From ed6862328745c51c2afa2b6485cc3e275d543c4e Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 23 Sep 2024 12:57:22 +0100 Subject: [PATCH] fips: Prohibit SHA1 in DH & ECDH exchange See Section 5 Key Agreement Using Diffie-Hellman and MQV of [NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf). Strengths less than 112bits is disallowed, thus eliminating SHA1. Skip cms test case that requires use of SHA1 with X9.42 DH. Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check Add myself to Changes for fips indicator work Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/25517) --- CHANGES.md | 2 +- providers/common/securitycheck_fips.c | 9 +++---- providers/fips/include/fips/fipsindicator.h | 4 ++-- providers/implementations/exchange/dh_exch.c | 6 ++--- .../implementations/exchange/ecdh_exch.c | 6 ++--- test/recipes/80-test_cms.t | 24 ++++++++++++------- 6 files changed, 29 insertions(+), 22 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 69f9620e865a1..305296ac3edcd 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -83,7 +83,7 @@ OpenSSL 3.4 [fips_module(7)]: https://docs.openssl.org/master/man7/fips_module/#FIPS indicators - *Shane Lontis, Paul Dale and Po-Hsing Wu* + *Shane Lontis, Paul Dale, Po-Hsing Wu and Dimitri John Ledkov* * Added support for hardware acceleration for HMAC on S390x architecture. diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index 76d95d179c239..c02fa960c0969 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -78,11 +78,12 @@ int ossl_fips_ind_ec_key_check(OSSL_FIPS_IND *ind, int id, } #endif -int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, - OSSL_LIB_CTX *libctx, - const EVP_MD *md, const char *desc) +int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + const EVP_MD *md, const char *desc) { - int approved = (ossl_digest_get_approved_nid(md) != NID_undef); + int nid = ossl_digest_get_approved_nid(md); + int approved = (nid != NID_undef && nid != NID_sha1); if (!approved) { if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest", diff --git a/providers/fips/include/fips/fipsindicator.h b/providers/fips/include/fips/fipsindicator.h index 405b800dbcfd8..045d2108d549a 100644 --- a/providers/fips/include/fips/fipsindicator.h +++ b/providers/fips/include/fips/fipsindicator.h @@ -129,8 +129,8 @@ int ossl_fips_ind_ec_key_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, const EC_GROUP *group, const char *desc, int protect); # endif -int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, - const EVP_MD *md, const char *desc); +int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const EVP_MD *md, const char *desc); int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 19007cae9560c..b7fee87cc91a1 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -113,9 +113,9 @@ static int dh_check_key(PROV_DH_CTX *ctx) static int digest_check(PROV_DH_CTX *ctx, const EVP_MD *md) { - return ossl_fips_ind_digest_check(OSSL_FIPS_IND_GET(ctx), - OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md, "DH Set Ctx"); + return ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND_GET(ctx), + OSSL_FIPS_IND_SETTABLE1, ctx->libctx, + md, "DH Set Ctx"); } #endif diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 409d047453600..ee56c1c26c6e1 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -320,9 +320,9 @@ int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) return 0; } #ifdef FIPS_MODULE - if (!ossl_fips_ind_digest_check(OSSL_FIPS_IND_GET(pectx), - OSSL_FIPS_IND_SETTABLE1, pectx->libctx, - pectx->kdf_md, "ECDH Set Ctx")) { + if (!ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND_GET(pectx), + OSSL_FIPS_IND_SETTABLE1, pectx->libctx, + pectx->kdf_md, "ECDH Set Ctx")) { EVP_MD_free(pectx->kdf_md); pectx->kdf_md = NULL; return 0; diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index f060f47c12560..9ee474fd807bc 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -647,18 +647,24 @@ my @smime_cms_param_tests = ( [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare - ], - - [ "enveloped content test streaming S/MIME format, X9.42 DH", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "{output}.cms", "-out", "{output}.txt" ], - \&final_compare ] ); +if ($no_fips || $old_fips) { + # Only SHA1 supported in dh_cms_encrypt() + push(@smime_cms_param_tests, + + [ "enveloped content test streaming S/MIME format, X9.42 DH", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ] + ); +} + my @smime_cms_param_tests_autodigestmax = ( [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize < maximum salt length", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",