diff options
Diffstat (limited to 'crypto/openssl/providers/implementations/keymgmt')
7 files changed, 80 insertions, 14 deletions
diff --git a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c index c2ee8593557a..0e9e837383f2 100644 --- a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,10 +19,12 @@ #include <openssl/core_names.h> #include <openssl/bn.h> #include <openssl/err.h> +#include <openssl/self_test.h> #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/dh.h" +#include "internal/fips.h" #include "internal/sizes.h" static OSSL_FUNC_keymgmt_new_fn dh_newdata; @@ -440,7 +442,7 @@ static int dh_validate(const void *keydata, int selection, int checktype) if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) - ok = ok && ossl_dh_check_pairwise(dh); + ok = ok && ossl_dh_check_pairwise(dh, 0); return ok; } @@ -792,6 +794,15 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2); if (DH_generate_key(dh) <= 0) goto end; +#ifdef FIPS_MODULE + if (!ossl_fips_self_testing()) { + ret = ossl_dh_check_pairwise(dh, 0); + if (ret <= 0) { + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + goto end; + } + } +#endif /* FIPS_MODULE */ } DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, gctx->dh_type); diff --git a/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c index 9421aabb1455..a1d04bc3fdd3 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c @@ -20,12 +20,14 @@ #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/proverr.h> +#include <openssl/self_test.h> #include "crypto/bn.h" #include "crypto/ec.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "prov/securitycheck.h" +#include "internal/fips.h" #include "internal/param_build_set.h" #ifndef FIPS_MODULE @@ -1330,6 +1332,21 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx->group_check != NULL) ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check); +#ifdef FIPS_MODULE + if (ret > 0 + && !ossl_fips_self_testing() + && EC_KEY_get0_public_key(ec) != NULL + && EC_KEY_get0_private_key(ec) != NULL + && EC_KEY_get0_group(ec) != NULL) { + BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + + ret = bnctx != NULL && ossl_ec_key_pairwise_check(ec, bnctx); + BN_CTX_free(bnctx); + if (ret <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ + if (ret) return ec; err: diff --git a/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c index c2ac805ad1f6..0ebe8b4d59b1 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c @@ -17,6 +17,7 @@ #include <openssl/evp.h> #include <openssl/rand.h> #include <openssl/self_test.h> +#include "internal/fips.h" #include "internal/param_build_set.h" #include <openssl/param_build.h> #include "crypto/ecx.h" @@ -92,6 +93,15 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx); static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); #endif +#ifdef FIPS_MODULE +static int ecd_fips140_pairwise_test(const ECX_KEY *ecx, int type, int self_test); +#endif /* FIPS_MODULE */ + +static ossl_inline int ecx_key_type_is_ed(ECX_KEY_TYPE type) +{ + return type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448; +} + static void *x25519_new_key(void *provctx) { if (!ossl_prov_is_running()) @@ -703,8 +713,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) } #ifndef FIPS_MODULE if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { - if (gctx->type == ECX_KEY_TYPE_ED25519 - || gctx->type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(gctx->type)) goto err; if (!ossl_ecx_dhkem_derive_private(key, privkey, gctx->dhkem_ikm, gctx->dhkem_ikmlen)) @@ -968,7 +977,7 @@ static int ecx_validate(const void *keydata, int selection, int type, if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) return ok; - if (type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(type)) ok = ok && ecd_key_pairwise_check(ecx, type); else ok = ok && ecx_key_pairwise_check(ecx, type); diff --git a/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c index 53feeba4ac3d..6b99e093c6d5 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c @@ -268,6 +268,7 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[] { ML_DSA_KEY *key = keydata; int include_priv; + int res; if (!ossl_prov_is_running() || key == NULL) return 0; @@ -276,7 +277,17 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[] return 0; include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); - return ml_dsa_key_fromdata(key, params, include_priv); + res = ml_dsa_key_fromdata(key, params, include_priv); +#ifdef FIPS_MODULE + if (res > 0) { + res = ml_dsa_pairwise_test(key); + if (!res) { + ossl_ml_dsa_key_reset(key); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); + } + } +#endif /* FIPS_MODULE */ + return res; } #define ML_DSA_IMEXPORTABLE_PARAMETERS \ diff --git a/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c index 3936b6c3cd40..9b34fe1c0331 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c @@ -475,7 +475,7 @@ static int ml_kem_import(void *vkey, int selection, const OSSL_PARAM params[]) if (res > 0 && include_private && !ml_kem_pairwise_test(key, key->prov_flags)) { #ifdef FIPS_MODULE - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); #endif ossl_ml_kem_key_reset(key); res = 0; @@ -504,7 +504,7 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx) } #ifndef FIPS_MODULE -void *ml_kem_load(const void *reference, size_t reference_sz) +static void *ml_kem_load(const void *reference, size_t reference_sz) { ML_KEM_KEY *key = NULL; uint8_t *encoded_dk = NULL; diff --git a/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c index 77d095009421..cd74275d604b 100644 --- a/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c @@ -25,6 +25,7 @@ #include "prov/provider_ctx.h" #include "crypto/rsa.h" #include "crypto/cryptlib.h" +#include "internal/fips.h" #include "internal/param_build_set.h" static OSSL_FUNC_keymgmt_new_fn rsa_newdata; diff --git a/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c index cd2ebea72abb..721617229467 100644 --- a/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -11,6 +11,7 @@ #include <openssl/core_names.h> #include <openssl/param_build.h> #include <openssl/self_test.h> +#include <openssl/proverr.h> #include "crypto/slh_dsa.h" #include "internal/fips.h" #include "internal/param_build_set.h" @@ -18,6 +19,11 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" +#ifdef FIPS_MODULE +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx); +#endif /* FIPS_MODULE */ + static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key; static OSSL_FUNC_keymgmt_has_fn slh_dsa_has; static OSSL_FUNC_keymgmt_match_fn slh_dsa_match; @@ -281,9 +287,8 @@ static void *slh_dsa_gen_init(void *provctx, int selection, * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1 * Perform a pairwise test for SLH_DSA by signing and verifying a signature. */ -static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, - const SLH_DSA_KEY *key, - OSSL_LIB_CTX *lib_ctx) +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx) { int ret = 0; OSSL_SELF_TEST *st = NULL; @@ -293,15 +298,25 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, size_t msg_len = sizeof(msg); uint8_t *sig = NULL; size_t sig_len; + OSSL_LIB_CTX *lib_ctx; + int alloc_ctx = 0; /* During self test, it is a waste to do this test */ if (ossl_fips_self_testing()) return 1; + if (ctx == NULL) { + ctx = ossl_slh_dsa_hash_ctx_new(key); + if (ctx == NULL) + return 0; + alloc_ctx = 1; + } + lib_ctx = ossl_slh_dsa_key_get0_libctx(key); + OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg); st = OSSL_SELF_TEST_new(cb, cb_arg); if (st == NULL) - return 0; + goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, OSSL_SELF_TEST_DESC_PCT_SLH_DSA); @@ -322,6 +337,8 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, ret = 1; err: + if (alloc_ctx) + ossl_slh_dsa_hash_ctx_free(ctx); OPENSSL_free(sig); OSSL_SELF_TEST_onend(st, ret); OSSL_SELF_TEST_free(st); @@ -342,12 +359,12 @@ static void *slh_dsa_gen(void *genctx, const char *alg) return NULL; ctx = ossl_slh_dsa_hash_ctx_new(key); if (ctx == NULL) - return NULL; + goto err; if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx, gctx->entropy, gctx->entropy_len)) goto err; #ifdef FIPS_MODULE - if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) { + if (!slh_dsa_fips140_pairwise_test(key, ctx)) { ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); goto err; } |