fips_option(&fgbl->fips_tls13_kdf_key_check, 0);
@@ -204,7 +206,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
     * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
     * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
     */
-    OSSL_PARAM core_params[28], *p = core_params;
+    OSSL_PARAM core_params[29], *p = core_params;
 
     *p++ = OSSL_PARAM_construct_utf8_ptr(
             OSSL_PROV_PARAM_CORE_MODULE_FILENAME,
@@ -263,6 +265,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
                         fips_dsa_sign_disallowed);
     FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TDES_ENCRYPT_DISABLED,
                         fips_tdes_encrypt_disallowed);
+    FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_RSA_PKCS15_PADDING_DISABLED,
+                        fips_rsa_pkcs15_padding_disabled);
     FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_RSA_SIGN_X931_PAD_DISABLED,
                         fips_rsa_sign_x931_disallowed);
     FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HKDF_KEY_CHECK,
@@ -346,6 +350,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
                      fips_dsa_sign_disallowed);
     FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TDES_ENCRYPT_DISABLED,
                      fips_tdes_encrypt_disallowed);
+    FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_RSA_PKCS15_PADDING_DISABLED,
+                     fips_rsa_pkcs15_padding_disabled);
     FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED,
                      fips_rsa_sign_x931_disallowed);
     FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HKDF_KEY_CHECK,
@@ -906,6 +912,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
     FIPS_SET_OPTION(fgbl, fips_x963kdf_digest_check);
     FIPS_SET_OPTION(fgbl, fips_dsa_sign_disallowed);
     FIPS_SET_OPTION(fgbl, fips_tdes_encrypt_disallowed);
+    FIPS_SET_OPTION(fgbl, fips_rsa_pkcs15_padding_disabled);
     FIPS_SET_OPTION(fgbl, fips_rsa_sign_x931_disallowed);
     FIPS_SET_OPTION(fgbl, fips_hkdf_key_check);
     FIPS_SET_OPTION(fgbl, fips_tls13_kdf_key_check);
@@ -1125,6 +1132,8 @@ FIPS_FEATURE_CHECK(FIPS_sskdf_digest_check, fips_sskdf_digest_check)
 FIPS_FEATURE_CHECK(FIPS_x963kdf_digest_check, fips_x963kdf_digest_check)
 FIPS_FEATURE_CHECK(FIPS_dsa_sign_check, fips_dsa_sign_disallowed)
 FIPS_FEATURE_CHECK(FIPS_tdes_encrypt_check, fips_tdes_encrypt_disallowed)
+FIPS_FEATURE_CHECK(FIPS_rsa_pkcs15_padding_disabled,
+                   fips_rsa_pkcs15_padding_disabled)
 FIPS_FEATURE_CHECK(FIPS_rsa_sign_x931_disallowed,
                    fips_rsa_sign_x931_disallowed)
 FIPS_FEATURE_CHECK(FIPS_hkdf_key_check, fips_hkdf_key_check)