NIIBE Yutaka <gni...@fsij.org> wrote:
> Let me apply and push the first two patches firstly. I'll push these
> two.
Done.
> For the third, it changes the behavior of gcry_pk_random_override_new
> (adding rejection) to require major changes in tests (of the fourth). I
> wonder if this is appropriate in 1.11. Let me consider for this.
I would like to apply the patch attached to introduce
GCRY_FIPS_FLAG_REJECT_PK_FLAGS. The intention is keeping the behavior
of 1.10, so that forthcoming 1.11.1 release won't break things with
existing applications.
Then, let me apply yours of:
[PATCH 3/4] cipher, visibility: Differentiate use of random-override in
the SLI
After that, let me fix it with GCRY_FIPS_FLAG_REJECT_PK_FLAGS, so that
your fourth patch is not needed for 1.11.
The idea here is that:
* For existing FIPS conscious applications with libgcrypt, it assumes
old API of static indicator; That is, use of
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC,
GCRYCTL_FIPS_SERVICE_INDICATOR_MD,
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF,
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION, and
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS. It has the behaviors of
rejecting non-compliant use in some places in supported functions,
but not for other places. It is OK with old API, non-supported
functions don't reject (like MD5 can be used).
* For new FIPS conscious applications, there are new API to check the
indicator. We are now introducing new API for 1.12, and
forward-compatible implementation in 1.11.
* Existing tests in tests/ are basically with old API (except
t-fips-service-ind). Update will be done in master for 1.12 after
1.11 branch will be created.
--
>From 0414e126b939f0b11ecf441908d923e87c1caf02 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gni...@fsij.org>
Date: Thu, 6 Mar 2025 08:57:51 +0900
Subject: [PATCH 1/4] fips,cipher: Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS.
* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_PK_FLAGS): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Keep the
behavior of 1.10.
* cipher/rsa.c (rsa_decrypt, rsa_sign): Likewise.
--
GnuPG-bug-id: 7338
Signed-off-by: NIIBE Yutaka <gni...@fsij.org>
---
cipher/pubkey-util.c | 2 +-
cipher/rsa.c | 4 ++--
src/gcrypt.h.in | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 9c927638..e7355569 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -202,7 +202,7 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
if (fips_mode () && igninvflag)
{
- if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_FLAGS))
rc = GPG_ERR_INV_FLAG;
else
fips_service_indicator_mark_non_compliant ();
diff --git a/cipher/rsa.c b/cipher/rsa.c
index dce76414..7e086df4 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1504,7 +1504,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
{
if (fips_mode ())
{
- if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_FLAGS))
{
rc = GPG_ERR_INV_FLAG;
goto leave;
@@ -1649,7 +1649,7 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
{
if (fips_mode ())
{
- if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_FLAGS))
{
rc = GPG_ERR_INV_FLAG;
goto leave;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index fe3db16a..a282268d 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1991,11 +1991,12 @@ char *gcry_get_config (int mode, const char *what);
#define GCRY_FIPS_FLAG_REJECT_CIPHER_MODE (1 << 8)
/**/
#define GCRY_FIPS_FLAG_REJECT_PK_ECC_K (1 << 10)
+#define GCRY_FIPS_FLAG_REJECT_PK_FLAGS (1 << 11)
#define GCRY_FIPS_FLAG_REJECT_MD \
(GCRY_FIPS_FLAG_REJECT_MD_MD5 | GCRY_FIPS_FLAG_REJECT_MD_OTHERS)
-/* Note: Don't reject MD5, PK MD, PK GOST and PK SM2 */
+/* Note: Don't reject MD5, PK MD, PK GOST, PK SM2, PK ECC K, and PK FLAGS */
#define GCRY_FIPS_FLAG_REJECT_COMPAT110 \
(GCRY_FIPS_FLAG_REJECT_MD_OTHERS \
| GCRY_FIPS_FLAG_REJECT_MAC \
--
2.39.5
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
