Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
gnutls.33311
gnutls-pkcs12-tighten-algorithm-checks-under-FI...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch of Package gnutls.33311
From 7d8d8feb502ddb20a0d115fa3f63403c849a7168 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@gnu.org> Date: Thu, 10 Feb 2022 16:43:08 +0100 Subject: [PATCH 1/2] pkcs12: mark MAC generation and verification as FIPS non-approved Signed-off-by: Daiki Ueno <ueno@gnu.org> --- lib/x509/pkcs12.c | 39 +++++++++++++++++++++++++--- tests/pkcs12_encode.c | 59 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 4 deletions(-) Index: gnutls-3.7.3/lib/x509/pkcs12.c =================================================================== --- gnutls-3.7.3.orig/lib/x509/pkcs12.c +++ gnutls-3.7.3/lib/x509/pkcs12.c @@ -286,13 +286,26 @@ gnutls_pkcs12_export(gnutls_pkcs12_t pkc gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { + int ret; + if (pkcs12 == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12, - output_data, output_data_size); + ret = _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12, + output_data, output_data_size); + + if (ret < 0) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + } else { + /* PKCS#12 export is always non-approved, because the MAC + * calculation involves non-approved KDF (PKCS#12 KDF) and + * without MAC the protection is insufficient. + */ + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); + } + return ret; } /** @@ -317,13 +330,25 @@ int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12, gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) { + int ret; + if (pkcs12 == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int2(pkcs12->pkcs12, format, PEM_PKCS12, - out); + ret = _gnutls_x509_export_int2(pkcs12->pkcs12, format, PEM_PKCS12, + out); + if (ret < 0) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + } else { + /* PKCS#12 export is always non-approved, because the MAC + * calculation involves non-approved KDF (PKCS#12 KDF) and + * without MAC the protection is insufficient. + */ + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); + } + return ret; } static int oid2bag(const char *oid) @@ -1025,9 +1050,12 @@ int gnutls_pkcs12_generate_mac2(gnutls_p goto cleanup; } + /* _gnutls_pkcs12_string_to_key is not a FIPS approved operation */ + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); return 0; cleanup: + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); _gnutls_free_datum(&tmp); return result; } @@ -1203,8 +1231,11 @@ pkcs12_try_gost: goto cleanup; } + /* _gnutls_pkcs12_string_to_key is not a FIPS approved operation */ + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); result = 0; cleanup: + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); _gnutls_free_datum(&tmp); _gnutls_free_datum(&salt); return result; Index: gnutls-3.7.3/tests/pkcs12_encode.c =================================================================== --- gnutls-3.7.3.orig/tests/pkcs12_encode.c +++ gnutls-3.7.3/tests/pkcs12_encode.c @@ -70,6 +70,29 @@ static void tls_log_func(int level, cons fprintf(stderr, "|<%d>| %s", level, str); } +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ + } \ +} while (0) + void doit(void) { gnutls_pkcs12_t pkcs12; @@ -81,7 +104,17 @@ void doit(void) int ret, indx; char outbuf[10240]; size_t size; - unsigned tests, i; + unsigned i; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + size_t n_tests = 0; + struct tests { + const char *name; + gnutls_x509_crt_t crt; + const char *friendly_name; + unsigned bag_encrypt_flags; + int bag_encrypt_expected; + } tests[2]; if (gnutls_fips140_mode_enabled()) exit(77); @@ -96,6 +129,11 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + /* Read certs. */ ret = gnutls_x509_crt_init(&client); if (ret < 0) { @@ -130,21 +168,34 @@ void doit(void) exit(1); } - /* Generate and add PKCS#12 cert bags. */ - if (!gnutls_fips140_mode_enabled()) { - tests = 2; /* include RC2 */ + tests[n_tests].name = "3DES"; + tests[n_tests].crt = client; + tests[n_tests].friendly_name = "client"; + tests[n_tests].bag_encrypt_flags = GNUTLS_PKCS8_USE_PKCS12_3DES; + tests[n_tests].bag_encrypt_expected = 0; + n_tests++; + + tests[n_tests].name = "RC2-40"; + tests[n_tests].crt = ca; + tests[n_tests].friendly_name = "ca"; + tests[n_tests].bag_encrypt_flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + if (gnutls_fips140_mode_enabled()) { + tests[n_tests].bag_encrypt_expected = + GNUTLS_E_UNWANTED_ALGORITHM; } else { - tests = 1; + tests[n_tests].bag_encrypt_expected = 0; } + n_tests++; - for (i = 0; i < tests; i++) { + /* Generate and add PKCS#12 cert bags. */ + for (i = 0; i < n_tests; i++) { ret = gnutls_pkcs12_bag_init(&bag); if (ret < 0) { fprintf(stderr, "bag_init: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } - ret = gnutls_pkcs12_bag_set_crt(bag, i == 0 ? client : ca); + ret = gnutls_pkcs12_bag_set_crt(bag, tests[i].crt); if (ret < 0) { fprintf(stderr, "set_crt: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); @@ -153,16 +204,14 @@ void doit(void) indx = ret; ret = gnutls_pkcs12_bag_set_friendly_name(bag, indx, - i == - 0 ? "client" : - "ca"); + tests[i].friendly_name); if (ret < 0) { fprintf(stderr, "set_friendly_name: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } size = sizeof(key_id_buf); - ret = gnutls_x509_crt_get_key_id(i == 0 ? client : ca, 0, + ret = gnutls_x509_crt_get_key_id(tests[i].crt, 0, key_id_buf, &size); if (ret < 0) { fprintf(stderr, "get_key_id: %s (%d)\n", gnutls_strerror(ret), ret); @@ -179,14 +228,11 @@ void doit(void) } ret = gnutls_pkcs12_bag_encrypt(bag, "pass", - i == - 0 ? - GNUTLS_PKCS8_USE_PKCS12_3DES - : - GNUTLS_PKCS_USE_PKCS12_RC2_40); - if (ret < 0) { - fprintf(stderr, "bag_encrypt: %d: %s", ret, - i == 0 ? "3DES" : "RC2-40"); + tests[i].bag_encrypt_flags); + if (ret != tests[i].bag_encrypt_expected) { + fprintf(stderr, "bag_encrypt: returned %d, expected %d: %s", ret, + tests[i].bag_encrypt_expected, + tests[i].name); exit(1); } @@ -199,6 +245,8 @@ void doit(void) gnutls_pkcs12_bag_deinit(bag); } + FIPS_PUSH_CONTEXT(); + /* MAC the structure, export and print. */ ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA1, "pass"); if (ret < 0) { @@ -206,36 +254,60 @@ void doit(void) exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_pkcs12_verify_mac(pkcs12, "pass"); if (ret < 0) { fprintf(stderr, "verify_mac: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA256, "passwd"); if (ret < 0) { fprintf(stderr, "generate_mac2: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_pkcs12_verify_mac(pkcs12, "passwd"); if (ret < 0) { fprintf(stderr, "verify_mac2: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA512, "passwd1"); if (ret < 0) { fprintf(stderr, "generate_mac2: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_pkcs12_verify_mac(pkcs12, "passwd1"); if (ret < 0) { fprintf(stderr, "verify_mac2: %s (%d)\n", gnutls_strerror(ret), ret); exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + size = sizeof(outbuf); ret = gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_PEM, outbuf, @@ -245,10 +317,13 @@ void doit(void) exit(1); } + FIPS_POP_CONTEXT(NOT_APPROVED); + if (debug) fwrite(outbuf, size, 1, stdout); /* Cleanup. */ + gnutls_fips140_context_deinit(fips_context); gnutls_pkcs12_deinit(pkcs12); gnutls_x509_crt_deinit(client); gnutls_x509_crt_deinit(ca); Index: gnutls-3.7.3/lib/x509/pkcs7-crypt.c =================================================================== --- gnutls-3.7.3.orig/lib/x509/pkcs7-crypt.c +++ gnutls-3.7.3/lib/x509/pkcs7-crypt.c @@ -1130,8 +1130,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id gnutls_datum_t enc = { NULL, 0 }; uint8_t *key = NULL; gnutls_datum_t dkey, d_iv; - cipher_hd_st ch; - int ch_init = 0; + gnutls_cipher_hd_t ch = NULL; int key_size, ret; unsigned int pass_len = 0; const struct pkcs_cipher_schema_st *p; @@ -1237,8 +1236,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id d_iv.data = (uint8_t *) enc_params->iv; d_iv.size = enc_params->iv_size; - ret = - _gnutls_cipher_init(&ch, ce, &dkey, &d_iv, 0); + ret = gnutls_cipher_init(&ch, ce->id, &dkey, &d_iv); gnutls_free(key); @@ -1247,9 +1245,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id goto error; } - ch_init = 1; - - ret = _gnutls_cipher_decrypt(&ch, enc.data, enc.size); + ret = gnutls_cipher_decrypt(ch, enc.data, enc.size); if (ret < 0) { gnutls_assert(); ret = GNUTLS_E_DECRYPTION_FAILED; @@ -1281,7 +1277,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id decrypted_data->size = enc.size; } - _gnutls_cipher_deinit(&ch); + gnutls_cipher_deinit(ch); ret = 0; @@ -1294,8 +1290,9 @@ _gnutls_pkcs_raw_decrypt_data(schema_id gnutls_free(password); gnutls_free(enc.data); gnutls_free(key); - if (ch_init != 0) - _gnutls_cipher_deinit(&ch); + if (ch) { + gnutls_cipher_deinit(ch); + } return ret; } @@ -1725,8 +1722,7 @@ _gnutls_pkcs_raw_encrypt_data(const gnut int data_size; uint8_t *data = NULL; gnutls_datum_t d_iv; - cipher_hd_st ch; - int ch_init = 0; + gnutls_cipher_hd_t ch = NULL; uint8_t pad, pad_size; const cipher_entry_st *ce; @@ -1756,18 +1752,13 @@ _gnutls_pkcs_raw_encrypt_data(const gnut d_iv.data = (uint8_t *) enc_params->iv; d_iv.size = enc_params->iv_size; - result = - _gnutls_cipher_init(&ch, cipher_to_entry(enc_params->cipher), - key, &d_iv, 1); - + result = gnutls_cipher_init(&ch, enc_params->cipher, key, &d_iv); if (result < 0) { gnutls_assert(); goto error; } - ch_init = 1; - - result = _gnutls_cipher_encrypt(&ch, data, data_size); + result = gnutls_cipher_encrypt(ch, data, data_size); if (result < 0) { gnutls_assert(); goto error; @@ -1776,13 +1767,14 @@ _gnutls_pkcs_raw_encrypt_data(const gnut encrypted->data = data; encrypted->size = data_size; - _gnutls_cipher_deinit(&ch); + gnutls_cipher_deinit(ch); return 0; error: gnutls_free(data); - if (ch_init != 0) - _gnutls_cipher_deinit(&ch); + if (ch) { + gnutls_cipher_deinit(ch); + } return result; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor