File libgcrypt-FIPS-SLI-md-Make-SHA1-non-FIPS-and-differentiate-in-the-SLI.patch of Package libgcrypt.38414
From 3d74259865e7c63fe46626fee3c973c789e0eac8 Mon Sep 17 00:00:00 2001
From: Lucas Mulling <lucas.mulling@suse.com>
Date: Tue, 28 Jan 2025 15:34:43 -0300
Subject: [PATCH 1/2] md: Make SHA1 non-FIPS and differentiate in the SLI
* cipher/md.c (_gcry_md_open, md_enable, _gcry_md_enable, md_copy):
Differentiate SHA1.
* cipher/sha1.c (_gcry_digest_spec_sha1): Make SHA1 not FIPS.
* src/fips.c (_gcry_fips_indicator_mac, _gcry_fips_indicator_md,
run_digest_selftests, run_mac_selftests): Differentiate SHA1.
* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_MD_SHA1): New.
* tests/basic.c: (check_pubkey_sign): Use sha256 for baddata, add
FLAG_NOFIPS to non FIPS compliant tests that use SHA1, and improve error
messages.
* tests/pkcs1v2.c (main): Skip tests in FIPS mode.
* tests/t-fips-service-ind.c (check_kdf_derive): Use sha256 as pbkdf2
subalgo.
* tests/t-fips-service-ind.c (check_mac_o_w_r_c): Check for rejection of
SHA1 test cases if in FIPS mode.
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
cipher/md.c | 8 ++++++++
cipher/sha1.c | 2 +-
src/fips.c | 4 ----
src/gcrypt.h.in | 1 +
tests/basic.c | 16 ++++++++++-----
tests/pkcs1v2.c | 8 ++++++++
tests/t-fips-service-ind.c | 42 +++++++++++++++++++-------------------
7 files changed, 50 insertions(+), 31 deletions(-)
diff --git a/cipher/md.c b/cipher/md.c
index f600e7bb..3e14ccd6 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -566,6 +566,8 @@ _gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
if (algo == GCRY_MD_MD5)
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_MD5);
+ else if (algo == GCRY_MD_SHA1)
+ reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_SHA1);
else
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_OTHERS);
@@ -601,6 +603,8 @@ md_enable (gcry_md_hd_t hd, int algorithm)
if (algorithm == GCRY_MD_MD5)
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_MD5);
+ else if (algorithm == GCRY_MD_SHA1)
+ reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_SHA1);
else
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_OTHERS);
@@ -679,6 +683,8 @@ _gcry_md_enable (gcry_md_hd_t hd, int algorithm)
if (algorithm == GCRY_MD_MD5)
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_MD5);
+ else if (algorithm == GCRY_MD_SHA1)
+ reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_SHA1);
else
reject = fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_OTHERS);
@@ -756,6 +762,8 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
if (spec->algo == GCRY_MD_MD5)
reject |= fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_MD5);
+ else if (spec->algo == GCRY_MD_SHA1)
+ reject |= fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_SHA1);
else
reject |= fips_check_rejection (GCRY_FIPS_FLAG_REJECT_MD_OTHERS);
}
diff --git a/cipher/sha1.c b/cipher/sha1.c
index b83b9de0..e4069e1d 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -759,7 +759,7 @@ static const gcry_md_oid_spec_t oid_spec_sha1[] =
const gcry_md_spec_t _gcry_digest_spec_sha1 =
{
- GCRY_MD_SHA1, {0, 1},
+ GCRY_MD_SHA1, {0, 0},
"SHA1", asn, DIM (asn), oid_spec_sha1, 20,
sha1_init, _gcry_md_block_write, sha1_final, sha1_read, NULL,
_gcry_sha1_hash_buffers,
diff --git a/src/fips.c b/src/fips.c
index 7ae89503..7848fa11 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -430,7 +430,6 @@ _gcry_fips_indicator_mac (va_list arg_ptr)
switch (alg)
{
case GCRY_MAC_CMAC_AES:
- case GCRY_MAC_HMAC_SHA1:
case GCRY_MAC_HMAC_SHA224:
case GCRY_MAC_HMAC_SHA256:
case GCRY_MAC_HMAC_SHA384:
@@ -454,7 +453,6 @@ _gcry_fips_indicator_md (va_list arg_ptr)
switch (alg)
{
- case GCRY_MD_SHA1:
case GCRY_MD_SHA224:
case GCRY_MD_SHA256:
case GCRY_MD_SHA384:
@@ -626,7 +624,6 @@ run_digest_selftests (int extended)
{
static int algos[] =
{
- GCRY_MD_SHA1,
GCRY_MD_SHA224,
#ifndef ENABLE_HMAC_BINARY_CHECK
GCRY_MD_SHA256,
@@ -657,7 +654,6 @@ run_mac_selftests (int extended)
{
static int algos[] =
{
- GCRY_MAC_HMAC_SHA1,
GCRY_MAC_HMAC_SHA224,
#ifndef ENABLE_HMAC_BINARY_CHECK
GCRY_MAC_HMAC_SHA256,
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 1a6f7269..3a7acb13 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1989,6 +1989,7 @@ char *gcry_get_config (int mode, const char *what);
#define GCRY_FIPS_FLAG_REJECT_PK_MD (1 << 6)
#define GCRY_FIPS_FLAG_REJECT_PK_GOST_SM2 (1 << 7)
#define GCRY_FIPS_FLAG_REJECT_CIPHER_MODE (1 << 8)
+#define GCRY_FIPS_FLAG_REJECT_MD_SHA1 (1 << 9)
#define GCRY_FIPS_FLAG_REJECT_MD \
(GCRY_FIPS_FLAG_REJECT_MD_MD5 | GCRY_FIPS_FLAG_REJECT_MD_OTHERS)
diff --git a/tests/basic.c b/tests/basic.c
index 72c65b58..f32e41db 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -17127,9 +17127,15 @@ verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash,
if (rc)
fail ("gcry_pk_verify failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_verify (sig, badhash, pkey);
- if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE)
+ if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE) {
+ if (verbose) {
+ show_sexp ("pkey: ", pkey);
+ show_sexp ("hash: ", hash);
+ show_sexp ("badhash: ", badhash);
+ }
fail ("gcry_pk_verify failed to detect a bad signature: %s\n",
gpg_strerror (rc));
+ }
}
@@ -17144,7 +17150,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
int dataidx;
static const char baddata[] =
"(data\n (flags pkcs1)\n"
- " (hash sha1 #11223344556677889900AABBCCDDEEFF10203041#))\n";
+ " (hash sha256 #F972DABC31BBD154CC83A5208BEF1CB087100BDA548A9D704F789AC748694416#))\n";
static const struct
{
const char *data;
@@ -17156,7 +17162,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
{ "(data\n (flags pkcs1)\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
GCRY_PK_RSA,
- 0 },
+ 0, FLAG_NOFIPS },
{ "(data\n (flags pkcs1-raw)\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
GCRY_PK_RSA,
@@ -17171,7 +17177,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
" (hash oid.1.3.14.3.2.29 "
" #11223344556677889900AABBCCDDEEFF10203040#))\n",
GCRY_PK_RSA,
- 0 },
+ 0, FLAG_NOFIPS },
{ "(data\n (flags )\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
0,
@@ -17267,7 +17273,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
goto next;
}
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
- fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
+ fail ("gcry_pk_sign %d failed: %s\n", dataidx, gpg_strerror (rc));
if (!rc)
verify_one_signature (pkey, hash, badhash, sig);
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
index ab070a94..9874b81c 100644
--- a/tests/pkcs1v2.c
+++ b/tests/pkcs1v2.c
@@ -720,6 +720,14 @@ main (int argc, char **argv)
/* No valuable keys are create, so we can speed up our RNG. */
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
+ if (in_fips_mode) /* skip tests for now */
+ {
+ if (verbose)
+ fprintf (stderr, "\nAll tests skiped in FIPS mode...\n");
+
+ return 0;
+ }
+
if (run_oaep)
check_oaep ();
if (run_pss)
diff --git a/tests/t-fips-service-ind.c b/tests/t-fips-service-ind.c
index 74521bb3..40dab620 100644
--- a/tests/t-fips-service-ind.c
+++ b/tests/t-fips-service-ind.c
@@ -816,7 +816,7 @@ check_mac_o_w_r_c (int reject)
#if USE_SHA1
{ GCRY_MAC_HMAC_SHA1, "hmac input abc", 14, "hmac key input", 14,
"\xc9\x62\x9d\x16\x0f\xc2\xc4\xcd\x38\xac\x3a\x00\xdc\x29\x61\x03"
- "\x69\x50\xd7\x3a" },
+ "\x69\x50\xd7\x3a", 1 },
#endif
{ GCRY_MAC_HMAC_SHA256, "hmac input abc", 14, "hmac key input", 14,
"\x6a\xda\x4d\xd5\xf3\xa7\x32\x9d\xd2\x55\xc0\x7f\xe6\x0a\x93\xb8"
@@ -973,7 +973,7 @@ check_md_o_w_r_c (int reject)
#if USE_SHA1
{ GCRY_MD_SHA1, "abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
- "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
+ "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 1 },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
@@ -1049,7 +1049,6 @@ check_md_o_w_r_c (int reject)
tvidx);
continue;
}
-
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
{
/* Success with the FIPS service indicator == 0 expected, but != 0. */
@@ -1099,7 +1098,7 @@ check_hash_buffer (void)
#if USE_SHA1
{ GCRY_MD_SHA1, "abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
- "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
+ "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 1 },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
@@ -1208,7 +1207,7 @@ check_hash_buffers (void)
{ GCRY_MD_SHA1, "abc", 3,
"key", 3,
"\x4f\xd0\xb2\x15\x27\x6e\xf1\x2f\x2b\x3e"
- "\x4c\x8e\xca\xc2\x81\x14\x98\xb6\x56\xfc" },
+ "\x4c\x8e\xca\xc2\x81\x14\x98\xb6\x56\xfc", 1 },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"key", 3,
@@ -1340,7 +1339,7 @@ check_kdf_derive (void)
"\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
"\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96"
"\x4c\xf2\xf0\x70\x38",
- 0
+ 1 /* not-compliant because subalgo is not the one of approved */
},
{
"pleaseletmein", 13,
@@ -1356,45 +1355,45 @@ check_kdf_derive (void)
},
{
"passwor", 7,
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
4096,
25,
- "\xf4\x93\xee\x2b\xbf\x44\x0b\x9e\x64\x53"
- "\xc2\xb3\x87\xdc\x73\xf8\xfd\xe6\x97\xda"
- "\xb8\x24\xa0\x26\x50",
+ "\x2d\x72\xa9\xe5\x4e\x2f\x37\x6e\xe5\xe4"
+ "\xf5\x55\x76\xb5\xaa\x49\x73\x01\x97\x1c"
+ "\xad\x3a\x7c\xc4\xde",
1 /* not-compliant because passphrase len is too small */
},
{
"passwordPASSWORDpassword", 24,
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
"saltSALTsaltSAL", 15,
4096,
25,
- "\x14\x05\xa4\x2a\xf4\xa8\x12\x14\x7b\x65"
- "\x8f\xaa\xf0\x7f\x25\xe5\x0f\x0b\x2b\xb7"
- "\xcf\x8d\x29\x23\x4b",
+ "\xf7\x55\xdd\x3c\x5e\xfb\x23\x06\xa7\x85"
+ "\x94\xa7\x31\x12\x45\xcf\x5a\x4b\xdc\x09"
+ "\xee\x65\x4b\x50\x3f",
1 /* not-compliant because salt len is too small */
},
{
"passwordPASSWORDpassword", 24,
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
999,
25,
- "\xac\xf8\xb4\x67\x41\xc7\xf3\xd1\xa0\xc0"
- "\x08\xbe\x9b\x23\x96\x78\xbd\x93\xda\x4a"
- "\x30\xd4\xfb\xf0\x33",
+ "\x09\x3e\x1a\xd8\x63\x30\x71\x9c\x17\xcf"
+ "\xb0\x53\x3e\x1f\xc8\x51\x29\x71\x54\x28"
+ "\x5d\xf7\x8e\x41\xaa",
1 /* not-compliant because too few iterations */
},
{
"passwordPASSWORDpassword", 24,
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
4096,
13,
- "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
- "\xd8\x36\x62",
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8"
+ "\x14\xb8\x11",
1 /* not-compliant because key size too small */
},
{
@@ -1540,6 +1539,7 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_FIPS_REJECT_NON_FIPS,
(GCRY_FIPS_FLAG_REJECT_MD_MD5
+ | GCRY_FIPS_FLAG_REJECT_MD_SHA1
| GCRY_FIPS_FLAG_REJECT_CIPHER_MODE
| GCRY_FIPS_FLAG_REJECT_PK_MD
| GCRY_FIPS_FLAG_REJECT_PK_GOST_SM2
--
2.48.1
