openssl3/contribs10/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch

From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 18:08:24 +0100
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length

NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
specifies key lengths < 112 bytes are disallowed for HMAC generation and
are legacy use for HMAC verification.

Add an explicit indicator that will mark shorter key lengths as
unsupported. The indicator can be queries from the EVP_MAC_CTX object
using EVP_MAC_CTX_get_params() with the
  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 include/crypto/evp.h                       |  7 +++++++
 include/openssl/core_names.h               |  1 +
 include/openssl/evp.h                      |  3 +++
 providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
 4 files changed, 28 insertions(+)

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 76fb990de4..1e2240516e 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
 
+#ifdef FIPS_MODULE
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
+ * HMAC verification. */
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
+#endif
+
 struct evp_mac_st {
     OSSL_PROVIDER *prov;
     int name_id;
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index c019afbbb0..94fab83193 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -173,6 +173,7 @@ extern "C" {
 #define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
 #define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
 #define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
 
 /* Known MAC names */
 #define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 49e8e1df78..a5e78efd6e 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
                             void *arg);
 
 /* MAC stuff */
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED     1
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
 
 EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
                        const char *properties);
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 52ebb08b8f..cf5c3ecbe7 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -21,6 +21,8 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#include "crypto/evp.h"
+
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
+#ifdef FIPS_MODULE
+    OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
+#endif /* defined(FIPS_MODULE) */
     OSSL_PARAM_END
 };
 static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
             && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
         return 0;
 
+#ifdef FIPS_MODULE
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
+        int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
+        /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
+         * specifies key lengths < 112 bytes are disallowed for HMAC generation
+         * and legacy use for HMAC verification. */
+        if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
+            fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
+        return OSSL_PARAM_set_int(p, fips_indicator);
+    }
+#endif /* defined(FIPS_MODULE) */
+
     return 1;
 }
 
-- 
2.38.1

1	From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
2	From: Clemens Lang <cllang@redhat.com>
3	Date: Thu, 17 Nov 2022 18:08:24 +0100
4	Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
5
6	NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
7	specifies key lengths < 112 bytes are disallowed for HMAC generation and
8	are legacy use for HMAC verification.
9
10	Add an explicit indicator that will mark shorter key lengths as
11	unsupported. The indicator can be queries from the EVP_MAC_CTX object
12	using EVP_MAC_CTX_get_params() with the
13	OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
14	parameter.
15
16	Signed-off-by: Clemens Lang <cllang@redhat.com>
17	---
18	include/crypto/evp.h \| 7 +++++++
19	include/openssl/core_names.h \| 1 +
20	include/openssl/evp.h \| 3 +++
21	providers/implementations/macs/hmac_prov.c \| 17 +++++++++++++++++
22	4 files changed, 28 insertions(+)
23
24	diff --git a/include/crypto/evp.h b/include/crypto/evp.h
25	index 76fb990de4..1e2240516e 100644
26	--- a/include/crypto/evp.h
27	+++ b/include/crypto/evp.h
28	@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
29	const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
30	const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
31
32	+#ifdef FIPS_MODULE
33	+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
34	+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
35	+ * HMAC verification. */
36	+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
37	+#endif
38	+
39	struct evp_mac_st {
40	OSSL_PROVIDER *prov;
41	int name_id;
42	diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
43	index c019afbbb0..94fab83193 100644
44	--- a/include/openssl/core_names.h
45	+++ b/include/openssl/core_names.h
46	@@ -173,6 +173,7 @@ extern "C" {
47	#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
48	#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
49	#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
50	+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
51
52	/* Known MAC names */
53	#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
54	diff --git a/include/openssl/evp.h b/include/openssl/evp.h
55	index 49e8e1df78..a5e78efd6e 100644
56	--- a/include/openssl/evp.h
57	+++ b/include/openssl/evp.h
58	@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
59	void *arg);
60
61	/* MAC stuff */
62	+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
63	+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1
64	+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
65
66	EVP_MAC EVP_MAC_fetch(OSSL_LIB_CTX libctx, const char *algorithm,
67	const char *properties);
68	diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
69	index 52ebb08b8f..cf5c3ecbe7 100644
70	--- a/providers/implementations/macs/hmac_prov.c
71	+++ b/providers/implementations/macs/hmac_prov.c
72	@@ -21,6 +21,8 @@
73	#include <openssl/evp.h>
74	#include <openssl/hmac.h>
75
76	+#include "crypto/evp.h"
77	+
78	#include "prov/implementations.h"
79	#include "prov/provider_ctx.h"
80	#include "prov/provider_util.h"
81	@@ -244,6 +246,9 @@ static int hmac_final(void vmacctx, unsigned char out, size_t *outl,
82	static const OSSL_PARAM known_gettable_ctx_params[] = {
83	OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
84	OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
85	+#ifdef FIPS_MODULE
86	+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
87	+#endif /* defined(FIPS_MODULE) */
88	OSSL_PARAM_END
89	};
90	static const OSSL_PARAM hmac_gettable_ctx_params(ossl_unused void ctx,
91	@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
92	&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
93	return 0;
94
95	+#ifdef FIPS_MODULE
96	+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
97	+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
98	+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
99	+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
100	+ * and legacy use for HMAC verification. */
101	+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
102	+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
103	+ return OSSL_PARAM_set_int(p, fips_indicator);
104	+ }
105	+#endif /* defined(FIPS_MODULE) */
106	+
107	return 1;
108	}
109
110	--
111	2.38.1
112