The branch master has been updated via 6a2ab4a9c81c676570e849e474ce64f8c2dee2a9 (commit) from b5d984bf67ba7bb5723a61f73cca89c1f86009ce (commit)
- Log ----------------------------------------------------------------- commit 6a2ab4a9c81c676570e849e474ce64f8c2dee2a9 Author: Tomas Mraz <to...@openssl.org> Date: Mon May 10 16:51:39 2021 +0200 Allow arbitrary digests with ECDSA and DSA Unless the FIPS security check is enabled we allow arbitrary digests with ECDSA and DSA. Fixes #14696 Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15220) ----------------------------------------------------------------------- Summary of changes: providers/common/digest_to_nid.c | 2 +- providers/common/include/prov/securitycheck.h | 1 + providers/common/securitycheck.c | 4 ++-- providers/fips-sources.checksums | 8 ++++---- providers/fips.checksum | 2 +- providers/implementations/signature/dsa_sig.c | 4 ++-- providers/implementations/signature/ecdsa_sig.c | 2 +- providers/implementations/signature/rsa_sig.c | 8 ++++---- test/recipes/30-test_evp_data/evppkey_ecdsa.txt | 12 +++++++----- 9 files changed, 23 insertions(+), 20 deletions(-) diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c index 96c5e4e38b..49af04ad2a 100644 --- a/providers/common/digest_to_nid.c +++ b/providers/common/digest_to_nid.c @@ -34,7 +34,7 @@ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len) } /* - * Retrieve one of the FIPs approved hash algorithms by nid. + * Retrieve one of the FIPS approved hash algorithms by nid. * See FIPS 180-4 "Secure Hash Standard" and FIPS 202 - SHA-3. */ int ossl_digest_get_approved_nid(const EVP_MD *md) diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index 7635c24973..4a7f85f711 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -16,6 +16,7 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign); int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh); int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md); +/* With security check enabled it can return -1 to indicate disallowed md */ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, int sha1_allowed); diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index 4f36ce4593..699ada7c52 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -231,8 +231,8 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) { - if (mdnid == NID_sha1 && !sha1_allowed) - mdnid = NID_undef; + if (mdnid == NID_undef || (mdnid == NID_sha1 && !sha1_allowed)) + mdnid = -1; /* disallowed by security checks */ } # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return mdnid; diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 13b1d901ca..dd8ae28a44 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -323,7 +323,7 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/comm 71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0 providers/common/provider_err.c 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c -494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3 providers/common/securitycheck.c +ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e providers/common/securitycheck.c 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789 providers/common/securitycheck_fips.c 5c31ba4eedb31e2509288be50280e0df58faa86fe4b5e99a1167a53fd6f3bd0f providers/fips/fipsprov.c c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b providers/fips/self_test.c @@ -388,10 +388,10 @@ bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/impl c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a providers/implementations/rands/drbg_hash.c 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3 providers/implementations/rands/drbg_hmac.c 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16 providers/implementations/rands/test_rng.c -a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858 providers/implementations/signature/dsa_sig.c -1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f providers/implementations/signature/ecdsa_sig.c +3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a providers/implementations/signature/dsa_sig.c +0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4 providers/implementations/signature/ecdsa_sig.c 8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e providers/implementations/signature/eddsa_sig.c 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy_sig.c -25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2 providers/implementations/signature/rsa_sig.c +40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e providers/implementations/signature/rsa_sig.c 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4 ssl/record/tls_pad.c 85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5 ssl/s3_cbc.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 99a3468e9b..642611c889 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -b388b982a3a40d326d76d89e0776aefea46084f936f1aed03293e057d5f2a6de providers/fips-sources.checksums +90d4616e33b95990f96dd2cb1798cae41e6591d5cb55a4f589307908fa699587 providers/fips-sources.checksums diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index dde689903d..23e000db4c 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -131,11 +131,11 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, sha1_allowed); size_t mdname_len = strlen(mdname); - if (md == NULL || md_nid == NID_undef) { + if (md == NULL || md_nid < 0) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "%s could not be fetched", mdname); - if (md_nid == NID_undef) + if (md_nid < 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); if (mdname_len >= sizeof(ctx->mdname)) diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 8c4648106f..a4297d1903 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -227,7 +227,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, sha1_allowed); - if (md_nid == NID_undef) { + if (md_nid < 0) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); EVP_MD_free(md); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 16025bffc0..abd3b1a77b 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -289,13 +289,13 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, size_t mdname_len = strlen(mdname); if (md == NULL - || md_nid == NID_undef + || md_nid <= 0 || !rsa_check_padding(ctx, mdname, NULL, md_nid) || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "%s could not be fetched", mdname); - if (md_nid == NID_undef) + if (md_nid <= 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); if (mdname_len >= sizeof(ctx->mdname)) @@ -344,9 +344,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, return 0; } /* The default for mgf1 is SHA1 - so allow SHA1 */ - if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) == NID_undef + if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) <= 0 || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { - if (mdnid == NID_undef) + if (mdnid <= 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); EVP_MD_free(md); diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt index 9297bb2d21..f36982845d 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -97,11 +97,6 @@ Key = P-256-PUBLIC Input = "Hello World" Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 -# Invalid digest -DigestVerify = MD5 -Key = P-256-PUBLIC -Result = DIGESTVERIFYINIT_ERROR - # Oneshot tests OneShotDigestVerify = SHA256 Key = P-256-PUBLIC @@ -214,3 +209,10 @@ Securitycheck = 1 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Result = PKEY_CTRL_ERROR + +# Invalid non-approved digest +Availablein = fips +DigestVerify = MD5 +Securitycheck = 1 +Key = P-256-PUBLIC +Result = DIGESTVERIFYINIT_ERROR