From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Wed, 18 May 2022 17:25:59 +0200 Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider For RHEL, we already disable SHA-1 signatures by default in the default provider, so it is unexpected that the FIPS provider would have a more lenient configuration in this regard. Additionally, we do not think continuing to accept SHA-1 signatures is a good idea due to the published chosen-prefix collision attacks. As a consequence, disable verification of SHA-1 signatures in the FIPS provider. This requires adjusting a few tests that would otherwise fail: - 30-test_acvp: Remove the test vectors that use SHA-1. - 30-test_evp: Mark tests in evppkey_rsa_common.txt and evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default", which will not run them when the FIPS provider is enabled. - 80-test_cms: Re-create all certificates in test/smime-certificates with SHA256 signatures while keeping the same private keys. These certificates were signed with SHA-1 and thus fail verification in the FIPS provider. Fix some other tests by explicitly running them in the default provider, where SHA-1 is available. - 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with the FIPS provider. Signed-off-by: Clemens Lang --- providers/implementations/signature/dsa_sig.c | 4 -- .../implementations/signature/ecdsa_sig.c | 4 -- providers/implementations/signature/rsa_sig.c | 8 +-- test/acvp_test.inc | 20 ------- .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++ .../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++- test/recipes/80-test_cms.t | 4 +- test/recipes/80-test_ssl_old.t | 4 ++ test/smime-certs/smdh.pem | 18 +++--- test/smime-certs/smdsa1.pem | 60 +++++++++---------- test/smime-certs/smdsa2.pem | 60 +++++++++---------- test/smime-certs/smdsa3.pem | 60 +++++++++---------- test/smime-certs/smec1.pem | 30 +++++----- test/smime-certs/smec2.pem | 30 +++++----- test/smime-certs/smec3.pem | 30 +++++----- test/smime-certs/smroot.pem | 38 ++++++------ test/smime-certs/smrsa1.pem | 38 ++++++------ test/smime-certs/smrsa2.pem | 38 ++++++------ test/smime-certs/smrsa3.pem | 38 ++++++------ 19 files changed, 286 insertions(+), 256 deletions(-) Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c =================================================================== --- openssl-3.1.4.orig/providers/implementations/signature/dsa_sig.c +++ openssl-3.1.4/providers/implementations/signature/dsa_sig.c @@ -127,11 +127,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid; size_t mdname_len = strlen(mdname); -#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -#else int sha1_allowed = 0; -#endif md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, sha1_allowed); Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c =================================================================== --- openssl-3.1.4.orig/providers/implementations/signature/ecdsa_sig.c +++ openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c @@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX "%s could not be fetched", mdname); return 0; } -#ifdef FIPS_MODULE - sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -#else sha1_allowed = 0; -#endif md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, sha1_allowed); if (md_nid < 0) { Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c =================================================================== --- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c +++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c @@ -306,11 +306,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid; size_t mdname_len = strlen(mdname); -#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -#else int sha1_allowed = 0; -#endif md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, sha1_allowed); @@ -1414,8 +1410,10 @@ static int rsa_set_ctx_params(void *vprs if (prsactx->md == NULL && pmdname == NULL && pad_mode == RSA_PKCS1_PSS_PADDING) { +#ifdef FIPS_MODULE + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; +#else pmdname = RSA_DEFAULT_DIGEST_NAME; -#ifndef FIPS_MODULE if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; } Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt =================================================================== --- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC Title = ECDSA tests +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 # Digest too long +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF12345" @@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a Result = VERIFY_ERROR # Digest too short +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF123" @@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a Result = VERIFY_ERROR # Digest invalid +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1235" @@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a Result = VERIFY_ERROR # Invalid signature +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" @@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a Result = VERIFY_ERROR # BER signature +Availablein = default Verify = P-256 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 Result = VERIFY_ERROR +Availablein = default Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt =================================================================== --- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -96,6 +96,7 @@ NDL6WCBbets= Title = RSA tests +Availablein = default Verify = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" @@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224 Input = "0123456789ABCDEF123456789ABC" Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:SHA1 Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad Output = "0123456789ABCDEF1234" # Leading zero in the signature +Availablein = default Verify = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad Result = VERIFY_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:SHA1 Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad Result = KEYOP_ERROR # Mismatched digest +Availablein = default Verify = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1233" @@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547 Result = VERIFY_ERROR # Corrupted signature +Availablein = default Verify = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1233" @@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547 Result = VERIFY_ERROR # parameter is not NULLt +Availablein = default Verify = RSA-2048 Ctrl = digest:sha1 Input = "0123456789ABCDEF1234" @@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1b Result = VERIFY_ERROR # embedded digest too long +Availablein = default Verify = RSA-2048 Ctrl = digest:sha1 Input = "0123456789ABCDEF1234" Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d Result = VERIFY_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:sha1 Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d Result = KEYOP_ERROR # embedded digest too short +Availablein = default Verify = RSA-2048 Ctrl = digest:sha1 Input = "0123456789ABCDEF1234" Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d Result = VERIFY_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:sha1 Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d Result = KEYOP_ERROR # Garbage after DigestInfo +Availablein = default Verify = RSA-2048 Ctrl = digest:sha1 Input = "0123456789ABCDEF1234" Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 Result = VERIFY_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:sha1 Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 Result = KEYOP_ERROR # invalid tag for parameter +Availablein = default Verify = RSA-2048 Ctrl = digest:sha1 Input = "0123456789ABCDEF1234" @@ -195,6 +209,7 @@ Result = VERIFY_ERROR # Verify using public key +Availablein = default Verify = RSA-2048-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" @@ -371,6 +386,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A # Verify using salt length auto detect +# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 +Availablein = default Verify = RSA-2048-PUBLIC Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:auto @@ -405,6 +422,10 @@ Output=4DE433D5844043EF08D354DA03CB29068 Result = VERIFY_ERROR # Verify using default parameters, explicitly setting parameters +# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which +# RHEL-9 does not support in FIPS mode; all these tests are thus marked +# Availablein = default. +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:20 @@ -413,6 +434,7 @@ Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF # Verify explicitly setting parameters "digest" salt length +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:digest @@ -421,18 +443,21 @@ Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF # Verify using salt length larger than minimum +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:30 Input="0123456789ABCDEF0123" Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B # Verify using maximum salt length +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:max Input="0123456789ABCDEF0123" Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 # Attempt to change salt length below minimum +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:0 Result = PKEY_CTRL_ERROR @@ -440,21 +465,25 @@ Result = PKEY_CTRL_ERROR # Attempt to change padding mode # Note this used to return PKEY_CTRL_INVALID # but it is limited because setparams only returns 0 or 1. +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = rsa_padding_mode:pkcs1 Result = PKEY_CTRL_ERROR # Attempt to change digest +Availablein = default Verify = RSA-PSS-DEFAULT Ctrl = digest:sha256 Result = PKEY_CTRL_ERROR # Invalid key: rejected when we try to init +Availablein = default Verify = RSA-PSS-BAD Result = KEYOP_INIT_ERROR Reason = invalid salt length # Invalid key: rejected when we try to init +Availablein = default Verify = RSA-PSS-BAD2 Result = KEYOP_INIT_ERROR Reason = invalid salt length @@ -473,36 +502,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF 4fINDOjP+yJJvZohNwIDAQAB -----END PUBLIC KEY----- +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=0652ec67bcee30f9d2699122b91c19abdba89f91 Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=39c21c4cceda9c1adf839c744e1212a6437575ec Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=36dae913b77bd17cae6e7b09453d24544cebb33c Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad +Availablein = default Verify=RSA-PSS-1 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 @@ -518,36 +553,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== -----END PUBLIC KEY----- +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0 Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=2dac956d53964748ac364d06595827c6b4f143cd Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298 Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c +Availablein = default Verify=RSA-PSS-9 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 @@ -565,36 +606,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5 BQIDAQAB -----END PUBLIC KEY----- +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4 Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=b503319399277fd6c1c8f1033cbf04199ea21716 Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=50aaede8536b2c307208b275a67ae2df196c7628 Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294 Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 Input=fad3902c9750622a2bc672622c48270cc57d3ea8 Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc +Availablein = default Verify=RSA-PSS-10 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 @@ -1384,11 +1431,13 @@ Title = RSA FIPS tests # FIPS tests -# Verifying with SHA1 is permitted in fips mode for older applications +# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode +Availablein = fips DigestVerify = SHA1 Key = RSA-2048 Input = "Hello " Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859 +Result = DIGESTVERIFYINIT_ERROR # Verifying with a 1024 bit key is permitted in fips mode for older applications DigestVerify = SHA256 Index: openssl-3.1.4/test/recipes/80-test_cms.t =================================================================== --- openssl-3.1.4.orig/test/recipes/80-test_cms.t +++ openssl-3.1.4/test/recipes/80-test_cms.t @@ -163,7 +163,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", + [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], @@ -171,7 +171,7 @@ my @smime_pkcs7_tests = ( [ "signed zero-length content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", + [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-CAfile", $smroot, "-out", "{output}.txt" ], \&zero_compare ], Index: openssl-3.1.4/test/recipes/80-test_ssl_old.t =================================================================== --- openssl-3.1.4.orig/test/recipes/80-test_ssl_old.t +++ openssl-3.1.4/test/recipes/80-test_ssl_old.t @@ -397,6 +397,9 @@ sub testssl { 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } + SKIP: { + skip "SSLv3 is not supported by the FIPS provider", 4 + if $provider eq "fips"; ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), 'test sslv2/sslv3 with server authentication'); ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), @@ -405,6 +408,7 @@ sub testssl { 'test sslv2/sslv3 with both client and server authentication via BIO pair'); ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); + } SKIP: { skip "No IPv4 available on this machine", 4