From: slontis <shane.lontis@oracle.com>
Date: Wed, 24 Jul 2024 06:33:56 +0000 (+1000)
Subject: Disallow DSA Keygen in the FIPS provider
X-Git-Tag: openssl-3.4.0-alpha1~236
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49a35f0f9283d13495941c47bb27ed1a0c32b109;p=thirdparty%2Fopenssl.git

Disallow DSA Keygen in the FIPS provider

This uses a FIPS indicator.
Since DSA KeyGen is only useful for DSA signing,
it reuses the DSA signing FIPS configuration option and settable ctx name.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
---

diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod
index f3b534aad64..59f023bc781 100644
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@@ -436,6 +436,23 @@ its argument I<mdname>.  This signifies that no digest has to be specified
 with the corresponding signature operation, but may be specified as an
 option.
 
+=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <int>
+
+If required this parameter should be set before the OSSL_FUNC_keymgmt_gen()
+function. This value is not supported by all keygen algorithms.
+The default value of 1 will cause an error if the generated key is not
+allowed to be used for signing.
+Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
+This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
+set to 0.
+
+=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
+This may be used after calling OSSL_FUNC_keymgmt_gen() function. It may
+return 0 if either the "digest-check", "key-check", or "sign-check" are set to 0.
+This option is used by the OpenSSL FIPS provider.
+
 =back
 
 =head1 RETURN VALUES
@@ -482,6 +499,8 @@ were added with OpenSSL 3.2.
 The functions OSSL_FUNC_keymgmt_gen_get_params() and
 OSSL_FUNC_keymgmt_gen_gettable_params() were added in OpenSSL 3.4.
 
+The parameters "sign-check" and "fips-indicator" were added in OpenSSL 3.4.
+
 =head1 COPYRIGHT
 
 Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 1a0a18b9328..7e084d62ee2 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -18,6 +18,8 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include "prov/providercommon.h"
+#include "prov/fipsindicator.h"
+#include "prov/fipscommon.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "crypto/dsa.h"
@@ -31,6 +33,8 @@ static OSSL_FUNC_keymgmt_gen_init_fn dsa_gen_init;
 static OSSL_FUNC_keymgmt_gen_set_template_fn dsa_gen_set_template;
 static OSSL_FUNC_keymgmt_gen_set_params_fn dsa_gen_set_params;
 static OSSL_FUNC_keymgmt_gen_settable_params_fn dsa_gen_settable_params;
+static OSSL_FUNC_keymgmt_gen_get_params_fn dsa_gen_get_params;
+static OSSL_FUNC_keymgmt_gen_gettable_params_fn dsa_gen_gettable_params;
 static OSSL_FUNC_keymgmt_gen_fn dsa_gen;
 static OSSL_FUNC_keymgmt_gen_cleanup_fn dsa_gen_cleanup;
 static OSSL_FUNC_keymgmt_load_fn dsa_load;
@@ -67,6 +71,7 @@ struct dsa_gen_ctx {
     char *mdprops;
     OSSL_CALLBACK *cb;
     void *cbarg;
+    OSSL_FIPS_IND_DECLARE
 };
 typedef struct dh_name2id_st{
     const char *name;
@@ -423,6 +428,7 @@ static void *dsa_gen_init(void *provctx, int selection,
         gctx->gindex = -1;
         gctx->pcounter = -1;
         gctx->hindex = 0;
+        OSSL_FIPS_IND_INIT(gctx)
     }
     if (!dsa_gen_set_params(gctx, params)) {
         OPENSSL_free(gctx);
@@ -468,6 +474,9 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
     if (params == NULL)
         return 1;
 
+    if (!OSSL_FIPS_IND_SET_CTX_PARAM(gctx, OSSL_FIPS_IND_SETTABLE0, params,
+                                     OSSL_PKEY_PARAM_FIPS_SIGN_CHECK))
+        return 0;
 
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
     if (p != NULL) {
@@ -542,11 +551,36 @@ static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx,
         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
+        OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_PKEY_PARAM_FIPS_SIGN_CHECK)
         OSSL_PARAM_END
     };
     return settable;
 }
 
+static int dsa_gen_get_params(void *genctx, OSSL_PARAM *params)
+{
+    struct dsa_gen_ctx *gctx = genctx;
+
+    if (gctx == NULL)
+        return 0;
+    if (params == NULL)
+        return 1;
+    if (!OSSL_FIPS_IND_GET_CTX_PARAM(gctx, params))
+        return 0;
+    return 1;
+}
+
+static const OSSL_PARAM *dsa_gen_gettable_params(ossl_unused void *ctx,
+                                                 ossl_unused void *provctx)
+{
+    static const OSSL_PARAM dsa_gen_gettable_params_table[] = {
+        OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
+        OSSL_PARAM_END
+    };
+
+    return dsa_gen_gettable_params_table;
+}
+
 static int dsa_gencb(int p, int n, BN_GENCB *cb)
 {
     struct dsa_gen_ctx *gctx = BN_GENCB_get_arg(cb);
@@ -568,6 +602,18 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
 
     if (!ossl_prov_is_running() || gctx == NULL)
         return NULL;
+
+#ifdef FIPS_MODULE
+    /*
+     * DSA signing is not approved in FIPS 140-3, so there is no
+     * need for DSA keygen either.
+     */
+    if (!OSSL_FIPS_IND_ON_UNAPPROVED(gctx, OSSL_FIPS_IND_SETTABLE0,
+                                     gctx->libctx, "DSA", "Keygen",
+                                     FIPS_dsa_sign_check))
+        return 0;
+#endif
+
     dsa = ossl_dsa_new(gctx->libctx);
     if (dsa == NULL)
         return NULL;
@@ -682,6 +728,9 @@ const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = {
     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dsa_gen_set_params },
     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
       (void (*)(void))dsa_gen_settable_params },
+    { OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS, (void (*)(void))dsa_gen_get_params },
+    { OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS,
+      (void (*)(void))dsa_gen_gettable_params },
     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dsa_gen },
     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dsa_gen_cleanup },
     { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dsa_load },
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
index 713dff3c262..8d59bbb6652 100644
--- a/util/perl/OpenSSL/paramnames.pm
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -395,6 +395,8 @@ my %params = (
     'PKEY_PARAM_EC_POINT_CONVERSION_FORMAT' => "point-format",
     'PKEY_PARAM_EC_GROUP_CHECK_TYPE' =>        "group-check",
     'PKEY_PARAM_EC_INCLUDE_PUBLIC' =>          "include-public",
+    'PKEY_PARAM_FIPS_SIGN_CHECK' =>            "sign-check",
+    'PKEY_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
 
 # Key Exchange parameters
     'EXCHANGE_PARAM_PAD' =>                   "pad",# uint
@@ -423,7 +425,7 @@ my %params = (
     'SIGNATURE_PARAM_CONTEXT_STRING' =>     "context-string",
     'SIGNATURE_PARAM_FIPS_DIGEST_CHECK' =>  '*PKEY_PARAM_FIPS_DIGEST_CHECK',
     'SIGNATURE_PARAM_FIPS_KEY_CHECK' =>     '*PKEY_PARAM_FIPS_KEY_CHECK',
-    'SIGNATURE_PARAM_FIPS_SIGN_CHECK' =>    "sign-check",
+    'SIGNATURE_PARAM_FIPS_SIGN_CHECK' =>    '*PKEY_PARAM_FIPS_SIGN_CHECK',
     'SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK' => "sign-x931-pad-check",
     'SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',