diff options
Diffstat (limited to 'providers')
68 files changed, 4295 insertions, 1044 deletions
diff --git a/providers/baseprov.c b/providers/baseprov.c index 6b8de7cb36..d27fd28e2c 100644 --- a/providers/baseprov.c +++ b/providers/baseprov.c @@ -93,6 +93,9 @@ static const OSSL_ALGORITHM base_store[] = { static const OSSL_ALGORITHM base_rands[] = { { PROV_NAMES_SEED_SRC, "provider=base", ossl_seed_src_functions }, +#ifndef OPENSSL_NO_JITTER + { PROV_NAMES_JITTER, "provider=base", ossl_jitter_functions }, +#endif { NULL, NULL, NULL } }; diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h index 45ed248e99..2fd97bade8 100644 --- a/providers/common/include/prov/fipscommon.h +++ b/providers/common/include/prov/fipscommon.h @@ -12,6 +12,29 @@ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); +int FIPS_no_short_mac(OSSL_LIB_CTX *libctx); +int FIPS_hmac_key_check(OSSL_LIB_CTX *libctx); +int FIPS_kmac_key_check(OSSL_LIB_CTX *libctx); int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); - +int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_tls13_kdf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_tls1_prf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_sshkdf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_sskdf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_x963kdf_digest_check(OSSL_LIB_CTX *libctx); +int FIPS_dsa_sign_check(OSSL_LIB_CTX *libctx); +int FIPS_tdes_encrypt_check(OSSL_LIB_CTX *libctx); +int FIPS_rsa_pkcs15_padding_disabled(OSSL_LIB_CTX *libctx); +int FIPS_rsa_pss_saltlen_check(OSSL_LIB_CTX *libctx); +int FIPS_rsa_sign_x931_disallowed(OSSL_LIB_CTX *libctx); +int FIPS_hkdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_kbkdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_tls13_kdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_tls1_prf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_sshkdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_sskdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_x963kdf_key_check(OSSL_LIB_CTX *libctx); +int FIPS_pbkdf2_lower_bound_check(OSSL_LIB_CTX *libctx); +int FIPS_ecdh_cofactor_check(OSSL_LIB_CTX *libctx); #endif diff --git a/providers/common/include/prov/fipsindicator.h b/providers/common/include/prov/fipsindicator.h new file mode 100644 index 0000000000..8f97bc35d9 --- /dev/null +++ b/providers/common/include/prov/fipsindicator.h @@ -0,0 +1,150 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef FIPS_MODULE + +# include <openssl/core.h> /* OSSL_CALLBACK, OSSL_LIB_CTX */ +# include <openssl/indicator.h> +# include "crypto/types.h" +# include <openssl/ec.h> + +/* + * There may be multiple settables associated with an algorithm that allow + * overriding the default status. + * We associate an id with each of these. + */ +# define OSSL_FIPS_IND_SETTABLE0 0 +# define OSSL_FIPS_IND_SETTABLE1 1 +# define OSSL_FIPS_IND_SETTABLE2 2 +# define OSSL_FIPS_IND_SETTABLE3 3 +# define OSSL_FIPS_IND_SETTABLE4 4 +# define OSSL_FIPS_IND_SETTABLE5 5 +# define OSSL_FIPS_IND_SETTABLE6 6 +# define OSSL_FIPS_IND_SETTABLE7 7 +# define OSSL_FIPS_IND_SETTABLE_MAX (1 + OSSL_FIPS_IND_SETTABLE7) + +/* Each settable is in one of 3 states */ +#define OSSL_FIPS_IND_STATE_UNKNOWN -1 /* Initial unknown state */ +#define OSSL_FIPS_IND_STATE_STRICT 1 /* Strict enforcement */ +#define OSSL_FIPS_IND_STATE_TOLERANT 0 /* Relaxation of rules */ + +/* + * For each algorithm context there may be multiple checks that determine if + * the algorithm is approved or not. These checks may be in different stages. + * To keep it simple it is assumed that the algorithm is initially approved, + * and may be unapproved when each check happens. Once unapproved the operation + * will remain unapproved (otherwise we need to maintain state for each check). + * The approved state should only be queried after the operation has completed + * e.g. A digest final, or a KDF derive. + * + * If a FIPS approved check fails then we must decide what to do in this case. + * In strict mode we would just return an error. + * To override strict mode we either need to have a settable variable or have a + * fips config flag that overrides strict mode. + * If there are multiple checks, each one could possible have a different + * configurable item. Each configurable item can be overridden by a different + * settable. + */ +typedef struct ossl_fips_ind_st { + unsigned char approved; + signed char settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */ +} OSSL_FIPS_IND; + +typedef int (OSSL_FIPS_IND_CHECK_CB)(OSSL_LIB_CTX *libctx); + +int ossl_FIPS_IND_callback(OSSL_LIB_CTX *libctx, const char *type, + const char *desc); + +void ossl_FIPS_IND_init(OSSL_FIPS_IND *ind); +void ossl_FIPS_IND_set_approved(OSSL_FIPS_IND *ind); +void ossl_FIPS_IND_set_settable(OSSL_FIPS_IND *ind, int id, int enable); +int ossl_FIPS_IND_get_settable(const OSSL_FIPS_IND *ind, int id); +int ossl_FIPS_IND_on_unapproved(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const char *algname, const char *opname, + OSSL_FIPS_IND_CHECK_CB *config_check_fn); +int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id, + const OSSL_PARAM params[], const char *name); +int ossl_FIPS_IND_get_ctx_param(const OSSL_FIPS_IND *ind, + OSSL_PARAM params[]); +void ossl_FIPS_IND_copy(OSSL_FIPS_IND *dst, const OSSL_FIPS_IND *src); + +/* Place this in the algorithm ctx structure */ +# define OSSL_FIPS_IND_DECLARE OSSL_FIPS_IND indicator; +/* Call this to initialize the indicator */ +# define OSSL_FIPS_IND_INIT(ctx) ossl_FIPS_IND_init(&ctx->indicator); +/* + * Use the copy if an algorithm has a dup function that does not copy the src to + * the dst. + */ +# define OSSL_FIPS_IND_COPY(dst, src) ossl_FIPS_IND_copy(&dst->indicator, &src->indicator); + +/* + * Required for reset - since once something becomes unapproved it will remain + * unapproved unless this is used. This should be used in the init before + * params are set into the ctx & before any FIPS checks are done. + */ +# define OSSL_FIPS_IND_SET_APPROVED(ctx) ossl_FIPS_IND_set_approved(&ctx->indicator); +/* + * This should be called if a FIPS check fails, to indicate the operation is not approved + * If there is more than 1 strict check flag per algorithm ctx, the id represents + * the index. + */ +# define OSSL_FIPS_IND_ON_UNAPPROVED(ctx, id, libctx, algname, opname, config_check_fn) \ + ossl_FIPS_IND_on_unapproved(&ctx->indicator, id, libctx, algname, opname, config_check_fn) + +# define OSSL_FIPS_IND_SETTABLE_CTX_PARAM(name) \ + OSSL_PARAM_int(name, NULL), + +/* + * The id here must match the one used by OSSL_FIPS_IND_ON_UNAPPROVED + * The name must match the param used by OSSL_FIPS_IND_SETTABLE_CTX_PARAM + */ +# define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) \ + ossl_FIPS_IND_set_ctx_param(&((ctx)->indicator), id, params, name) + +# define OSSL_FIPS_IND_GETTABLE_CTX_PARAM() \ + OSSL_PARAM_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, NULL), + +# define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, prms) \ + ossl_FIPS_IND_get_ctx_param(&((ctx)->indicator), prms) + +# define OSSL_FIPS_IND_GET(ctx) (&((ctx)->indicator)) + +# define OSSL_FIPS_IND_GET_PARAM(ctx, p, settable, id, name) \ + *settable = ossl_FIPS_IND_get_settable(&((ctx)->indicator), id); \ + if (*settable != OSSL_FIPS_IND_STATE_UNKNOWN) \ + *p = OSSL_PARAM_construct_int(name, settable); + +int ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const RSA *rsa, const char *desc, int protect); +# ifndef OPENSSL_NO_EC +int ossl_fips_ind_ec_key_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const EC_GROUP *group, const char *desc, + int protect); +# endif +int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const EVP_MD *md, const char *desc); +int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + int nid, int sha1_allowed, + const char *desc, + OSSL_FIPS_IND_CHECK_CB *config_check_f); + +#else +# define OSSL_FIPS_IND_DECLARE +# define OSSL_FIPS_IND_INIT(ctx) +# define OSSL_FIPS_IND_SET_APPROVED(ctx) +# define OSSL_FIPS_IND_ON_UNAPPROVED(ctx, id, libctx, algname, opname, configopt_fn) +# define OSSL_FIPS_IND_SETTABLE_CTX_PARAM(name) +# define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) 1 +# define OSSL_FIPS_IND_GETTABLE_CTX_PARAM() +# define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params) 1 +# define OSSL_FIPS_IND_COPY(dst, src) + +#endif diff --git a/providers/common/include/prov/proverr.h b/providers/common/include/prov/proverr.h index 69e14465c7..34247ed2f7 100644 --- a/providers/common/include/prov/proverr.h +++ b/providers/common/include/prov/proverr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index 611c6d531b..a932c7771d 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,24 +8,34 @@ */ #include "crypto/types.h" +#include <openssl/ec.h> + +#ifdef FIPS_MODULE +# include "fipscommon.h" +#endif /* Functions that are common */ -int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation); -int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect); -int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign); -int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh); +int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect); +int ossl_rsa_check_key_size(const RSA *rsa, int protect); +int ossl_kdf_check_key_size(size_t keylen); +int ossl_mac_check_key_size(size_t keylen); -int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md); -/* With security check enabled it can return -1 to indicate disallowed md */ -int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); +#ifndef OPENSSL_NO_EC +int ossl_ec_check_curve_allowed(const EC_GROUP *group); +int ossl_ec_check_security_strength(const EC_GROUP *group, int protect); +#endif + +#ifndef OPENSSL_NO_DSA +int ossl_dsa_check_key(const DSA *dsa, int sign); +#endif + +#ifndef OPENSSL_NO_DH +int ossl_dh_check_key(const DH *dh); +#endif -/* Functions that are common */ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len); int ossl_digest_get_approved_nid(const EVP_MD *md); /* Functions that have different implementations for the FIPS_MODULE */ -int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); +int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md); int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx); -int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx); diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 611ec847cb..13b024ed9f 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,6 +29,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), "cipher operation failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_COFACTOR_REQUIRED), "cofactor required"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED), "derivation function init failed"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED), @@ -54,6 +55,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SIGN), "failed to sign"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FINAL_CALL_OUT_OF_ORDER), + "final call out of order"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR), "fips module conditional error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), @@ -65,6 +68,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "illegal or unsupported padding mode"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE), "indicator integrity failure"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INIT_CALL_OUT_OF_ORDER), + "init call out of order"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH), "insufficient drbg strength"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, @@ -153,6 +158,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "not xof or invalid length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ONESHOT_CALL_OUT_OF_ORDER), + "oneshot call out of order"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), @@ -208,6 +215,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "unsupported mac type"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS), "unsupported number of rounds"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UPDATE_CALL_OUT_OF_ORDER), + "update call out of order"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_URI_AUTHORITY_UNSUPPORTED), "uri authority unsupported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error"}, diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index 0d3acdbe56..fc22d5c3a0 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,45 @@ #include <openssl/core_names.h> #include <openssl/obj_mac.h> #include "prov/securitycheck.h" +#include "prov/fipsindicator.h" + +#define OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS 112 + +int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect) +{ + int protect = 0; + + switch (operation) { + case EVP_PKEY_OP_SIGN: + case EVP_PKEY_OP_SIGNMSG: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFY: + case EVP_PKEY_OP_VERIFYMSG: + break; + case EVP_PKEY_OP_ENCAPSULATE: + case EVP_PKEY_OP_ENCRYPT: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFYRECOVER: + case EVP_PKEY_OP_DECAPSULATE: + case EVP_PKEY_OP_DECRYPT: + if (RSA_test_flags(rsa, + RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSASSAPSS) { + ERR_raise_data(ERR_LIB_PROV, + PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, + "operation: %d", operation); + return 0; + } + break; + default: + ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, + "invalid operation: %d", operation); + return 0; + } + *outprotect = protect; + return 1; +} /* * FIPS requires a minimum security strength of 112 bits (for encryption or @@ -26,55 +65,46 @@ * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. */ -int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) +int ossl_rsa_check_key_size(const RSA *rsa, int protect) { - int protect = 0; + int sz = RSA_bits(rsa); - switch (operation) { - case EVP_PKEY_OP_SIGN: - protect = 1; - /* fallthrough */ - case EVP_PKEY_OP_VERIFY: - break; - case EVP_PKEY_OP_ENCAPSULATE: - case EVP_PKEY_OP_ENCRYPT: - protect = 1; - /* fallthrough */ - case EVP_PKEY_OP_VERIFYRECOVER: - case EVP_PKEY_OP_DECAPSULATE: - case EVP_PKEY_OP_DECRYPT: - if (RSA_test_flags(rsa, - RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSASSAPSS) { - ERR_raise_data(ERR_LIB_PROV, - PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, - "operation: %d", operation); - return 0; - } - break; - default: - ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, - "invalid operation: %d", operation); - return 0; - } + if (protect ? (sz < 2048) : (sz < 1024)) + return 0; + return 1; +} -#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - int sz = RSA_bits(rsa); +/* + * FIPS requires a minimum security strength of 112 bits for key-derivation key. |