OPT_NO_SECURITY_CHECKS,
OPT_TLS_PRF_EMS_CHECK,
OPT_DISALLOW_DRGB_TRUNC_DIGEST,
+ OPT_HKDF_DIGEST_CHECK,
+ OPT_TLS13_KDF_DIGEST_CHECK,
+ OPT_TLS1_PRF_DIGEST_CHECK,
+ OPT_SSHKDF_DIGEST_CHECK,
+ OPT_SSKDF_DIGEST_CHECK,
+ OPT_X963KDF_DIGEST_CHECK,
OPT_SELF_TEST_ONLOAD, OPT_SELF_TEST_ONINSTALL
} OPTION_CHOICE;
"Enable the run-time FIPS check for EMS during TLS1_PRF"},
{"no_drbg_truncated_digests", OPT_DISALLOW_DRGB_TRUNC_DIGEST, '-',
"Disallow truncated digests with Hash and HMAC DRBGs"},
+ {"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-',
+ "Enable digest check for HKDF"},
+ {"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-',
+ "Enable digest check for TLS13-KDF"},
+ {"tls1_prf_digest_check", OPT_TLS1_PRF_DIGEST_CHECK, '-',
+ "Enable digest check for TLS1-PRF"},
+ {"sshkdf_digest_check", OPT_SSHKDF_DIGEST_CHECK, '-',
+ "Enable digest check for SSHKDF"},
+ {"sskdf_digest_check", OPT_SSKDF_DIGEST_CHECK, '-',
+ "Enable digest check for SSKDF"},
+ {"x963kdf_digest_check", OPT_X963KDF_DIGEST_CHECK, '-',
+ "Enable digest check for X963KDF"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input config file, used when verifying"},
unsigned int security_checks : 1;
unsigned int tls_prf_ems_check : 1;
unsigned int drgb_no_trunc_dgst : 1;
+ unsigned int hkdf_digest_check : 1;
+ unsigned int tls13_kdf_digest_check : 1;
+ unsigned int tls1_prf_digest_check : 1;
+ unsigned int sshkdf_digest_check : 1;
+ unsigned int sskdf_digest_check : 1;
+ unsigned int x963kdf_digest_check : 1;
} FIPS_OPTS;
/* Pedantic FIPS compliance */
1, /* security_checks */
1, /* tls_prf_ems_check */
1, /* drgb_no_trunc_dgst */
+ 1, /* hkdf_digest_check */
+ 1, /* tls13_kdf_digest_check */
+ 1, /* tls1_prf_digest_check */
+ 1, /* sshkdf_digest_check */
+ 1, /* sskdf_digest_check */
+ 1, /* x963kdf_digest_check */
};
/* Default FIPS settings for backward compatibility */
1, /* security_checks */
0, /* tls_prf_ems_check */
0, /* drgb_no_trunc_dgst */
+ 0, /* hkdf_digest_check */
+ 0, /* tls13_kdf_digest_check */
+ 0, /* tls1_prf_digest_check */
+ 0, /* sshkdf_digest_check */
+ 0, /* sskdf_digest_check */
+ 0, /* x963kdf_digest_check */
};
static int check_non_pedantic_fips(int pedantic, const char *name)
opts->tls_prf_ems_check ? "1" : "0") <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST,
opts->drgb_no_trunc_dgst ? "1" : "0") <= 0
+ || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_HKDF_DIGEST_CHECK,
+ opts->hkdf_digest_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n",
+ OSSL_PROV_FIPS_PARAM_TLS13_KDF_DIGEST_CHECK,
+ opts->tls13_kdf_digest_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n",
+ OSSL_PROV_FIPS_PARAM_TLS1_PRF_DIGEST_CHECK,
+ opts->tls1_prf_digest_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n",
+ OSSL_PROV_FIPS_PARAM_SSHKDF_DIGEST_CHECK,
+ opts->sshkdf_digest_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SSKDF_DIGEST_CHECK,
+ opts->sskdf_digest_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n",
+ OSSL_PROV_FIPS_PARAM_X963KDF_DIGEST_CHECK,
+ opts->x963kdf_digest_check ? "1": "0") <= 0
|| !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
module_mac_len))
goto end;
case OPT_DISALLOW_DRGB_TRUNC_DIGEST:
fips_opts.drgb_no_trunc_dgst = 1;
break;
+ case OPT_HKDF_DIGEST_CHECK:
+ fips_opts.hkdf_digest_check = 1;
+ break;
+ case OPT_TLS13_KDF_DIGEST_CHECK:
+ fips_opts.tls13_kdf_digest_check = 1;
+ break;
+ case OPT_TLS1_PRF_DIGEST_CHECK:
+ fips_opts.tls1_prf_digest_check = 1;
+ break;
+ case OPT_SSHKDF_DIGEST_CHECK:
+ fips_opts.sshkdf_digest_check = 1;
+ break;
+ case OPT_SSKDF_DIGEST_CHECK:
+ fips_opts.sskdf_digest_check = 1;
+ break;
+ case OPT_X963KDF_DIGEST_CHECK:
+ fips_opts.x963kdf_digest_check = 1;
+ break;
case OPT_QUIET:
quiet = 1;
/* FALLTHROUGH */
[B<-no_security_checks>]
[B<-ems_check>]
[B<-no_drbg_truncated_digests>]
+[B<-hkdf_digest_check>]
+[B<-tls13_kdf_digest_check>]
+[B<-tls1_prf_digest_check>]
+[B<-sshkdf_digest_check>]
+[B<-sskdf_digest_check>]
+[B<-x963kdf_digest_check>]
[B<-self_test_onload>]
[B<-self_test_oninstall>]
[B<-corrupt_desc> I<selftest_description>]
Configure the module to not allow truncated digests to be used with Hash and
HMAC DRBGs. See FIPS 140-3 IG D.R for details.
+=item B<-hkdf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+HKDF.
+See NIST SP 800-56Cr2 for details.
+
+=item B<-tls13_kdf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+TLS13 KDF.
+See RFC 8446 for details.
+
+=item B<-tls1_prf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+TLS_PRF.
+See NIST SP 800-135r1 for details.
+
+=item B<-sshkdf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+SSHKDF.
+See NIST SP 800-135r1 for details.
+
+=item B<-sskdf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+SSKDF.
+See NIST SP 800-56Cr2 for details.
+
+=item B<-x963kdf_digest_check>
+
+Configure the module to enable a run-time digest check when deriving a key by
+X963KDF.
+See NIST SP 800-131Ar2 for details.
+
=item B<-self_test_onload>
Do not write the two fields related to the "test status indicator" and
This parameter sets an optional value for fixedinfo, also known as otherinfo.
+=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check"
+related parameter is set to 0 and the check fails.
+This option is used by the OpenSSL FIPS provider.
+
+=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
+
+The default value of 1 causes an error during EVP_KDF_derive() if
+used digest is not approved.
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
=back
=head1 NOTES
=back
+=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check"
+related parameter is set to 0 and the check fails.
+This option is used by the OpenSSL FIPS provider.
+
+=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
+
+The default value of 1 causes an error during EVP_KDF_derive() if
+used digest is not approved.
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
+According to SP 800-135r1, the following are approved digest algorithms: SHA-1,
+SHA2-224, SHA2-256, SHA2-384, SHA2-512.
+
=back
=head1 NOTES
This parameter sets the mode for the TLS 1.3 KDF operation.
There are two modes that are currently defined:
+=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check"
+related parameter is set to 0 and the check fails.
+This option is used by the OpenSSL FIPS provider.
+
+=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
+
+The default value of 1 causes an error during EVP_KDF_derive() if
+used digest is not approved.
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
+According to RFC 8446, the following are approved digest algorithms: SHA2-256,
+SHA2-384.
+
=over 4
=item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
-This may be used after calling EVP_KDF_derive. It returns 0 if the "ems_check"
-is set to 0 and the "extended master secret" test fails.
+This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check"
+related parameter is set to 0 and the check fails.
This option is used by the OpenSSL FIPS provider.
=item "ems_check" (B<OSSL_KDF_PARAM_FIPS_EMS_CHECK>) <integer>
This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
set to 0.
+=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
+
+The default value of 1 causes an error during EVP_KDF_derive() if
+used digest is not approved.
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
+According to SP 800-135r1, the following are approved digest algorithms:
+SHA2-256, SHA2-384, SHA2-512.
=back
This parameter specifies an optional value for shared info.
+=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check"
+related parameter is set to 0 and the check fails.
+This option is used by the OpenSSL FIPS provider.
+
+=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int>
+
+The default value of 1 causes an error during EVP_KDF_derive() if
+used digest is not approved.
+Setting this to zero will ignore the error and set the approved
+"fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
+According to ANSI X9.63-2001, the following are approved digest algorithms:
+SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
+SHA3-256, SHA3-384, SHA3-512.
+
=back
=head1 NOTES
* This is disabled by default.
* Type: OSSL_PARAM_UTF8_STRING
*/
-# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for HKDF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_HKDF_DIGEST_CHECK "hkdf-digest-check"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for TLS13 KDF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_TLS13_KDF_DIGEST_CHECK "tls13-kdf-digest-check"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for TLS1_PRF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_DIGEST_CHECK "tls1-prf-digest-check"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for SSHKDF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_SSHKDF_DIGEST_CHECK "sshkdf-digest-check"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for SSKDF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_SSKDF_DIGEST_CHECK "sskdf-digest-check"
+
+/*
+ * A boolean that determines if the runtime FIPS digest check for X963KDF is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_X963KDF_DIGEST_CHECK "x963kdf-digest-check"
# ifdef __cplusplus
}
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
+int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx);
+int FIPS_tls13_kdf_digest_check(OSSL_LIB_CTX *libctx);
+int FIPS_tls1_prf_digest_check(OSSL_LIB_CTX *libctx);
+int FIPS_sshkdf_digest_check(OSSL_LIB_CTX *libctx);
+int FIPS_sskdf_digest_check(OSSL_LIB_CTX *libctx);
+int FIPS_x963kdf_digest_check(OSSL_LIB_CTX *libctx);
#endif
int ossl_ec_check_security_strength(const EC_GROUP *group, int protect);
#endif
+#ifndef OPENSSL_NO_DSA
int ossl_dsa_check_key(const DSA *dsa, int sign);
+#endif
+
+#ifndef OPENSSL_NO_DH
int ossl_dh_check_key(const DH *dh);
+#endif
int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
int ossl_digest_get_approved_nid(const EVP_MD *md);
/* Functions that have different implementations for the FIPS_MODULE */
int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md);
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx);
-int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx);
return 0;
}
-/* Disable the ems check in the default provider */
-int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
-{
- return 0;
-}
-
int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md)
{
int mdnid;
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
}
-int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
-{
- return FIPS_tls_prf_ems_check(libctx);
-}
-
int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md)
{
return ossl_digest_get_approved_nid(md);
FIPS_OPTION fips_security_checks;
FIPS_OPTION fips_tls1_prf_ems_check;
FIPS_OPTION fips_restricted_drgb_digests;
+ FIPS_OPTION fips_hkdf_digest_check;
+ FIPS_OPTION fips_tls13_kdf_digest_check;
+ FIPS_OPTION fips_tls1_prf_digest_check;
+ FIPS_OPTION fips_sshkdf_digest_check;
+ FIPS_OPTION fips_sskdf_digest_check;
+ FIPS_OPTION fips_x963kdf_digest_check;
} FIPS_GLOBAL;
static void init_fips_option(FIPS_OPTION *opt, int enabled)
init_fips_option(&fgbl->fips_security_checks, 1);
init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
+ init_fips_option(&fgbl->fips_hkdf_digest_check, 0);
+ init_fips_option(&fgbl->fips_tls13_kdf_digest_check, 0);
+ init_fips_option(&fgbl->fips_tls1_prf_digest_check, 0);
+ init_fips_option(&fgbl->fips_sshkdf_digest_check, 0);
+ init_fips_option(&fgbl->fips_sskdf_digest_check, 0);
+ init_fips_option(&fgbl->fips_x963kdf_digest_check, 0);
return fgbl;
}
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, OSSL_PARAM_INTEGER, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_HKDF_DIGEST_CHECK, OSSL_PARAM_INTEGER, NULL,
+ 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS13_KDF_DIGEST_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_DIGEST_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SSHKDF_DIGEST_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SSKDF_DIGEST_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_X963KDF_DIGEST_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
OSSL_PARAM_END
};
* OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
* OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
*/
- OSSL_PARAM core_params[10], *p = core_params;
+ OSSL_PARAM core_params[16], *p = core_params;
*p++ = OSSL_PARAM_construct_utf8_ptr(
OSSL_PROV_PARAM_CORE_MODULE_FILENAME,
fips_tls1_prf_ems_check);
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST,
fips_restricted_drgb_digests);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HKDF_DIGEST_CHECK,
+ fips_hkdf_digest_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS13_KDF_DIGEST_CHECK,
+ fips_tls13_kdf_digest_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS1_PRF_DIGEST_CHECK,
+ fips_tls1_prf_digest_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SSHKDF_DIGEST_CHECK,
+ fips_sshkdf_digest_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SSKDF_DIGEST_CHECK,
+ fips_sskdf_digest_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_X963KDF_DIGEST_CHECK,
+ fips_x963kdf_digest_check);
#undef FIPS_FEATURE_OPTION
*p = OSSL_PARAM_construct_end();
fips_tls1_prf_ems_check);
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST,
fips_restricted_drgb_digests);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HKDF_DIGEST_CHECK,
+ fips_hkdf_digest_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS13_KDF_DIGEST_CHECK,
+ fips_tls13_kdf_digest_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS1_PRF_DIGEST_CHECK,
+ fips_tls1_prf_digest_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_SSHKDF_DIGEST_CHECK,
+ fips_sshkdf_digest_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_SSKDF_DIGEST_CHECK,
+ fips_sskdf_digest_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_X963KDF_DIGEST_CHECK,
+ fips_x963kdf_digest_check);
#undef FIPS_FEATURE_GET
return 1;
}
FIPS_SET_OPTION(fgbl, fips_security_checks);
FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check);
FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests);
+ FIPS_SET_OPTION(fgbl, fips_hkdf_digest_check);
+ FIPS_SET_OPTION(fgbl, fips_tls13_kdf_digest_check);
+ FIPS_SET_OPTION(fgbl, fips_tls1_prf_digest_check);
+ FIPS_SET_OPTION(fgbl, fips_sshkdf_digest_check);
+ FIPS_SET_OPTION(fgbl, fips_sskdf_digest_check);
+ FIPS_SET_OPTION(fgbl, fips_x963kdf_digest_check);
#undef FIPS_SET_OPTION
ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check)
FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled,
fips_restricted_drgb_digests)
+FIPS_FEATURE_CHECK(FIPS_hkdf_digest_check, fips_hkdf_digest_check)
+FIPS_FEATURE_CHECK(FIPS_tls13_kdf_digest_check, fips_tls13_kdf_digest_check)
+FIPS_FEATURE_CHECK(FIPS_tls1_prf_digest_check, fips_tls1_prf_digest_check)
+FIPS_FEATURE_CHECK(FIPS_sshkdf_digest_check, fips_sshkdf_digest_check)
+FIPS_FEATURE_CHECK(FIPS_sskdf_digest_check, fips_sskdf_digest_check)
+FIPS_FEATURE_CHECK(FIPS_x963kdf_digest_check, fips_x963kdf_digest_check)
#undef FIPS_FEATURE_CHECK
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
+#include "prov/securitycheck.h"
+#include "prov/fipscommon.h"
+#include "prov/fipsindicator.h"
#include "internal/e_os.h"
#include "internal/params.h"
size_t data_len;
unsigned char *info;
size_t info_len;
+ OSSL_FIPS_IND_DECLARE
} KDF_HKDF;
static void *kdf_hkdf_new(void *provctx)
if (!ossl_prov_is_running())
return NULL;
- if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL)
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL) {
ctx->provctx = provctx;
+ OSSL_FIPS_IND_INIT(ctx)
+ }
return ctx;
}
|| !ossl_prov_digest_copy(&dest->digest, &src->digest))
goto err;
dest->mode = src->mode;
+ OSSL_FIPS_IND_COPY(dest, src)
}
return dest;
return sz;
}
+#ifdef FIPS_MODULE
+static int fips_hkdf_digest_check_passed(KDF_HKDF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * HKDF is a TwoStep KDF defined in SP 800-56Cr2. According to section 7,
+ * the valid hash functions are specified in FIPS 180 and FIPS 202.
+ * However, it only lists SHA-1, SHA-2 and SHA-3 in the table in section
+ * 5.2. ACVP also only lists the same set of hash functions.
+ */
+ int digest_unapproved = ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0);
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ libctx, "HKDF", "Digest",
+ FIPS_hkdf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
return 0;
}
+#ifdef FIPS_MODULE
+ if (!fips_hkdf_digest_check_passed(ctx))
+ return 0;
+#endif
+
switch (ctx->mode) {
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
default:
if (params == NULL)
return 1;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
+ OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ return 0;
+
if (!hkdf_common_set_ctx_params(ctx, params))
return 0;
static const OSSL_PARAM known_settable_ctx_params[] = {
HKDF_COMMON_SETTABLES,
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
OSSL_PARAM_END
};
return known_settable_ctx_params;
if (sz == 0)
return 0;
- return OSSL_PARAM_set_size_t(p, sz);
+ if (!OSSL_PARAM_set_size_t(p, sz))
+ return 0;
}
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
- if (ctx->info == NULL || ctx->info_len == 0) {
+ if (ctx->info == NULL || ctx->info_len == 0)
p->return_size = 0;
- return 1;
- }
- return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
+ else if (!OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len))
+ return 0;
}
- return -2;
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
+ return 0;
+ return 1;
}
static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
+ OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
return known_gettable_ctx_params;
return ret;
}
+#ifdef FIPS_MODULE
+static int fips_tls1_3_digest_check_passed(KDF_HKDF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * According to RFC 8446 appendix B.4, the valid hash functions are
+ * specified in FIPS 180-4. However, it only lists SHA2-256 and SHA2-384 in
+ * the table. ACVP also only lists the same set of hash functions.
+ */
+ int digest_unapproved = !EVP_MD_is_a(md, SN_sha256)
+ && !EVP_MD_is_a(md, SN_sha384);
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ libctx, "TLS13 KDF", "Digest",
+ FIPS_tls13_kdf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
return 0;
}
+#ifdef FIPS_MODULE
+ if (!fips_tls1_3_digest_check_passed(ctx))
+ return 0;
+#endif
+
switch (ctx->mode) {
default:
return 0;
if (params == NULL)
return 1;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
+ OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ return 0;
+
if (!hkdf_common_set_ctx_params(ctx, params))
return 0;
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PREFIX, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_LABEL, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_DATA, NULL, 0),
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
OSSL_PARAM_END
};
return known_settable_ctx_params;
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
+#include "prov/securitycheck.h"
+#include "prov/fipscommon.h"
+#include "prov/fipsindicator.h"
/* See RFC 4253, Section 7.2 */
static OSSL_FUNC_kdf_newctx_fn kdf_sshkdf_new;
char type; /* X */
unsigned char *session_id;
size_t session_id_len;
+ OSSL_FIPS_IND_DECLARE
} KDF_SSHKDF;
static void *kdf_sshkdf_new(void *provctx)
if (!ossl_prov_is_running())
return NULL;
- if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL)
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL) {
ctx->provctx = provctx;
+ OSSL_FIPS_IND_INIT(ctx)
+ }
return ctx;
}
|| !ossl_prov_digest_copy(&dest->digest, &src->digest))
goto err;
dest->type = src->type;
+ OSSL_FIPS_IND_COPY(dest, src)
}
return dest;
return OSSL_PARAM_get_octet_string(p, (void **)dst, 0, dst_len);
}
+#ifdef FIPS_MODULE
+static int fips_digest_check_passed(KDF_SSHKDF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * According to NIST SP 800-135r1 section 5.2, the valid hash functions are
+ * specified in FIPS 180-3. ACVP also only lists the same set of hash
+ * functions.
+ */
+ int digest_unapproved = !EVP_MD_is_a(md, SN_sha1)
+ && !EVP_MD_is_a(md, SN_sha224)
+ && !EVP_MD_is_a(md, SN_sha256)
+ && !EVP_MD_is_a(md, SN_sha384)
+ && !EVP_MD_is_a(md, SN_sha512);
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ libctx, "SSHKDF", "Digest",
+ FIPS_sshkdf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
return 0;
}
+
+#ifdef FIPS_MODULE
+ if (!fips_digest_check_passed(ctx))
+ return 0;
+#endif
+
return SSHKDF(md, ctx->key, ctx->key_len,
ctx->xcghash, ctx->xcghash_len,
ctx->session_id, ctx->session_id_len,
if (params == NULL)
return 1;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
+ OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ return 0;
+
if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
return 0;
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, NULL, 0),
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
OSSL_PARAM_END
};
return known_settable_ctx_params;
{
OSSL_PARAM *p;
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
- return -2;
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
+ return 0;
+ }
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(((KDF_SSHKDF *)vctx), params))
+ return 0;
+ return 1;
}
static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+ OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
return known_gettable_ctx_params;
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
+#include "prov/securitycheck.h"
+#include "prov/fipscommon.h"
+#include "prov/fipsindicator.h"
#include "internal/params.h"
typedef struct {
size_t salt_len;
size_t out_len; /* optional KMAC parameter */
int is_kmac;
+ OSSL_FIPS_IND_DECLARE
} KDF_SSKDF;
#define SSKDF_MAX_INLEN (1<<30)
if (!ossl_prov_is_running())
return NULL;
- if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL)
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL) {
ctx->provctx = provctx;
+ OSSL_FIPS_IND_INIT(ctx)
+ }
return ctx;
}
goto err;
dest->out_len = src->out_len;
dest->is_kmac = src->is_kmac;
+ OSSL_FIPS_IND_COPY(dest, src)
}
return dest;
return (len <= 0) ? 0 : (size_t)len;
}
+#ifdef FIPS_MODULE
+static int fips_sskdf_digest_check_passed(KDF_SSKDF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * SSKDF is a OneStep KDF defined in SP 800-56Cr2. According to section 7,
+ * the valid hash functions are specified in FIPS 180 and FIPS 202.
+ * However, it only lists SHA-1, SHA-2 and SHA-3 in the table in section
+ * 4.2. ACVP also only lists the same set of hash functions.
+ */
+ int digest_unapproved = (ctx->is_kmac != 1)
+ && (md != NULL)
+ && ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0);
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ libctx, "SSKDF", "Digest",
+ FIPS_sskdf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
return 0;
}
+
+#ifdef FIPS_MODULE
+ if (!fips_sskdf_digest_check_passed(ctx))
+ return 0;
+#endif
+
md = ossl_prov_digest_md(&ctx->digest);
if (ctx->macctx != NULL) {
}
}
+#ifdef FIPS_MODULE
+static int fips_x963kdf_digest_check_passed(KDF_SSKDF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * X963KDF is a KDF defined in ANSI-X9.63. According to ACVP specification
+ * section 7.3.1, only SHA-2 and SHA-3 can be regarded as valid hash
+ * functions.
+ */
+ int digest_unapproved = (ctx->is_kmac != 1)
+ && (((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0)
+ || EVP_MD_is_a(md, SN_sha1));
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ libctx, "X963KDF", "Digest",
+ FIPS_x963kdf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
return 0;
}
+#ifdef FIPS_MODULE
+ if (!fips_x963kdf_digest_check_passed(ctx))
+ return 0;
+#endif
+
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
ctx->info, ctx->info_len, 1, key, keylen);
}
if (params == NULL)
return 1;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
+ OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ return 0;
+
if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params,
NULL, NULL, NULL, libctx))
return 0;
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0),
OSSL_PARAM_size_t(OSSL_KDF_PARAM_MAC_SIZE, NULL),
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
OSSL_PARAM_END
};
return known_settable_ctx_params;
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
OSSL_PARAM *p;
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx));
- return -2;
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
+ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx)))
+ return 0;
+ }
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
+ return 0;
+ return 1;
}
static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+ OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
return known_gettable_ctx_params;
#include "prov/implementations.h"
#include "prov/provider_util.h"
#include "prov/securitycheck.h"
+#include "prov/fipscommon.h"
#include "prov/fipsindicator.h"
#include "internal/e_os.h"
#include "internal/safe_math.h"
/* Concatenated seed data */
unsigned char *seed;
size_t seedlen;
+
+#ifdef FIPS_MODULE
+ PROV_DIGEST digest;
+#endif
+
OSSL_FIPS_IND_DECLARE
} TLS1_PRF;
TLS1_PRF *ctx = (TLS1_PRF *)vctx;
void *provctx = ctx->provctx;
+#ifdef FIPS_MODULE
+ ossl_prov_digest_reset(&ctx->digest);
+#endif
EVP_MAC_CTX_free(ctx->P_hash);
EVP_MAC_CTX_free(ctx->P_sha1);
OPENSSL_clear_free(ctx->sec, ctx->seclen);
if (!ossl_prov_memdup(src->seed, src->seedlen, &dest->seed,
&dest->seedlen))
goto err;
+#ifdef FIPS_MODULE
+ if (!ossl_prov_digest_copy(&dest->digest, &src->digest))
+ goto err;
+#endif
OSSL_FIPS_IND_COPY(dest, src)
}
return dest;
if (!ems_approved) {
if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
libctx, "TLS_PRF", "EMS",
- ossl_tls1_prf_ems_check_enabled)) {
+ FIPS_tls_prf_ems_check)) {
ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED);
return 0;
}
}
return 1;
}
+
+static int fips_digest_check_passed(TLS1_PRF *ctx)
+{
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ /*
+ * Perform digest check
+ *
+ * According to NIST SP 800-135r1 section 5.2, the valid hash functions are
+ * specified in FIPS 180-3. ACVP also only lists the same set of hash
+ * functions.
+ */
+ int digest_unapproved = (md != NULL)
+ && !EVP_MD_is_a(md, SN_sha256)
+ && !EVP_MD_is_a(md, SN_sha384)
+ && !EVP_MD_is_a(md, SN_sha512);
+
+ if (digest_unapproved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE1,
+ libctx, "TLS_PRF", "Digest",
+ FIPS_tls1_prf_digest_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED);
+ return 0;
+ }
+ }
+ return 1;
+}
#endif
static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
#ifdef FIPS_MODULE
if (!fips_ems_check_passed(ctx))
return 0;
+ if (!fips_digest_check_passed(ctx))
+ return 0;
#endif
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_KDF_PARAM_FIPS_EMS_CHECK))
- return 0;
+ return 0;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
+ OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) {
if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) {
NULL, NULL, libctx))
return 0;
}
+
+#ifdef FIPS_MODULE
+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
+ return 0;
+#endif
}
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_EMS_CHECK)
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
OSSL_PARAM_END
};
return known_settable_ctx_params;
{
OSSL_PARAM *p;
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
+ return 0;
+ }
if (!OSSL_FIPS_IND_GET_CTX_PARAM(((TLS1_PRF *)vctx), params))
return 0;
return 1;
goto err;
}
- /* Get params returns -2 if an unsupported parameter is requested */
+ /* Get params returns 1 if an unsupported parameter is requested */
params_get[0] = OSSL_PARAM_construct_end();
- if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
+ if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1))
goto err;
ret = 1;
err:
Ctrl.salt = hexsalt:000000000000000000000000000000000000000000000000000000000000000000
Ctrl.info = info:
Output = 62f99231760bedd72319cc6cad
+
+Title = HKDF bad digest test
+
+Availablein = fips
+FIPSversion = >=3.4.0
+KDF = HKDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
Ctrl.hexinfo = hexinfo:0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaa
Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb
Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db
+
+Title = SSKDF bad digest test
+
+Availablein = fips
+FIPSversion = >=3.4.0
+KDF = SSKDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744
+Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0
+Result = KDF_DERIVE_ERROR
Ctrl.type = type:A
Output = FF
Result = KDF_MISMATCH
+
+Availablein = fips
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Ctrl.digest = digest:SHA512-256
+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Result = KDF_DERIVE_ERROR
Ctrl.digest = digest:SHA256
Result = KDF_CTRL_ERROR
+Title = TLS13-KDF bad digest test
+
+Availablein = fips
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA3-256
+Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
+Result = KDF_DERIVE_ERROR
Title = X963 KDF tests (from NIST test vectors)
+FIPSversion = <3.4.0
KDF = X963KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
Ctrl.hexinfo = hexinfo:cf3a74ba86
Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583
Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
+
+Title = X963KDF bad digest test
+
+Availablein = fips
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
+Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
+Result = KDF_DERIVE_ERROR
],
[ "enveloped content test streaming S/MIME format, ECDH, AES-128-CBC, SHA256 KDF",
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
"-recip", catfile($smdir, "smec1.pem"), "-aes128",
"-keyopt", "ecdh_kdf_md:sha256" ],
- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
[ "enveloped content test streaming S/MIME format, ECDH, AES-128-GCM cipher, SHA256 KDF",
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
"-recip", catfile($smdir, "smec1.pem"), "-aes-128-gcm", "-keyopt", "ecdh_kdf_md:sha256" ],
[ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
],
[ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
"-recip", catfile($smdir, "smec2.pem"), "-aes128",
"-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
my $security_checks = 1;
my $ems_check = 1;
my $drgb_no_trunc_dgst = 1;
+my $kdf_digest_check = 1;
my $activate = 1;
my $mac_key;
tls1-prf-ems-check = $ems_check
drbg-no-trunc-md = $drgb_no_trunc_dgst
module-mac = $module_mac
+hkdf-digest-check = $kdf_digest_check
+tls13-kdf-digest-check = $kd_digest_check
+tls1-prf-digest-check = $kdf_digest_check
+sshkdf-digest-check = $k_digest_check
+sskdf-digest-check = $kd_digest_check
+x963kdf-digest-check = $kdf__digest_check
_____
'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint
'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint
'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint
+ 'PROV_PARAM_HKDF_DIGEST_CHECK' => "hkdf-digest-check", # uint
+ 'PROV_PARAM_TLS13_KDF_DIGEST_CHECK' => "tls13-kdf-digest-check", # uint
+ 'PROV_PARAM_TLS1_PRF_DIGEST_CHECK' => "tls1-prf-digest-check", # uint
+ 'PROV_PARAM_SSHKDF_DIGEST_CHECK' => "sshkdf-digest-check", # uint
+ 'PROV_PARAM_SSKDF_DIGEST_CHECK' => "sskdf-digest-check", # uint
+ 'PROV_PARAM_X963KDF_DIGEST_CHECK' => "x963kdf-digest-check", # uint
# Self test callback parameters
'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string
'KDF_PARAM_ARGON2_MEMCOST' => "memcost", # uint32_t
'KDF_PARAM_ARGON2_VERSION' => "version", # uint32_t
'KDF_PARAM_FIPS_EMS_CHECK' => "ems_check", # int
+ 'KDF_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK',
'KDF_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
# Known RAND names
projects / thirdparty / openssl.git / commitdiff
