From 390f00a1e95f241b4a104c323020c7bc90d5e829 Mon Sep 17 00:00:00 2001 From: slontis Date: Wed, 31 Jul 2024 14:56:44 +1000 Subject: Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/25049) --- apps/fipsinstall.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'apps') diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 4d0f916879..237a0bba84 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -41,6 +41,7 @@ typedef enum OPTION_choice { OPT_TLS_PRF_EMS_CHECK, OPT_NO_SHORT_MAC, OPT_DISALLOW_PKCS15_PADDING, OPT_RSA_PSS_SALTLEN_CHECK, OPT_DISALLOW_SIGNATURE_X931_PADDING, + OPT_HMAC_KEY_CHECK, OPT_DISALLOW_DRGB_TRUNC_DIGEST, OPT_SIGNATURE_DIGEST_CHECK, OPT_HKDF_DIGEST_CHECK, @@ -89,6 +90,7 @@ const OPTIONS fipsinstall_options[] = { "Disallow truncated digests with Hash and HMAC DRBGs"}, {"signature_digest_check", OPT_SIGNATURE_DIGEST_CHECK, '-', "Enable checking for approved digests for signatures"}, + {"hmac_key_check", OPT_HMAC_KEY_CHECK, '-', "Enable key check for HMAC"}, {"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-', "Enable digest check for HKDF"}, {"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-', @@ -149,6 +151,7 @@ typedef struct { unsigned int self_test_onload : 1; unsigned int conditional_errors : 1; unsigned int security_checks : 1; + unsigned int hmac_key_check : 1; unsigned int tls_prf_ems_check : 1; unsigned int no_short_mac : 1; unsigned int drgb_no_trunc_dgst : 1; @@ -180,6 +183,7 @@ static const FIPS_OPTS pedantic_opts = { 1, /* self_test_onload */ 1, /* conditional_errors */ 1, /* security_checks */ + 1, /* hmac_key_check */ 1, /* tls_prf_ems_check */ 1, /* no_short_mac */ 1, /* drgb_no_trunc_dgst */ @@ -211,6 +215,7 @@ static FIPS_OPTS fips_opts = { 1, /* self_test_onload */ 1, /* conditional_errors */ 1, /* security_checks */ + 0, /* hmac_key_check */ 0, /* tls_prf_ems_check */ 0, /* no_short_mac */ 0, /* drgb_no_trunc_dgst */ @@ -354,6 +359,8 @@ static int write_config_fips_section(BIO *out, const char *section, opts->conditional_errors ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, opts->security_checks ? "1" : "0") <= 0 + || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK, + opts->hmac_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK, opts->tls_prf_ems_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_NO_SHORT_MAC, @@ -591,6 +598,9 @@ int fipsinstall_main(int argc, char **argv) goto end; fips_opts.security_checks = 0; break; + case OPT_HMAC_KEY_CHECK: + fips_opts.hmac_key_check = 1; + break; case OPT_TLS_PRF_EMS_CHECK: fips_opts.tls_prf_ems_check = 1; break; -- cgit v1.2.3