1 |
jpp |
1.1 |
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Clemens Lang <cllang@redhat.com> |
3 |
|
|
Date: Fri, 22 Jul 2022 13:59:37 +0200 |
4 |
|
|
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed |
5 |
|
|
|
6 |
|
|
Review by our lab for FIPS 140-3 certification expects the RSA |
7 |
|
|
encryption and decryption tests to use a supported padding mode, not raw |
8 |
|
|
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. |
9 |
|
|
|
10 |
|
|
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A |
11 |
|
|
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be |
12 |
|
|
a known-answer test, a comparison test, or a fault-detection test. |
13 |
|
|
|
14 |
|
|
Comparison tests are not an option, because they would require |
15 |
|
|
a separate implementation of RSA-OAEP, which we do not have. Fault |
16 |
|
|
detection tests require implementing fault detection mechanisms into the |
17 |
|
|
cryptographic algorithm implementation, we we also do not have. |
18 |
|
|
|
19 |
|
|
As a consequence, a known-answer test must be used to test RSA |
20 |
|
|
encryption and decryption, but RSA encryption with OAEP padding is not |
21 |
|
|
deterministic, and thus encryption will always yield different results |
22 |
|
|
that could not be compared to known answers. For this reason, this |
23 |
|
|
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1), |
24 |
|
|
which is the source of randomness for RSA-OAEP, to a fixed value. This |
25 |
|
|
setting is only available during self-test execution, and the parameter |
26 |
|
|
set using EVP_PKEY_CTX_set_params() will be ignored otherwise. |
27 |
|
|
|
28 |
|
|
Signed-off-by: Clemens Lang <cllang@redhat.com> |
29 |
|
|
--- |
30 |
|
|
crypto/rsa/rsa_local.h | 8 ++ |
31 |
|
|
crypto/rsa/rsa_oaep.c | 34 ++++++-- |
32 |
|
|
include/openssl/core_names.h | 3 + |
33 |
|
|
providers/fips/self_test_data.inc | 83 +++++++++++-------- |
34 |
|
|
providers/fips/self_test_kats.c | 7 ++ |
35 |
|
|
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++- |
36 |
|
|
6 files changed, 133 insertions(+), 43 deletions(-) |
37 |
|
|
|
38 |
|
|
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h |
39 |
|
|
index ea70da05ad..dde57a1a0e 100644 |
40 |
|
|
--- a/crypto/rsa/rsa_local.h |
41 |
|
|
+++ b/crypto/rsa/rsa_local.h |
42 |
|
|
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to |
43 |
|
|
int tlen, const unsigned char *from, |
44 |
|
|
int flen); |
45 |
|
|
|
46 |
|
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, |
47 |
|
|
+ unsigned char *to, int tlen, |
48 |
|
|
+ const unsigned char *from, int flen, |
49 |
|
|
+ const unsigned char *param, |
50 |
|
|
+ int plen, const EVP_MD *md, |
51 |
|
|
+ const EVP_MD *mgf1md, |
52 |
|
|
+ const char *redhat_st_seed); |
53 |
|
|
+ |
54 |
|
|
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */ |
55 |
|
|
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c |
56 |
|
|
index d9be1a4f98..b2f7f7dc4b 100644 |
57 |
|
|
--- a/crypto/rsa/rsa_oaep.c |
58 |
|
|
+++ b/crypto/rsa/rsa_oaep.c |
59 |
|
|
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
60 |
|
|
param, plen, NULL, NULL); |
61 |
|
|
} |
62 |
|
|
|
63 |
|
|
+#ifdef FIPS_MODULE |
64 |
|
|
+extern int REDHAT_FIPS_asym_cipher_st; |
65 |
|
|
+#endif /* FIPS_MODULE */ |
66 |
|
|
+ |
67 |
|
|
/* |
68 |
|
|
* Perform the padding as per NIST 800-56B 7.2.2.3 |
69 |
|
|
* from (K) is the key material. |
70 |
|
|
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
71 |
|
|
* Step numbers are included here but not in the constant time inverse below |
72 |
|
|
* to avoid complicating an already difficult enough function. |
73 |
|
|
*/ |
74 |
|
|
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
75 |
|
|
- unsigned char *to, int tlen, |
76 |
|
|
- const unsigned char *from, int flen, |
77 |
|
|
- const unsigned char *param, |
78 |
|
|
- int plen, const EVP_MD *md, |
79 |
|
|
- const EVP_MD *mgf1md) |
80 |
|
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, |
81 |
|
|
+ unsigned char *to, int tlen, |
82 |
|
|
+ const unsigned char *from, int flen, |
83 |
|
|
+ const unsigned char *param, |
84 |
|
|
+ int plen, const EVP_MD *md, |
85 |
|
|
+ const EVP_MD *mgf1md, |
86 |
|
|
+ const char *redhat_st_seed) |
87 |
|
|
{ |
88 |
|
|
int rv = 0; |
89 |
|
|
int i, emlen = tlen - 1; |
90 |
|
|
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
91 |
|
|
db[emlen - flen - mdlen - 1] = 0x01; |
92 |
|
|
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); |
93 |
|
|
/* step 3d: generate random byte string */ |
94 |
|
|
+#ifdef FIPS_MODULE |
95 |
|
|
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { |
96 |
|
|
+ memcpy(seed, redhat_st_seed, mdlen); |
97 |
|
|
+ } else |
98 |
|
|
+#endif |
99 |
|
|
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) |
100 |
|
|
goto err; |
101 |
|
|
|
102 |
|
|
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
103 |
|
|
return rv; |
104 |
|
|
} |
105 |
|
|
|
106 |
|
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
107 |
|
|
+ unsigned char *to, int tlen, |
108 |
|
|
+ const unsigned char *from, int flen, |
109 |
|
|
+ const unsigned char *param, |
110 |
|
|
+ int plen, const EVP_MD *md, |
111 |
|
|
+ const EVP_MD *mgf1md) |
112 |
|
|
+{ |
113 |
|
|
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, |
114 |
|
|
+ flen, param, plen, md, |
115 |
|
|
+ mgf1md, NULL); |
116 |
|
|
+} |
117 |
|
|
+ |
118 |
|
|
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, |
119 |
|
|
const unsigned char *from, int flen, |
120 |
|
|
const unsigned char *param, int plen, |
121 |
|
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h |
122 |
|
|
index 59a6e79566..11216fb8f8 100644 |
123 |
|
|
--- a/include/openssl/core_names.h |
124 |
|
|
+++ b/include/openssl/core_names.h |
125 |
|
|
@@ -469,6 +469,9 @@ extern "C" { |
126 |
|
|
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" |
127 |
|
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" |
128 |
|
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" |
129 |
|
|
+#ifdef FIPS_MODULE |
130 |
|
|
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" |
131 |
|
|
+#endif |
132 |
|
|
|
133 |
|
|
/* |
134 |
|
|
* Encoder / decoder parameters |
135 |
|
|
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc |
136 |
|
|
index 4e30ec56dd..0103c87528 100644 |
137 |
|
|
--- a/providers/fips/self_test_data.inc |
138 |
|
|
+++ b/providers/fips/self_test_data.inc |
139 |
|
|
@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { |
140 |
|
|
ST_KAT_PARAM_END() |
141 |
|
|
}; |
142 |
|
|
|
143 |
|
|
-/*- |
144 |
|
|
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the |
145 |
|
|
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient |
146 |
|
|
- * HP/UX PA-RISC compilers. |
147 |
|
|
- */ |
148 |
|
|
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; |
149 |
|
|
- |
150 |
|
|
+/*- |
151 |
|
|
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the |
152 |
|
|
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient |
153 |
|
|
+ * HP/UX PA-RISC compilers. |
154 |
|
|
+ */ |
155 |
|
|
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; |
156 |
|
|
+static const char oaep_fixed_seed[] = { |
157 |
|
|
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, |
158 |
|
|
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, |
159 |
|
|
+ 0x2e, 0x4b, 0x2c, 0xe6 |
160 |
|
|
+}; |
161 |
|
|
+ |
162 |
|
|
static const ST_KAT_PARAM rsa_enc_params[] = { |
163 |
|
|
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), |
164 |
|
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), |
165 |
|
|
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, |
166 |
|
|
+ oaep_fixed_seed), |
167 |
|
|
ST_KAT_PARAM_END() |
168 |
|
|
}; |
169 |
|
|
|
170 |
|
|
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { |
171 |
|
|
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 |
172 |
|
|
}; |
173 |
|
|
|
174 |
|
|
-static const unsigned char rsa_asym_plaintext_encrypt[256] = { |
175 |
|
|
+static const unsigned char rsa_asym_plaintext_encrypt[208] = { |
176 |
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
177 |
|
|
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, |
178 |
|
|
}; |
179 |
|
|
static const unsigned char rsa_asym_expected_encrypt[256] = { |
180 |
|
|
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, |
181 |
|
|
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, |
182 |
|
|
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, |
183 |
|
|
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, |
184 |
|
|
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, |
185 |
|
|
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, |
186 |
|
|
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, |
187 |
|
|
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, |
188 |
|
|
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, |
189 |
|
|
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, |
190 |
|
|
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, |
191 |
|
|
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, |
192 |
|
|
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, |
193 |
|
|
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, |
194 |
|
|
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, |
195 |
|
|
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, |
196 |
|
|
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, |
197 |
|
|
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, |
198 |
|
|
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, |
199 |
|
|
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, |
200 |
|
|
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, |
201 |
|
|
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, |
202 |
|
|
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, |
203 |
|
|
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, |
204 |
|
|
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, |
205 |
|
|
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, |
206 |
|
|
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, |
207 |
|
|
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, |
208 |
|
|
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, |
209 |
|
|
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, |
210 |
|
|
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, |
211 |
|
|
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, |
212 |
|
|
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, |
213 |
|
|
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, |
214 |
|
|
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, |
215 |
|
|
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, |
216 |
|
|
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, |
217 |
|
|
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, |
218 |
|
|
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, |
219 |
|
|
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, |
220 |
|
|
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, |
221 |
|
|
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, |
222 |
|
|
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, |
223 |
|
|
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, |
224 |
|
|
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, |
225 |
|
|
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, |
226 |
|
|
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, |
227 |
|
|
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, |
228 |
|
|
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, |
229 |
|
|
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, |
230 |
|
|
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, |
231 |
|
|
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, |
232 |
|
|
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, |
233 |
|
|
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, |
234 |
|
|
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, |
235 |
|
|
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, |
236 |
|
|
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, |
237 |
|
|
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, |
238 |
|
|
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, |
239 |
|
|
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, |
240 |
|
|
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, |
241 |
|
|
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, |
242 |
|
|
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, |
243 |
|
|
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 |
244 |
|
|
}; |
245 |
|
|
|
246 |
|
|
#ifndef OPENSSL_NO_EC |
247 |
|
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c |
248 |
|
|
index 064794d9bf..b6d5e8e134 100644 |
249 |
|
|
--- a/providers/fips/self_test_kats.c |
250 |
|
|
+++ b/providers/fips/self_test_kats.c |
251 |
|
|
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
252 |
|
|
return ret; |
253 |
|
|
} |
254 |
|
|
|
255 |
|
|
+int REDHAT_FIPS_asym_cipher_st = 0; |
256 |
|
|
+ |
257 |
|
|
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
258 |
|
|
{ |
259 |
|
|
int i, ret = 1; |
260 |
|
|
|
261 |
|
|
+ REDHAT_FIPS_asym_cipher_st = 1; |
262 |
|
|
+ |
263 |
|
|
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { |
264 |
|
|
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) |
265 |
|
|
ret = 0; |
266 |
|
|
} |
267 |
|
|
+ |
268 |
|
|
+ REDHAT_FIPS_asym_cipher_st = 0; |
269 |
|
|
+ |
270 |
|
|
return ret; |
271 |
|
|
} |
272 |
|
|
|
273 |
|
|
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c |
274 |
|
|
index 00cf65fcd6..83be3d8ede 100644 |
275 |
|
|
--- a/providers/implementations/asymciphers/rsa_enc.c |
276 |
|
|
+++ b/providers/implementations/asymciphers/rsa_enc.c |
277 |
|
|
@@ -30,6 +30,9 @@ |
278 |
|
|
#include "prov/implementations.h" |
279 |
|
|
#include "prov/providercommon.h" |
280 |
|
|
#include "prov/securitycheck.h" |
281 |
|
|
+#ifdef FIPS_MODULE |
282 |
|
|
+# include "crypto/rsa/rsa_local.h" |
283 |
|
|
+#endif |
284 |
|
|
|
285 |
|
|
#include <stdlib.h> |
286 |
|
|
|
287 |
|
|
@@ -75,6 +78,9 @@ typedef struct { |
288 |
|
|
/* TLS padding */ |
289 |
|
|
unsigned int client_version; |
290 |
|
|
unsigned int alt_version; |
291 |
|
|
+#ifdef FIPS_MODULE |
292 |
|
|
+ char *redhat_st_oaep_seed; |
293 |
|
|
+#endif /* FIPS_MODULE */ |
294 |
|
|
} PROV_RSA_CTX; |
295 |
|
|
|
296 |
|
|
static void *rsa_newctx(void *provctx) |
297 |
|
|
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, |
298 |
|
|
return 0; |
299 |
|
|
} |
300 |
|
|
ret = |
301 |
|
|
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, |
302 |
|
|
+#ifdef FIPS_MODULE |
303 |
|
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( |
304 |
|
|
+#else |
305 |
|
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( |
306 |
|
|
+#endif |
307 |
|
|
+ prsactx->libctx, tbuf, |
308 |
|
|
rsasize, in, inlen, |
309 |
|
|
prsactx->oaep_label, |
310 |
|
|
prsactx->oaep_labellen, |
311 |
|
|
prsactx->oaep_md, |
312 |
|
|
- prsactx->mgf1_md); |
313 |
|
|
+ prsactx->mgf1_md |
314 |
|
|
+#ifdef FIPS_MODULE |
315 |
|
|
+ , prsactx->redhat_st_oaep_seed |
316 |
|
|
+#endif |
317 |
|
|
+ ); |
318 |
|
|
|
319 |
|
|
if (!ret) { |
320 |
|
|
OPENSSL_free(tbuf); |
321 |
|
|
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) |
322 |
|
|
EVP_MD_free(prsactx->oaep_md); |
323 |
|
|
EVP_MD_free(prsactx->mgf1_md); |
324 |
|
|
OPENSSL_free(prsactx->oaep_label); |
325 |
|
|
+#ifdef FIPS_MODULE |
326 |
|
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed); |
327 |
|
|
+#endif /* FIPS_MODULE */ |
328 |
|
|
|
329 |
|
|
OPENSSL_free(prsactx); |
330 |
|
|
} |
331 |
|
|
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { |
332 |
|
|
NULL, 0), |
333 |
|
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), |
334 |
|
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), |
335 |
|
|
+#ifdef FIPS_MODULE |
336 |
|
|
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), |
337 |
|
|
+#endif /* FIPS_MODULE */ |
338 |
|
|
OSSL_PARAM_END |
339 |
|
|
}; |
340 |
|
|
|
341 |
|
|
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, |
342 |
|
|
return known_gettable_ctx_params; |
343 |
|
|
} |
344 |
|
|
|
345 |
|
|
+#ifdef FIPS_MODULE |
346 |
|
|
+extern int REDHAT_FIPS_asym_cipher_st; |
347 |
|
|
+#endif /* FIPS_MODULE */ |
348 |
|
|
+ |
349 |
|
|
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) |
350 |
|
|
{ |
351 |
|
|
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; |
352 |
|
|
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) |
353 |
|
|
prsactx->oaep_labellen = tmp_labellen; |
354 |
|
|
} |
355 |
|
|
|
356 |
|
|
+#ifdef FIPS_MODULE |
357 |
|
|
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); |
358 |
|
|
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { |
359 |
|
|
+ void *tmp_oaep_seed = NULL; |
360 |
|
|
+ |
361 |
|
|
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) |
362 |
|
|
+ return 0; |
363 |
|
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed); |
364 |
|
|
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; |
365 |
|
|
+ } |
366 |
|
|
+#endif /* FIPS_MODULE */ |
367 |
|
|
+ |
368 |
|
|
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); |
369 |
|
|
if (p != NULL) { |
370 |
|
|
unsigned int client_version; |
371 |
|
|
-- |
372 |
|
|
2.37.1 |
373 |
|
|
|