mirror of https://github.com/openssl/openssl
Add 'fips-securitychecks' option and plumb this into the actual fips checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
This commit is contained in:
parent
850a485f25
commit
7a810fac86
|
@ -421,6 +421,7 @@ my @disablables = (
|
|||
"external-tests",
|
||||
"filenames",
|
||||
"fips",
|
||||
"fips-securitychecks",
|
||||
"fuzz-libfuzzer",
|
||||
"fuzz-afl",
|
||||
"gost",
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
SUBDIRS=der
|
||||
|
||||
SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
|
||||
$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c
|
||||
SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c check_default.c
|
||||
SOURCE[../libfips.a]=$FIPSCOMMON check_fips.c
|
||||
$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
|
||||
securitycheck.c
|
||||
SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c securitycheck_default.c
|
||||
SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
|
||||
|
|
|
@ -1,188 +0,0 @@
|
|||
/*
|
||||
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/check.h"
|
||||
#include "prov/providercommonerr.h"
|
||||
|
||||
/*
|
||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
||||
* signing), and for legacy purposes 80 bits (for decryption or verifying).
|
||||
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
|
||||
*/
|
||||
int rsa_check_key(const RSA *rsa, int protect)
|
||||
{
|
||||
int sz = RSA_bits(rsa);
|
||||
|
||||
return protect ? (sz >= 2048) : (sz >= 1024);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/*
|
||||
* In FIPS mode:
|
||||
* protect should be 1 for any operations that need 112 bits of security
|
||||
* strength (such as signing, and key exchange), or 0 for operations that allow
|
||||
* a lower security strength (such as verify).
|
||||
*
|
||||
* For ECDH key agreement refer to SP800-56A
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
|
||||
* "Appendix D"
|
||||
*
|
||||
* For ECDSA signatures refer to
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
|
||||
* "Table 2"
|
||||
*/
|
||||
int ec_check_key(const EC_KEY *ec, int protect)
|
||||
{
|
||||
int nid, strength;
|
||||
const char *curve_name;
|
||||
const EC_GROUP *group = EC_KEY_get0_group(ec);
|
||||
|
||||
if (group == NULL) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
|
||||
return 0;
|
||||
}
|
||||
nid = EC_GROUP_get_curve_name(group);
|
||||
if (nid == NID_undef) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Explicit curves are not allowed in fips mode");
|
||||
return 0;
|
||||
}
|
||||
|
||||
curve_name = EC_curve_nid2nist(nid);
|
||||
if (curve_name == NULL) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Curve %s is not approved in FIPS mode", curve_name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* For EC the security strength is the (order_bits / 2)
|
||||
* e.g. P-224 is 112 bits.
|
||||
*/
|
||||
strength = EC_GROUP_order_bits(group) / 2;
|
||||
/* The min security strength allowed for legacy verification is 80 bits */
|
||||
if (strength < 80) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* For signing or key agreement only allow curves with at least 112 bits of
|
||||
* security strength
|
||||
*/
|
||||
if (protect && strength < 112) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Curve %s cannot be used for signing", curve_name);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
/*
|
||||
* Check for valid key sizes if fips mode. Refer to
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
|
||||
* "Table 2"
|
||||
*/
|
||||
int dsa_check_key(const DSA *dsa, int sign)
|
||||
{
|
||||
size_t L, N;
|
||||
const BIGNUM *p, *q;
|
||||
|
||||
if (dsa == NULL)
|
||||
return 0;
|
||||
|
||||
p = DSA_get0_p(dsa);
|
||||
q = DSA_get0_q(dsa);
|
||||
if (p == NULL || q == NULL)
|
||||
return 0;
|
||||
|
||||
L = BN_num_bits(p);
|
||||
N = BN_num_bits(q);
|
||||
|
||||
/*
|
||||
* Valid sizes or verification - Note this could be a fips186-2 type
|
||||
* key - so we allow 512 also. When this is no longer suppported the
|
||||
* lower bound should be increased to 1024.
|
||||
*/
|
||||
if (!sign)
|
||||
return (L >= 512 && N >= 160);
|
||||
|
||||
/* Valid sizes for both sign and verify */
|
||||
if (L == 2048 && (N == 224 || N == 256))
|
||||
return 1;
|
||||
return (L == 3072 && N == 256);
|
||||
}
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/*
|
||||
* For DH key agreement refer to SP800-56A
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
|
||||
* "Section 5.5.1.1FFC Domain Parameter Selection/Generation" and
|
||||
* "Appendix D" FFC Safe-prime Groups
|
||||
*/
|
||||
int dh_check_key(const DH *dh)
|
||||
{
|
||||
size_t L, N;
|
||||
const BIGNUM *p, *q;
|
||||
|
||||
if (dh == NULL)
|
||||
return 0;
|
||||
|
||||
p = DH_get0_p(dh);
|
||||
q = DH_get0_q(dh);
|
||||
if (p == NULL || q == NULL)
|
||||
return 0;
|
||||
|
||||
L = BN_num_bits(p);
|
||||
if (L < 2048)
|
||||
return 0;
|
||||
|
||||
/* If it is a safe prime group then it is ok */
|
||||
if (DH_get_nid(dh))
|
||||
return 1;
|
||||
|
||||
/* If not then it must be FFC, which only allows certain sizes. */
|
||||
N = BN_num_bits(q);
|
||||
|
||||
return (L == 2048 && (N == 224 || N == 256));
|
||||
}
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
|
||||
int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed)
|
||||
{
|
||||
int mdnid = digest_get_approved_nid(md);
|
||||
|
||||
if (mdnid == NID_sha1 && !sha1_allowed)
|
||||
mdnid = NID_undef;
|
||||
|
||||
return mdnid;
|
||||
}
|
||||
|
||||
int digest_is_allowed(const EVP_MD *md)
|
||||
{
|
||||
return (digest_get_approved_nid(md) != NID_undef);
|
||||
}
|
||||
|
||||
int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed)
|
||||
{
|
||||
return digest_get_approved_nid_with_sha1(md, sha1_allowed);
|
||||
}
|
|
@ -11,7 +11,7 @@
|
|||
#include <openssl/core_names.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/core.h>
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "internal/nelem.h"
|
||||
|
||||
/*
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/* Functions that have different implementations for the FIPS_MODULE */
|
||||
/* Functions that are common */
|
||||
int rsa_check_key(const RSA *rsa, int protect);
|
||||
int ec_check_key(const EC_KEY *ec, int protect);
|
||||
int dsa_check_key(const DSA *dsa, int sign);
|
||||
|
@ -15,8 +15,11 @@ int dh_check_key(const DH *dh);
|
|||
|
||||
int digest_is_allowed(const EVP_MD *md);
|
||||
int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed);
|
||||
int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed);
|
||||
|
||||
/* Functions that are common */
|
||||
int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
|
||||
int digest_get_approved_nid(const EVP_MD *md);
|
||||
|
||||
/* Functions that have different implementations for the FIPS_MODULE */
|
||||
int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed);
|
||||
int securitycheck_enabled(void);
|
|
@ -0,0 +1,209 @@
|
|||
/*
|
||||
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/securitycheck.h"
|
||||
#include "prov/providercommonerr.h"
|
||||
|
||||
/*
|
||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
||||
* signing), and for legacy purposes 80 bits (for decryption or verifying).
|
||||
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
|
||||
*/
|
||||
int rsa_check_key(const RSA *rsa, int protect)
|
||||
{
|
||||
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled()) {
|
||||
int sz = RSA_bits(rsa);
|
||||
|
||||
return protect ? (sz >= 2048) : (sz >= 1024);
|
||||
}
|
||||
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/*
|
||||
* In FIPS mode:
|
||||
* protect should be 1 for any operations that need 112 bits of security
|
||||
* strength (such as signing, and key exchange), or 0 for operations that allow
|
||||
* a lower security strength (such as verify).
|
||||
*
|
||||
* For ECDH key agreement refer to SP800-56A
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
|
||||
* "Appendix D"
|
||||
*
|
||||
* For ECDSA signatures refer to
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
|
||||
* "Table 2"
|
||||
*/
|
||||
int ec_check_key(const EC_KEY *ec, int protect)
|
||||
{
|
||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled()) {
|
||||
int nid, strength;
|
||||
const char *curve_name;
|
||||
const EC_GROUP *group = EC_KEY_get0_group(ec);
|
||||
|
||||
if (group == NULL) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
|
||||
return 0;
|
||||
}
|
||||
nid = EC_GROUP_get_curve_name(group);
|
||||
if (nid == NID_undef) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Explicit curves are not allowed in fips mode");
|
||||
return 0;
|
||||
}
|
||||
|
||||
curve_name = EC_curve_nid2nist(nid);
|
||||
if (curve_name == NULL) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Curve %s is not approved in FIPS mode", curve_name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* For EC the security strength is the (order_bits / 2)
|
||||
* e.g. P-224 is 112 bits.
|
||||
*/
|
||||
strength = EC_GROUP_order_bits(group) / 2;
|
||||
/* The min security strength allowed for legacy verification is 80 bits */
|
||||
if (strength < 80) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* For signing or key agreement only allow curves with at least 112 bits of
|
||||
* security strength
|
||||
*/
|
||||
if (protect && strength < 112) {
|
||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
||||
"Curve %s cannot be used for signing", curve_name);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return 1;
|
||||
}
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
/*
|
||||
* Check for valid key sizes if fips mode. Refer to
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
|
||||
* "Table 2"
|
||||
*/
|
||||
int dsa_check_key(const DSA *dsa, int sign)
|
||||
{
|
||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled()) {
|
||||
size_t L, N;
|
||||
const BIGNUM *p, *q;
|
||||
|
||||
if (dsa == NULL)
|
||||
return 0;
|
||||
|
||||
p = DSA_get0_p(dsa);
|
||||
q = DSA_get0_q(dsa);
|
||||
if (p == NULL || q == NULL)
|
||||
return 0;
|
||||
|
||||
L = BN_num_bits(p);
|
||||
N = BN_num_bits(q);
|
||||
|
||||
/*
|
||||
* Valid sizes or verification - Note this could be a fips186-2 type
|
||||
* key - so we allow 512 also. When this is no longer suppported the
|
||||
* lower bound should be increased to 1024.
|
||||
*/
|
||||
if (!sign)
|
||||
return (L >= 512 && N >= 160);
|
||||
|
||||
/* Valid sizes for both sign and verify */
|
||||
if (L == 2048 && (N == 224 || N == 256))
|
||||
return 1;
|
||||
return (L == 3072 && N == 256);
|
||||
}
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return 1;
|
||||
}
|
||||
#endif /* OPENSSL_NO_DSA */
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/*
|
||||
* For DH key agreement refer to SP800-56A
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
|
||||
* "Section 5.5.1.1FFC Domain Parameter Selection/Generation" and
|
||||
* "Appendix D" FFC Safe-prime Groups
|
||||
*/
|
||||
int dh_check_key(const DH *dh)
|
||||
{
|
||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled()) {
|
||||
size_t L, N;
|
||||
const BIGNUM *p, *q;
|
||||
|
||||
if (dh == NULL)
|
||||
return 0;
|
||||
|
||||
p = DH_get0_p(dh);
|
||||
q = DH_get0_q(dh);
|
||||
if (p == NULL || q == NULL)
|
||||
return 0;
|
||||
|
||||
L = BN_num_bits(p);
|
||||
if (L < 2048)
|
||||
return 0;
|
||||
|
||||
/* If it is a safe prime group then it is ok */
|
||||
if (DH_get_nid(dh))
|
||||
return 1;
|
||||
|
||||
/* If not then it must be FFC, which only allows certain sizes. */
|
||||
N = BN_num_bits(q);
|
||||
|
||||
return (L == 2048 && (N == 224 || N == 256));
|
||||
}
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return 1;
|
||||
}
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
|
||||
int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed)
|
||||
{
|
||||
int mdnid = digest_get_approved_nid(md);
|
||||
|
||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled()) {
|
||||
if (mdnid == NID_sha1 && !sha1_allowed)
|
||||
mdnid = NID_undef;
|
||||
}
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return mdnid;
|
||||
}
|
||||
|
||||
int digest_is_allowed(const EVP_MD *md)
|
||||
{
|
||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled())
|
||||
return (digest_get_approved_nid(md) != NID_undef);
|
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return 1;
|
||||
}
|
|
@ -13,44 +13,13 @@
|
|||
#include <openssl/core.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "internal/nelem.h"
|
||||
|
||||
int rsa_check_key(ossl_unused const RSA *rsa, ossl_unused int protect)
|
||||
/* Disable the security checks in the default provider */
|
||||
int securitycheck_enabled(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int ec_check_key(ossl_unused const EC_KEY *ec, ossl_unused int protect)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
int dsa_check_key(ossl_unused const DSA *dsa, ossl_unused int sign)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
int dh_check_key(const DH *dh)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int digest_is_allowed(ossl_unused const EVP_MD *md)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
int digest_get_approved_nid_with_sha1(const EVP_MD *md,
|
||||
ossl_unused int sha1_allowed)
|
||||
{
|
||||
return digest_get_approved_nid(md);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed)
|
||||
|
@ -65,8 +34,6 @@ int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed)
|
|||
{ NID_mdc2, OSSL_DIGEST_NAME_MDC2 },
|
||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
||||
};
|
||||
if (md == NULL)
|
||||
return NID_undef;
|
||||
|
||||
mdnid = digest_get_approved_nid_with_sha1(md, 1);
|
||||
if (mdnid == NID_undef)
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include "prov/securitycheck.h"
|
||||
#include "prov/providercommonerr.h"
|
||||
|
||||
int securitycheck_enabled(void)
|
||||
{
|
||||
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
/* TODO(3.0): make this configurable */
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
}
|
||||
|
||||
int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed)
|
||||
{
|
||||
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
if (securitycheck_enabled())
|
||||
return digest_get_approved_nid_with_sha1(md, sha1_allowed);
|
||||
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
||||
return digest_get_approved_nid(md);
|
||||
}
|
|
@ -29,7 +29,7 @@
|
|||
#include "prov/provider_ctx.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
#include "prov/providercommon.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "crypto/dh.h"
|
||||
|
||||
static OSSL_FUNC_keyexch_newctx_fn dh_newctx;
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
#include "prov/provider_ctx.h"
|
||||
#include "prov/providercommon.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
|
||||
|
||||
static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx;
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include "prov/implementations.h"
|
||||
#include "prov/providercommonerr.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "crypto/dsa.h"
|
||||
#include "prov/der_dsa.h"
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
#include "prov/providercommonerr.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "crypto/ec.h"
|
||||
#include "prov/der_ec.h"
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include "prov/implementations.h"
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/der_rsa.h"
|
||||
#include "prov/check.h"
|
||||
#include "prov/securitycheck.h"
|
||||
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||
|
||||
|
|
|
@ -3443,7 +3443,14 @@ start:
|
|||
}
|
||||
|
||||
for (pp++, i = 1; i < (t->s.numpairs - skip_availablein); pp++, i++) {
|
||||
if (strcmp(pp->key, "Availablein") == 0) {
|
||||
if (strcmp(pp->key, "Securitycheck") == 0) {
|
||||
#if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
||||
TEST_info("skipping, securitycheck is not available: %s:%d",
|
||||
t->s.test_file, t->s.start);
|
||||
t->skip = 1;
|
||||
return 0;
|
||||
#endif
|
||||
} else if (strcmp(pp->key, "Availablein") == 0) {
|
||||
TEST_info("Line %d: 'Availablein' should be the first option",
|
||||
t->s.curr);
|
||||
return 0;
|
||||
|
|
|
@ -21,9 +21,10 @@ use lib bldtop_dir('.');
|
|||
use platform;
|
||||
|
||||
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
my $no_check = disabled('fips-securitychecks');
|
||||
|
||||
plan tests =>
|
||||
($no_fips ? 0 : 2) # FIPS install test
|
||||
($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test
|
||||
+ 9;
|
||||
|
||||
my @prov = ( );
|
||||
|
@ -49,17 +50,19 @@ unless ($no_fips) {
|
|||
"fipsinstall");
|
||||
$ENV{OPENSSL_TEST_LIBCTX} = "1";
|
||||
|
||||
ok(!run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $msg_file,
|
||||
'-inkey', $small_key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-out', $enc1_file])),
|
||||
"RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
|
||||
unless ($no_check) {
|
||||
ok(!run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $msg_file,
|
||||
'-inkey', $small_key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-out', $enc1_file])),
|
||||
"RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
|
||||
}
|
||||
}
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
|
|
|
@ -294,6 +294,7 @@ Title = Fips Negative Tests (using different key sizes and digests)
|
|||
# Test sign with a 1024 bit key is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA256
|
||||
Securitycheck = 1
|
||||
Key = DSA-1024-FIPS186-2
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -301,6 +302,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Test sign with SHA1 is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA1
|
||||
Securitycheck = 1
|
||||
Key = DSA-2048
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -308,6 +310,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA256
|
||||
Securitycheck = 1
|
||||
Key = DSA-3072-224
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -315,6 +318,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Test sign with a 4096 bit key is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA256
|
||||
Securitycheck = 1
|
||||
Key = DSA-4096-256
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -172,6 +172,7 @@ Title = FIPS Negative tests (using different curves and digests)
|
|||
# Test that a explicit curve is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestVerify = SHA256
|
||||
Securitycheck = 1
|
||||
Key = EC_EXPLICIT
|
||||
Input = "Hello World"
|
||||
Result = DIGESTVERIFYINIT_ERROR
|
||||
|
@ -179,6 +180,7 @@ Result = DIGESTVERIFYINIT_ERROR
|
|||
# Test that a curve with < 112 bits is not allowed in fips mode for signing
|
||||
Availablein = fips
|
||||
DigestSign = SHA3-512
|
||||
Securitycheck = 1
|
||||
Key = B-163
|
||||
Input = "Hello World"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -186,6 +188,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Test that a non nist curve is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA3-512
|
||||
Securitycheck = 1
|
||||
Key = secp256k1
|
||||
Input = "Hello World"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
|
|
@ -52,6 +52,7 @@ SharedSecret=803d8ab2e5b6e6fca715737c3a82f7ce3c783124f6d51cd0
|
|||
|
||||
Availablein = fips
|
||||
Derive=KAS-ECC-CDH_P-192_C0
|
||||
Securitycheck = 1
|
||||
PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
|
||||
Result = DERIVE_SET_PEER_ERROR
|
||||
|
||||
|
|
|
@ -1297,6 +1297,7 @@ Output = 80382819f51b197c42f9fc02a85198683d918059afc013ae155992442563dd289700829
|
|||
# Signing with SHA1 is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA1
|
||||
Securitycheck = 1
|
||||
Key = RSA-2048
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -1304,6 +1305,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Signing with a 1024 bit key is not allowed in fips mode
|
||||
Availablein = fips
|
||||
DigestSign = SHA256
|
||||
Securitycheck = 1
|
||||
Key = RSA-1024
|
||||
Input = "Hello"
|
||||
Result = DIGESTSIGNINIT_ERROR
|
||||
|
@ -1311,6 +1313,7 @@ Result = DIGESTSIGNINIT_ERROR
|
|||
# Verifying with a legacy digest in fips mode is not allowed
|
||||
Availablein = fips
|
||||
DigestVerify = MD5
|
||||
Securitycheck = 1
|
||||
Key = RSA-2048
|
||||
Input = "Hello"
|
||||
Result = DIGESTVERIFYINIT_ERROR
|
||||
|
@ -1318,6 +1321,7 @@ Result = DIGESTVERIFYINIT_ERROR
|
|||
# Verifying with a key smaller than 1024 bits in fips mode is not allowed
|
||||
Availablein = fips
|
||||
DigestVerify = SHA256
|
||||
Securitycheck = 1
|
||||
Key = RSA-512
|
||||
Input = "Hello"
|
||||
Result = DIGESTVERIFYINIT_ERROR
|
||||
|
|
Loading…
Reference in New Issue