fix openssl-fips

aws · Jul 14, 2023 · 30a3ec4 · 30a3ec4
1 parent 5711035
commit 30a3ec4
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 4 deletions.
diff --git a/crypto/s2n_hmac.c b/crypto/s2n_hmac.c
@@ -79,11 +79,11 @@ int s2n_hmac_digest_size(s2n_hmac_algorithm hmac_alg, uint8_t *out)
 bool s2n_hmac_is_available(s2n_hmac_algorithm hmac_alg)
 {
     switch(hmac_alg) {
-    case S2N_HMAC_MD5:
     case S2N_HMAC_SSLv3_MD5:
     case S2N_HMAC_SSLv3_SHA1:
         /* Set is_available to 0 if in FIPS mode, as MD5/SSLv3 algs are not available in FIPS mode. */
         return !s2n_is_in_fips_mode();
+    case S2N_HMAC_MD5:
     case S2N_HMAC_NONE:
     case S2N_HMAC_SHA1:
     case S2N_HMAC_SHA224:
@@ -200,6 +200,18 @@ S2N_RESULT s2n_hmac_state_validate(struct s2n_hmac_state *state)
     return S2N_RESULT_OK;
 }
 
+int s2n_hmac_allow_md5_for_fips(struct s2n_hmac_state *state)
+{
+    POSIX_ENSURE_REF(state);
+
+    POSIX_GUARD(s2n_hash_allow_md5_for_fips(&state->inner));
+    POSIX_GUARD(s2n_hash_allow_md5_for_fips(&state->inner_just_key));
+    POSIX_GUARD(s2n_hash_allow_md5_for_fips(&state->outer));
+    POSIX_GUARD(s2n_hash_allow_md5_for_fips(&state->outer_just_key));
+
+    return S2N_SUCCESS;
+}
+
 int s2n_hmac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen)
 {
     POSIX_ENSURE_REF(state);

diff --git a/crypto/s2n_hmac.h b/crypto/s2n_hmac.h
@@ -67,6 +67,7 @@ int s2n_hash_hmac_alg(s2n_hash_algorithm hash_alg, s2n_hmac_algorithm *out);
 
 int s2n_hmac_new(struct s2n_hmac_state *state);
 S2N_RESULT s2n_hmac_state_validate(struct s2n_hmac_state *state);
+int s2n_hmac_allow_md5_for_fips(struct s2n_hmac_state *state);
 int s2n_hmac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen);
 int s2n_hmac_update(struct s2n_hmac_state *state, const void *in, uint32_t size);
 int s2n_hmac_digest(struct s2n_hmac_state *state, void *out, uint32_t size);

diff --git a/tests/sidetrail/working/patches/hmac.patch b/tests/sidetrail/working/patches/hmac.patch
@@ -12,7 +12,7 @@ index 3405781..3beeacf 100644
  #include <stdint.h>
 
  int s2n_hash_hmac_alg(s2n_hash_algorithm hash_alg, s2n_hmac_algorithm *out)
-@@ -270,7 +273,7 @@ int s2n_hmac_update(struct s2n_hmac_state *state, const void *in, uint32_t size)
+@@ -282,7 +285,7 @@ int s2n_hmac_update(struct s2n_hmac_state *state, const void *in, uint32_t size)
       */
      const uint32_t HIGHEST_32_BIT = 4294949760;
      POSIX_ENSURE(size <= (UINT32_MAX - HIGHEST_32_BIT), S2N_ERR_INTEGER_OVERFLOW);
@@ -21,7 +21,7 @@ index 3405781..3beeacf 100644
      POSIX_GUARD(s2n_add_overflow(state->currently_in_hash_block, value, &state->currently_in_hash_block));
      state->currently_in_hash_block %= state->hash_block_size;
 
-@@ -363,8 +366,8 @@ int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from)
+@@ -375,8 +378,8 @@ int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from)
      POSIX_GUARD(s2n_hash_copy(&to->outer_just_key, &from->outer_just_key));
 
 
@@ -32,7 +32,7 @@ index 3405781..3beeacf 100644
      POSIX_POSTCONDITION(s2n_hmac_state_validate(to));
      POSIX_POSTCONDITION(s2n_hmac_state_validate(from));
      return S2N_SUCCESS;
-@@ -374,28 +377,28 @@ int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from)
+@@ -386,28 +389,28 @@ int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from)
  /* Preserve the handlers for hmac state pointers to avoid re-allocation
   * Only valid if the HMAC is in EVP mode
   */

diff --git a/tests/sidetrail/working/s2n-cbc/stubs/s2n_hash.c b/tests/sidetrail/working/s2n-cbc/stubs/s2n_hash.c
@@ -49,6 +49,11 @@ S2N_RESULT s2n_hash_state_validate(struct s2n_hash_state *state)
     return S2N_RESULT_OK;
 }
 
+int s2n_hash_allow_md5_for_fips(struct s2n_hash_state *state)
+{
+    return SUCCESS;
+}
+
 int s2n_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg)
 {
   __VERIFIER_ASSUME_LEAKAGE(0);

diff --git a/tests/sidetrail/working/stubs/s2n_hash.c b/tests/sidetrail/working/stubs/s2n_hash.c
@@ -49,6 +49,11 @@ S2N_RESULT s2n_hash_state_validate(struct s2n_hash_state *state)
     return S2N_RESULT_OK;
 }
 
+int s2n_hash_allow_md5_for_fips(struct s2n_hash_state *state)
+{
+    return SUCCESS;
+}
+
 int s2n_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg)
 {
   __VERIFIER_ASSUME_LEAKAGE(0);

diff --git a/tests/unit/s2n_hmac_test.c b/tests/unit/s2n_hmac_test.c
@@ -118,6 +118,9 @@ int main(int argc, char **argv)
         uint8_t hmac_md5_size;
         POSIX_GUARD(s2n_hmac_digest_size(S2N_HMAC_MD5, &hmac_md5_size));
         EXPECT_EQUAL(hmac_md5_size, 16);
+        if (s2n_is_in_fips_mode()) {
+            EXPECT_SUCCESS(s2n_hmac_allow_md5_for_fips(&hmac));
+        }
         EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_MD5, sekrit, strlen((char *) sekrit)));
         EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *) hello)));
         EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));

diff --git a/tls/s2n_prf.c b/tls/s2n_prf.c
@@ -185,6 +185,11 @@ static int s2n_p_hash(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg,
 
     struct s2n_hmac_state *hmac = &ws->hmac;
 
+    /* Ignore the MD5 check when in FIPS mode */
+    if (s2n_is_in_fips_mode()) {
+        POSIX_GUARD(s2n_hmac_allow_md5_for_fips(hmac));
+    }
+
     /* First compute hmac(secret + A(0)) */
     POSIX_GUARD(s2n_hmac_init(hmac, alg, secret->data, secret->size));
     POSIX_GUARD(s2n_hmac_update(hmac, label->data, label->size));