isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch

3da501
From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
3da501
From: Clemens Lang <cllang@redhat.com>
3da501
Date: Thu, 17 Nov 2022 18:08:24 +0100
3da501
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
3da501
3da501
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
3da501
specifies key lengths < 112 bytes are disallowed for HMAC generation and
3da501
are legacy use for HMAC verification.
3da501
3da501
Add an explicit indicator that will mark shorter key lengths as
3da501
unsupported. The indicator can be queries from the EVP_MAC_CTX object
3da501
using EVP_MAC_CTX_get_params() with the
3da501
  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
3da501
parameter.
3da501
3da501
Signed-off-by: Clemens Lang <cllang@redhat.com>
3da501
---
3da501
 include/crypto/evp.h                       |  7 +++++++
3da501
 include/openssl/core_names.h               |  1 +
3da501
 include/openssl/evp.h                      |  3 +++
3da501
 providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
3da501
 4 files changed, 28 insertions(+)
3da501
3da501
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
3da501
index 76fb990de4..1e2240516e 100644
3da501
--- a/include/crypto/evp.h
3da501
+++ b/include/crypto/evp.h
3da501
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
3da501
 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
3da501
 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
3da501
 
3da501
+#ifdef FIPS_MODULE
3da501
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
3da501
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
3da501
+ * HMAC verification. */
3da501
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
3da501
+#endif
3da501
+
3da501
 struct evp_mac_st {
3da501
     OSSL_PROVIDER *prov;
3da501
     int name_id;
3da501
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
3da501
index c019afbbb0..94fab83193 100644
3da501
--- a/include/openssl/core_names.h
3da501
+++ b/include/openssl/core_names.h
3da501
@@ -173,6 +173,7 @@ extern "C" {
3da501
 #define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
3da501
 #define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
3da501
 #define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
3da501
+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
3da501
 
3da501
 /* Known MAC names */
3da501
 #define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
3da501
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
3da501
index 49e8e1df78..a5e78efd6e 100644
3da501
--- a/include/openssl/evp.h
3da501
+++ b/include/openssl/evp.h
3da501
@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
3da501
                             void *arg);
3da501
 
3da501
 /* MAC stuff */
3da501
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
3da501
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED     1
3da501
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
3da501
 
3da501
 EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
3da501
                        const char *properties);
3da501
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
3da501
index 52ebb08b8f..cf5c3ecbe7 100644
3da501
--- a/providers/implementations/macs/hmac_prov.c
3da501
+++ b/providers/implementations/macs/hmac_prov.c
3da501
@@ -21,6 +21,8 @@
3da501
 #include <openssl/evp.h>
3da501
 #include <openssl/hmac.h>
3da501
 
3da501
+#include "crypto/evp.h"
3da501
+
3da501
 #include "prov/implementations.h"
3da501
 #include "prov/provider_ctx.h"
3da501
 #include "prov/provider_util.h"
3da501
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
3da501
 static const OSSL_PARAM known_gettable_ctx_params[] = {
3da501
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
3da501
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
3da501
+#ifdef FIPS_MODULE
3da501
+    OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
3da501
+#endif /* defined(FIPS_MODULE) */
3da501
     OSSL_PARAM_END
3da501
 };
3da501
 static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
3da501
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
3da501
             && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
3da501
         return 0;
3da501
 
3da501
+#ifdef FIPS_MODULE
3da501
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
3da501
+        int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
3da501
+        /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
3da501
+         * specifies key lengths < 112 bytes are disallowed for HMAC generation
3da501
+         * and legacy use for HMAC verification. */
3da501
+        if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
3da501
+            fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
3da501
+        return OSSL_PARAM_set_int(p, fips_indicator);
3da501
+    }
3da501
+#endif /* defined(FIPS_MODULE) */
3da501
+
3da501
     return 1;
3da501
 }
3da501
 
3da501
-- 
3da501
2.38.1
3da501