Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15220)
master
Tomas Mraz 2 years ago
parent b5d984bf67
commit 6a2ab4a9c8

@ -34,7 +34,7 @@ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
}
/*
* Retrieve one of the FIPs approved hash algorithms by nid.
* Retrieve one of the FIPS approved hash algorithms by nid.
* See FIPS 180-4 "Secure Hash Standard" and FIPS 202 - SHA-3.
*/
int ossl_digest_get_approved_nid(const EVP_MD *md)

@ -16,6 +16,7 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign);
int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh);
int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md);
/* With security check enabled it can return -1 to indicate disallowed md */
int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
int sha1_allowed);

@ -231,8 +231,8 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
if (ossl_securitycheck_enabled(ctx)) {
if (mdnid == NID_sha1 && !sha1_allowed)
mdnid = NID_undef;
if (mdnid == NID_undef || (mdnid == NID_sha1 && !sha1_allowed))
mdnid = -1; /* disallowed by security checks */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
return mdnid;

@ -323,7 +323,7 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/comm
71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0 providers/common/provider_err.c
9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c
eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c
494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3 providers/common/securitycheck.c
ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e providers/common/securitycheck.c
50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789 providers/common/securitycheck_fips.c
5c31ba4eedb31e2509288be50280e0df58faa86fe4b5e99a1167a53fd6f3bd0f providers/fips/fipsprov.c
c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b providers/fips/self_test.c
@ -388,10 +388,10 @@ bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/impl
c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a providers/implementations/rands/drbg_hash.c
531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3 providers/implementations/rands/drbg_hmac.c
888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16 providers/implementations/rands/test_rng.c
a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858 providers/implementations/signature/dsa_sig.c
1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f providers/implementations/signature/ecdsa_sig.c
3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a providers/implementations/signature/dsa_sig.c
0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4 providers/implementations/signature/ecdsa_sig.c
8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e providers/implementations/signature/eddsa_sig.c
1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy_sig.c
25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2 providers/implementations/signature/rsa_sig.c
40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e providers/implementations/signature/rsa_sig.c
53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4 ssl/record/tls_pad.c
85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5 ssl/s3_cbc.c

@ -1 +1 @@
b388b982a3a40d326d76d89e0776aefea46084f936f1aed03293e057d5f2a6de providers/fips-sources.checksums
90d4616e33b95990f96dd2cb1798cae41e6591d5cb55a4f589307908fa699587 providers/fips-sources.checksums

@ -131,11 +131,11 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
sha1_allowed);
size_t mdname_len = strlen(mdname);
if (md == NULL || md_nid == NID_undef) {
if (md == NULL || md_nid < 0) {
if (md == NULL)
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
"%s could not be fetched", mdname);
if (md_nid == NID_undef)
if (md_nid < 0)
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
if (mdname_len >= sizeof(ctx->mdname))

@ -227,7 +227,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid == NID_undef) {
if (md_nid < 0) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
EVP_MD_free(md);

@ -289,13 +289,13 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
size_t mdname_len = strlen(mdname);
if (md == NULL
|| md_nid == NID_undef
|| md_nid <= 0
|| !rsa_check_padding(ctx, mdname, NULL, md_nid)
|| mdname_len >= sizeof(ctx->mdname)) {
if (md == NULL)
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
"%s could not be fetched", mdname);
if (md_nid == NID_undef)
if (md_nid <= 0)
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
if (mdname_len >= sizeof(ctx->mdname))
@ -344,9 +344,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
return 0;
}
/* The default for mgf1 is SHA1 - so allow SHA1 */
if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) == NID_undef
if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) <= 0
|| !rsa_check_padding(ctx, NULL, mdname, mdnid)) {
if (mdnid == NID_undef)
if (mdnid <= 0)
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
EVP_MD_free(md);

@ -97,11 +97,6 @@ Key = P-256-PUBLIC
Input = "Hello World"
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
# Invalid digest
DigestVerify = MD5
Key = P-256-PUBLIC
Result = DIGESTVERIFYINIT_ERROR
# Oneshot tests
OneShotDigestVerify = SHA256
Key = P-256-PUBLIC
@ -214,3 +209,10 @@ Securitycheck = 1
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Result = PKEY_CTRL_ERROR
# Invalid non-approved digest
Availablein = fips
DigestVerify = MD5
Securitycheck = 1
Key = P-256-PUBLIC
Result = DIGESTVERIFYINIT_ERROR

Loading…
Cancel
Save