isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch

3da501
From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
3da501
From: Clemens Lang <cllang@redhat.com>
3da501
Date: Thu, 17 Nov 2022 16:38:45 +0100
3da501
Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length
3da501
3da501
NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
3da501
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
3da501
length of the key-derivation key shall be at least 112 bits". It further
3da501
specifies that HMAC-based KDFs "with a key whose length is at least 112
3da501
bits" are acceptable.
3da501
3da501
Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
3da501
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
3da501
object using EVP_KDF_CTX_get_params() with the
3da501
  OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
3da501
parameter.
3da501
3da501
Signed-off-by: Clemens Lang <cllang@redhat.com>
3da501
---
3da501
 providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
3da501
 1 file changed, 26 insertions(+), 6 deletions(-)
3da501
3da501
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
3da501
index a542f84dfa..93a8a10537 100644
3da501
--- a/providers/implementations/kdfs/kbkdf.c
3da501
+++ b/providers/implementations/kdfs/kbkdf.c
3da501
@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
3da501
     OSSL_PARAM *p;
3da501
 
3da501
     p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
3da501
-    if (p == NULL)
3da501
-        return -2;
3da501
+    if (p != NULL)
3da501
+        /* KBKDF can produce results as large as you like. */
3da501
+        return OSSL_PARAM_set_size_t(p, SIZE_MAX);
3da501
+
3da501
+#ifdef FIPS_MODULE
3da501
+    p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
3da501
+    if (p != NULL) {
3da501
+        KBKDF *ctx = (KBKDF *)vctx;
3da501
+        int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
3da501
+        /* According to NIST Special Publication 800-131Ar2, Section 8:
3da501
+         * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
3da501
+         * the key-derivation key [i.e., the input key] shall be at least 112
3da501
+         * bits". */
3da501
+        if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
3da501
+            fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
3da501
+        return OSSL_PARAM_set_int(p, fips_indicator);
3da501
+    }
3da501
+#endif
3da501
 
3da501
-    /* KBKDF can produce results as large as you like. */
3da501
-    return OSSL_PARAM_set_size_t(p, SIZE_MAX);
3da501
+    return -2;
3da501
 }
3da501
 
3da501
 static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
3da501
                                                    ossl_unused void *provctx)
3da501
 {
3da501
-    static const OSSL_PARAM known_gettable_ctx_params[] =
3da501
-        { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
3da501
+    static const OSSL_PARAM known_gettable_ctx_params[] = {
3da501
+        OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
3da501
+#ifdef FIPS_MODULE
3da501
+        OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
3da501
+#endif /* defined(FIPS_MODULE) */
3da501
+        OSSL_PARAM_END
3da501
+    };
3da501
     return known_gettable_ctx_params;
3da501
 }
3da501
 
3da501
-- 
3da501
2.38.1
3da501