/* * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include #include #include #include #include #include #include #include #include "apps.h" #include "progs.h" #define BUFSIZE 4096 /* Configuration file values */ #define VERSION_KEY "version" #define VERSION_VAL "1" #define INSTALL_STATUS_VAL "INSTALL_SELF_TEST_KATS_RUN" static OSSL_CALLBACK self_test_events; static char *self_test_corrupt_desc = NULL; static char *self_test_corrupt_type = NULL; static int self_test_log = 1; static int quiet = 0; typedef enum OPTION_choice { OPT_COMMON, OPT_IN, OPT_OUT, OPT_MODULE, OPT_PEDANTIC, OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY, OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG, OPT_NO_CONDITIONAL_ERRORS, OPT_NO_SECURITY_CHECKS, OPT_TLS_PRF_EMS_CHECK, OPT_NO_SHORT_MAC, OPT_DISALLOW_PKCS15_PADDING, OPT_RSA_PSS_SALTLEN_CHECK, OPT_DISALLOW_SIGNATURE_X931_PADDING, OPT_HMAC_KEY_CHECK, OPT_KMAC_KEY_CHECK, OPT_DISALLOW_DRGB_TRUNC_DIGEST, OPT_SIGNATURE_DIGEST_CHECK, OPT_HKDF_DIGEST_CHECK, OPT_TLS13_KDF_DIGEST_CHECK, OPT_TLS1_PRF_DIGEST_CHECK, OPT_SSHKDF_DIGEST_CHECK, OPT_SSKDF_DIGEST_CHECK, OPT_X963KDF_DIGEST_CHECK, OPT_DISALLOW_DSA_SIGN, OPT_DISALLOW_TDES_ENCRYPT, OPT_HKDF_KEY_CHECK, OPT_KBKDF_KEY_CHECK, OPT_TLS13_KDF_KEY_CHECK, OPT_TLS1_PRF_KEY_CHECK, OPT_SSHKDF_KEY_CHECK, OPT_SSKDF_KEY_CHECK, OPT_X963KDF_KEY_CHECK, OPT_X942KDF_KEY_CHECK, OPT_NO_PBKDF2_LOWER_BOUND_CHECK, OPT_ECDH_COFACTOR_CHECK, OPT_SELF_TEST_ONLOAD, OPT_SELF_TEST_ONINSTALL } OPTION_CHOICE; const OPTIONS fipsinstall_options[] = { OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, {"pedantic", OPT_PEDANTIC, '-', "Set options for strict FIPS compliance"}, {"verify", OPT_VERIFY, '-', "Verify a config file instead of generating one"}, {"module", OPT_MODULE, '<', "File name of the provider module"}, {"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"}, {"section_name", OPT_SECTION_NAME, 's', "FIPS Provider config section name (optional)"}, {"no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-', "Disable the ability of the fips module to enter an error state if" " any conditional self tests fail"}, {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-', "Disable the run-time FIPS security checks in the module"}, {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-', "Forces self tests to always run on module load"}, {"self_test_oninstall", OPT_SELF_TEST_ONINSTALL, '-', "Forces self tests to run once on module installation"}, {"ems_check", OPT_TLS_PRF_EMS_CHECK, '-', "Enable the run-time FIPS check for EMS during TLS1_PRF"}, {"no_short_mac", OPT_NO_SHORT_MAC, '-', "Disallow short MAC output"}, {"no_drbg_truncated_digests", OPT_DISALLOW_DRGB_TRUNC_DIGEST, '-', "Disallow truncated digests with Hash and HMAC DRBGs"}, {"signature_digest_check", OPT_SIGNATURE_DIGEST_CHECK, '-', "Enable checking for approved digests for signatures"}, {"hmac_key_check", OPT_HMAC_KEY_CHECK, '-', "Enable key check for HMAC"}, {"kmac_key_check", OPT_KMAC_KEY_CHECK, '-', "Enable key check for KMAC"}, {"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-', "Enable digest check for HKDF"}, {"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-', "Enable digest check for TLS13-KDF"}, {"tls1_prf_digest_check", OPT_TLS1_PRF_DIGEST_CHECK, '-', "Enable digest check for TLS1-PRF"}, {"sshkdf_digest_check", OPT_SSHKDF_DIGEST_CHECK, '-', "Enable digest check for SSHKDF"}, {"sskdf_digest_check", OPT_SSKDF_DIGEST_CHECK, '-', "Enable digest check for SSKDF"}, {"x963kdf_digest_check", OPT_X963KDF_DIGEST_CHECK, '-', "Enable digest check for X963KDF"}, {"dsa_sign_disabled", OPT_DISALLOW_DSA_SIGN, '-', "Disallow DSA signing"}, {"tdes_encrypt_disabled", OPT_DISALLOW_TDES_ENCRYPT, '-', "Disallow Triple-DES encryption"}, {"rsa_pkcs15_padding_disabled", OPT_DISALLOW_PKCS15_PADDING, '-', "Disallow PKCS#1 version 1.5 padding for RSA encryption"}, {"rsa_pss_saltlen_check", OPT_RSA_PSS_SALTLEN_CHECK, '-', "Enable salt length check for RSA-PSS signature operations"}, {"rsa_sign_x931_disabled", OPT_DISALLOW_SIGNATURE_X931_PADDING, '-', "Disallow X931 Padding for RSA signing"}, {"hkdf_key_check", OPT_HKDF_KEY_CHECK, '-', "Enable key check for HKDF"}, {"kbkdf_key_check", OPT_KBKDF_KEY_CHECK, '-', "Enable key check for KBKDF"}, {"tls13_kdf_key_check", OPT_TLS13_KDF_KEY_CHECK, '-', "Enable key check for TLS13-KDF"}, {"tls1_prf_key_check", OPT_TLS1_PRF_KEY_CHECK, '-', "Enable key check for TLS1-PRF"}, {"sshkdf_key_check", OPT_SSHKDF_KEY_CHECK, '-', "Enable key check for SSHKDF"}, {"sskdf_key_check", OPT_SSKDF_KEY_CHECK, '-', "Enable key check for SSKDF"}, {"x963kdf_key_check", OPT_X963KDF_KEY_CHECK, '-', "Enable key check for X963KDF"}, {"x942kdf_key_check", OPT_X942KDF_KEY_CHECK, '-', "Enable key check for X942KDF"}, {"no_pbkdf2_lower_bound_check", OPT_NO_PBKDF2_LOWER_BOUND_CHECK, '-', "Disable lower bound check for PBKDF2"}, {"ecdh_cofactor_check", OPT_ECDH_COFACTOR_CHECK, '-', "Enable Cofactor check for ECDH"}, OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input config file, used when verifying"}, OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output config file, used when generating"}, {"mac_name", OPT_MAC_NAME, 's', "MAC name"}, {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form."}, {OPT_MORE_STR, 0, 0, "See 'PARAMETER NAMES' in the EVP_MAC_ docs"}, {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"}, {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"}, {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"}, {"config", OPT_CONFIG, '<', "The parent config to verify"}, {"quiet", OPT_QUIET, '-', "No messages, just exit status"}, {NULL} }; typedef struct { unsigned int self_test_onload : 1; unsigned int conditional_errors : 1; unsigned int security_checks : 1; unsigned int hmac_key_check : 1; unsigned int kmac_key_check : 1; unsigned int tls_prf_ems_check : 1; unsigned int no_short_mac : 1; unsigned int drgb_no_trunc_dgst : 1; unsigned int signature_digest_check : 1; unsigned int hkdf_digest_check : 1; unsigned int tls13_kdf_digest_check : 1; unsigned int tls1_prf_digest_check : 1; unsigned int sshkdf_digest_check : 1; unsigned int sskdf_digest_check : 1; unsigned int x963kdf_digest_check : 1; unsigned int dsa_sign_disabled : 1; unsigned int tdes_encrypt_disabled : 1; unsigned int rsa_pkcs15_padding_disabled : 1; unsigned int rsa_pss_saltlen_check : 1; unsigned int sign_x931_padding_disabled : 1; unsigned int hkdf_key_check : 1; unsigned int kbkdf_key_check : 1; unsigned int tls13_kdf_key_check : 1; unsigned int tls1_prf_key_check : 1; unsigned int sshkdf_key_check : 1; unsigned int sskdf_key_check : 1; unsigned int x963kdf_key_check : 1; unsigned int x942kdf_key_check : 1; unsigned int pbkdf2_lower_bound_check : 1; unsigned int ecdh_cofactor_check : 1; } FIPS_OPTS; /* Pedantic FIPS compliance */ static const FIPS_OPTS pedantic_opts = { 1, /* self_test_onload */ 1, /* conditional_errors */ 1, /* security_checks */ 1, /* hmac_key_check */ 1, /* kmac_key_check */ 1, /* tls_prf_ems_check */ 1, /* no_short_mac */ 1, /* drgb_no_trunc_dgst */ 1, /* signature_digest_check */ 1, /* hkdf_digest_check */ 1, /* tls13_kdf_digest_check */ 1, /* tls1_prf_digest_check */ 1, /* sshkdf_digest_check */ 1, /* sskdf_digest_check */ 1, /* x963kdf_digest_check */ 1, /* dsa_sign_disabled */ 1, /* tdes_encrypt_disabled */ 1, /* rsa_pkcs15_padding_disabled */ 1, /* rsa_pss_saltlen_check */ 1, /* sign_x931_padding_disabled */ 1, /* hkdf_key_check */ 1, /* kbkdf_key_check */ 1, /* tls13_kdf_key_check */ 1, /* tls1_prf_key_check */ 1, /* sshkdf_key_check */ 1, /* sskdf_key_check */ 1, /* x963kdf_key_check */ 1, /* x942kdf_key_check */ 1, /* pbkdf2_lower_bound_check */ 1, /* ecdh_cofactor_check */ }; /* Default FIPS settings for backward compatibility */ static FIPS_OPTS fips_opts = { 1, /* self_test_onload */ 1, /* conditional_errors */ 1, /* security_checks */ 0, /* hmac_key_check */ 0, /* kmac_key_check */ 0, /* tls_prf_ems_check */ 0, /* no_short_mac */ 0, /* drgb_no_trunc_dgst */ 0, /* signature_digest_check */ 0, /* hkdf_digest_check */ 0, /* tls13_kdf_digest_check */ 0, /* tls1_prf_digest_check */ 0, /* sshkdf_digest_check */ 0, /* sskdf_digest_check */ 0, /* x963kdf_digest_check */ 0, /* dsa_sign_disabled */ 0, /* tdes_encrypt_disabled */ 0, /* rsa_pkcs15_padding_disabled */ 0, /* rsa_pss_saltlen_check */ 0, /* sign_x931_padding_disabled */ 0, /* hkdf_key_check */ 0, /* kbkdf_key_check */ 0, /* tls13_kdf_key_check */ 0, /* tls1_prf_key_check */ 0, /* sshkdf_key_check */ 0, /* sskdf_key_check */ 0, /* x963kdf_key_check */ 0, /* x942kdf_key_check */ 1, /* pbkdf2_lower_bound_check */ 0, /* ecdh_cofactor_check */ }; static int check_non_pedantic_fips(int pedantic, const char *name) { if (pedantic) { BIO_printf(bio_err, "Cannot specify -%s after -pedantic\n", name); return 0; } return 1; } static int do_mac(EVP_MAC_CTX *ctx, unsigned char *tmp, BIO *in, unsigned char *out, size_t *out_len) { int ret = 0; int i; size_t outsz = *out_len; if (!EVP_MAC_init(ctx, NULL, 0, NULL)) goto err; if (EVP_MAC_CTX_get_mac_size(ctx) > outsz) goto end; while ((i = BIO_read(in, (char *)tmp, BUFSIZE)) != 0) { if (i < 0 || !EVP_MAC_update(ctx, tmp, i)) goto err; } end: if (!EVP_MAC_final(ctx, out, out_len, outsz)) goto err; ret = 1; err: return ret; } static int load_fips_prov_and_run_self_test(const char *prov_name, int *is_fips_140_2_prov) { int ret = 0; OSSL_PROVIDER *prov = NULL; OSSL_PARAM params[4], *p = params; char *name = "", *vers = "", *build = ""; prov = OSSL_PROVIDER_load(NULL, prov_name); if (prov == NULL) { BIO_printf(bio_err, "Failed to load FIPS module\n"); goto end; } if (!quiet) { *p++ = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME, &name, sizeof(name)); *p++ = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vers, sizeof(vers)); *p++ = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_BUILDINFO, &build, sizeof(build)); *p = OSSL_PARAM_construct_end(); if (!OSSL_PROVIDER_get_params(prov, params)) { BIO_printf(bio_err, "Failed to query FIPS module parameters\n"); goto end; } if (OSSL_PARAM_modified(params)) BIO_printf(bio_err, "\t%-10s\t%s\n", "name:", name); if (OSSL_PARAM_modified(params + 1)) BIO_printf(bio_err, "\t%-10s\t%s\n", "version:", vers); if (OSSL_PARAM_modified(params + 2)) BIO_printf(bio_err, "\t%-10s\t%s\n", "build:", build); } else { *p++ = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vers, sizeof(vers)); *p = OSSL_PARAM_construct_end(); if (!OSSL_PROVIDER_get_params(prov, params)) { BIO_printf(bio_err, "Failed to query FIPS module parameters\n"); goto end; } } *is_fips_140_2_prov = (strncmp("3.0.", vers, 4) == 0); ret = 1; end: OSSL_PROVIDER_unload(prov); return ret; } static int print_mac(BIO *bio, const char *label, const unsigned char *mac, size_t len) { int ret; char *hexstr = NULL; hexstr = OPENSSL_buf2hexstr(mac, (long)len); if (hexstr == NULL) return 0; ret = BIO_printf(bio, "%s = %s\n", label, hexstr); OPENSSL_free(hexstr); return ret; } static int write_config_header(BIO *out, const char *prov_name, const char *section) { return BIO_printf(out, "openssl_conf = openssl_init\n\n") && BIO_printf(out, "[openssl_init]\n") && BIO_printf(out, "providers = provider_section\n\n") && BIO_printf(out, "[provider_section]\n") && BIO_printf(out, "%s = %s\n\n", prov_name, section); } /* * Outputs a fips related config file that contains entries for the fips * module checksum, installation indicator checksum and the options * conditional_errors and security_checks. * * Returns 1 if the config file is written otherwise it returns 0 on error. */ static int write_config_fips_section(BIO *out, const char *section, unsigned char *module_mac, size_t module_mac_len, const FIPS_OPTS *opts, unsigned char *install_mac, size_t install_mac_len) { int ret = 0; if (BIO_printf(out, "[%s]\n", section) <= 0 || BIO_printf(out, "activate = 1\n") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, VERSION_VAL) <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, opts->conditional_errors ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SECURITY_CHECKS, opts->security_checks ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_HMAC_KEY_CHECK, opts->hmac_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_KMAC_KEY_CHECK, opts->kmac_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, opts->tls_prf_ems_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_NO_SHORT_MAC, opts->no_short_mac ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, opts->drgb_no_trunc_dgst ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SIGNATURE_DIGEST_CHECK, opts->signature_digest_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_HKDF_DIGEST_CHECK, opts->hkdf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TLS13_KDF_DIGEST_CHECK, opts->tls13_kdf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TLS1_PRF_DIGEST_CHECK, opts->tls1_prf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SSHKDF_DIGEST_CHECK, opts->sshkdf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SSKDF_DIGEST_CHECK, opts->sskdf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_X963KDF_DIGEST_CHECK, opts->x963kdf_digest_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_DSA_SIGN_DISABLED, opts->dsa_sign_disabled ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TDES_ENCRYPT_DISABLED, opts->tdes_encrypt_disabled ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_RSA_PKCS15_PAD_DISABLED, opts->rsa_pkcs15_padding_disabled ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_RSA_PSS_SALTLEN_CHECK, opts->rsa_pss_saltlen_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED, opts->sign_x931_padding_disabled ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_HKDF_KEY_CHECK, opts->hkdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_KBKDF_KEY_CHECK, opts->kbkdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TLS13_KDF_KEY_CHECK, opts->tls13_kdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_TLS1_PRF_KEY_CHECK, opts->tls1_prf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SSHKDF_KEY_CHECK, opts->sshkdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_SSKDF_KEY_CHECK, opts->sskdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_X963KDF_KEY_CHECK, opts->x963kdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_X942KDF_KEY_CHECK, opts->x942kdf_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK, opts->pbkdf2_lower_bound_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK, opts->ecdh_cofactor_check ? "1": "0") <= 0 || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac, module_mac_len)) goto end; if (install_mac != NULL && install_mac_len > 0 && opts->self_test_onload == 0) { if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac, install_mac_len) || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, INSTALL_STATUS_VAL) <= 0) goto end; } ret = 1; end: return ret; } static CONF *generate_config_and_load(const char *prov_name, const char *section, unsigned char *module_mac, size_t module_mac_len, const FIPS_OPTS *opts) { BIO *mem_bio = NULL; CONF *conf = NULL; mem_bio = BIO_new(BIO_s_mem()); if (mem_bio == NULL) return 0; if (!write_config_header(mem_bio, prov_name, section) || !write_config_fips_section(mem_bio, section, module_mac, module_mac_len, opts, NULL, 0)) goto end; conf = app_load_config_bio(mem_bio, NULL); if (conf == NULL) goto end; if (CONF_modules_load(conf, NULL, 0) <= 0) goto end; BIO_free(mem_bio); return conf; end: NCONF_free(conf); BIO_free(mem_bio); return NULL; } static void free_config_and_unload(CONF *conf) { if (conf != NULL) { NCONF_free(conf); CONF_modules_unload(1); } } static int verify_module_load(const char *parent_config_file) { return OSSL_LIB_CTX_load_config(NULL, parent_config_file); } /* * Returns 1 if the config file entries match the passed in module_mac and * install_mac values, otherwise it returns 0. */ static int verify_config(const char *infile, const char *section, unsigned char *module_mac, size_t module_mac_len, unsigned char *install_mac, size_t install_mac_len) { int ret = 0; char *s = NULL; unsigned char *buf1 = NULL, *buf2 = NULL; long len; CONF *conf = NULL; /* read in the existing values and check they match the saved values */ conf = app_load_config(infile); if (conf == NULL) goto end; s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_VERSION); if (s == NULL || strcmp(s, VERSION_VAL) != 0) { BIO_printf(bio_err, "version not found\n"); goto end; } s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_MODULE_MAC); if (s == NULL) { BIO_printf(bio_err, "Module integrity MAC not found\n"); goto end; } buf1 = OPENSSL_hexstr2buf(s, &len); if (buf1 == NULL || (size_t)len != module_mac_len || memcmp(module_mac, buf1, module_mac_len) != 0) { BIO_printf(bio_err, "Module integrity mismatch\n"); goto end; } if (install_mac != NULL && install_mac_len > 0) { s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_STATUS); if (s == NULL || strcmp(s, INSTALL_STATUS_VAL) != 0) { BIO_printf(bio_err, "install status not found\n"); goto end; } s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_MAC); if (s == NULL) { BIO_printf(bio_err, "Install indicator MAC not found\n"); goto end; } buf2 = OPENSSL_hexstr2buf(s, &len); if (buf2 == NULL || (size_t)len != install_mac_len || memcmp(install_mac, buf2, install_mac_len) != 0) { BIO_printf(bio_err, "Install indicator status mismatch\n"); goto end; } } ret = 1; end: OPENSSL_free(buf1); OPENSSL_free(buf2); NCONF_free(conf); return ret; } int fipsinstall_main(int argc, char **argv) { int ret = 1, verify = 0, gotkey = 0, gotdigest = 0, pedantic = 0; int is_fips_140_2_prov = 0, set_selftest_onload_option = 0; const char *section_name = "fips_sect"; const char *mac_name = "HMAC"; const char *prov_name = "fips"; BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; char *in_fname = NULL, *out_fname = NULL, *prog; char *module_fname = NULL, *parent_config = NULL, *module_path = NULL; const char *tail; EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL; STACK_OF(OPENSSL_STRING) *opts = NULL; OPTION_CHOICE o; unsigned char *read_buffer = NULL; unsigned char module_mac[EVP_MAX_MD_SIZE]; size_t module_mac_len = EVP_MAX_MD_SIZE; unsigned char install_mac[EVP_MAX_MD_SIZE]; size_t install_mac_len = EVP_MAX_MD_SIZE; EVP_MAC *mac = NULL; CONF *conf = NULL; if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) goto end; prog = opt_init(argc, argv, fipsinstall_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto cleanup; case OPT_HELP: opt_help(fipsinstall_options); ret = 0; goto end; case OPT_IN: in_fname = opt_arg(); break; case OPT_OUT: out_fname = opt_arg(); break; case OPT_PEDANTIC: fips_opts = pedantic_opts; pedantic = 1; break; case OPT_NO_CONDITIONAL_ERRORS: if (!check_non_pedantic_fips(pedantic, "no_conditional_errors")) goto end; fips_opts.conditional_errors = 0; break; case OPT_NO_SECURITY_CHECKS: if (!check_non_pedantic_fips(pedantic, "no_security_checks")) goto end; fips_opts.security_checks = 0; break; case OPT_HMAC_KEY_CHECK: fips_opts.hmac_key_check = 1; break; case OPT_KMAC_KEY_CHECK: fips_opts.kmac_key_check = 1; break; case OPT_TLS_PRF_EMS_CHECK: fips_opts.tls_prf_ems_check = 1; break; case OPT_NO_SHORT_MAC: fips_opts.no_short_mac = 1; break; case OPT_DISALLOW_DRGB_TRUNC_DIGEST: fips_opts.drgb_no_trunc_dgst = 1; break; case OPT_SIGNATURE_DIGEST_CHECK: fips_opts.signature_digest_check = 1; break; case OPT_HKDF_DIGEST_CHECK: fips_opts.hkdf_digest_check = 1; break; case OPT_TLS13_KDF_DIGEST_CHECK: fips_opts.tls13_kdf_digest_check = 1; break; case OPT_TLS1_PRF_DIGEST_CHECK: fips_opts.tls1_prf_digest_check = 1; break; case OPT_SSHKDF_DIGEST_CHECK: fips_opts.sshkdf_digest_check = 1; break; case OPT_SSKDF_DIGEST_CHECK: fips_opts.sskdf_digest_check = 1; break; case OPT_X963KDF_DIGEST_CHECK: fips_opts.x963kdf_digest_check = 1; break; case OPT_DISALLOW_DSA_SIGN: fips_opts.dsa_sign_disabled = 1; break; case OPT_DISALLOW_TDES_ENCRYPT: fips_opts.tdes_encrypt_disabled = 1; break; case OPT_RSA_PSS_SALTLEN_CHECK: fips_opts.rsa_pss_saltlen_check = 1; break; case OPT_DISALLOW_SIGNATURE_X931_PADDING: fips_opts.sign_x931_padding_disabled = 1; break; case OPT_DISALLOW_PKCS15_PADDING: fips_opts.rsa_pkcs15_padding_disabled = 1; break; case OPT_HKDF_KEY_CHECK: fips_opts.hkdf_key_check = 1; break; case OPT_KBKDF_KEY_CHECK: fips_opts.kbkdf_key_check = 1; break; case OPT_TLS13_KDF_KEY_CHECK: fips_opts.tls13_kdf_key_check = 1; break; case OPT_TLS1_PRF_KEY_CHECK: fips_opts.tls1_prf_key_check = 1; break; case OPT_SSHKDF_KEY_CHECK: fips_opts.sshkdf_key_check = 1; break; case OPT_SSKDF_KEY_CHECK: fips_opts.sskdf_key_check = 1; break; case OPT_X963KDF_KEY_CHECK: fips_opts.x963kdf_key_check = 1; break; case OPT_X942KDF_KEY_CHECK: fips_opts.x942kdf_key_check = 1; break; case OPT_NO_PBKDF2_LOWER_BOUND_CHECK: if (!check_non_pedantic_fips(pedantic, "no_pbkdf2_lower_bound_check")) goto end; fips_opts.pbkdf2_lower_bound_check = 0; break; case OPT_ECDH_COFACTOR_CHECK: fips_opts.ecdh_cofactor_check = 1; break; case OPT_QUIET: quiet = 1; /* FALLTHROUGH */ case OPT_NO_LOG: self_test_log = 0; break; case OPT_CORRUPT_DESC: self_test_corrupt_desc = opt_arg(); break; case OPT_CORRUPT_TYPE: self_test_corrupt_type = opt_arg(); break; case OPT_PROV_NAME: prov_name = opt_arg(); break; case OPT_MODULE: module_fname = opt_arg(); break; case OPT_SECTION_NAME: section_name = opt_arg(); break; case OPT_MAC_NAME: mac_name = opt_arg(); break; case OPT_CONFIG: parent_config = opt_arg(); break; case OPT_MACOPT: if (!sk_OPENSSL_STRING_push(opts, opt_arg())) goto opthelp; if (HAS_PREFIX(opt_arg(), "hexkey:")) gotkey = 1; else if (HAS_PREFIX(opt_arg(), "digest:")) gotdigest = 1; break; case OPT_VERIFY: verify = 1; break; case OPT_SELF_TEST_ONLOAD: set_selftest_onload_option = 1; fips_opts.self_test_onload = 1; break; case OPT_SELF_TEST_ONINSTALL: if (!check_non_pedantic_fips(pedantic, "self_test_oninstall")) goto end; set_selftest_onload_option = 1; fips_opts.self_test_onload = 0; break; } } /* No extra arguments. */ if (!opt_check_rest_arg(NULL)) goto opthelp; if (verify && in_fname == NULL) { BIO_printf(bio_err, "Missing -in option for -verify\n"); goto opthelp; } if (parent_config != NULL) { /* Test that a parent config can load the module */ if (verify_module_load(parent_config)) { ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1; if (!quiet) { BIO_printf(bio_err, "FIPS provider is %s\n", ret == 0 ? "available" : "not available"); } } goto end; } if (module_fname == NULL) goto opthelp; tail = opt_path_end(module_fname); if (tail != NULL) { module_path = OPENSSL_strdup(module_fname); if (module_path == NULL) goto end; module_path[tail - module_fname] = '\0'; if (!OSSL_PROVIDER_set_default_search_path(NULL, module_path)) goto end; } if (self_test_log || self_test_corrupt_desc != NULL || self_test_corrupt_type != NULL) OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL); /* Use the default FIPS HMAC digest and key if not specified. */ if (!gotdigest && !sk_OPENSSL_STRING_push(opts, "digest:SHA256")) goto end; if (!gotkey && !sk_OPENSSL_STRING_push(opts, "hexkey:" FIPS_KEY_STRING)) goto end; module_bio = bio_open_default(module_fname, 'r', FORMAT_BINARY); if (module_bio == NULL) { BIO_printf(bio_err, "Failed to open module file\n"); goto end; } read_buffer = app_malloc(BUFSIZE, "I/O buffer"); if (read_buffer == NULL) goto end; mac = EVP_MAC_fetch(app_get0_libctx(), mac_name, app_get0_propq()); if (mac == NULL) { BIO_printf(bio_err, "Unable to get MAC of type %s\n", mac_name); goto end; } ctx = EVP_MAC_CTX_new(mac); if (ctx == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); goto end; } if (opts != NULL) { int ok = 1; OSSL_PARAM *params = app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac)); if (params == NULL) goto end; if (!EVP_MAC_CTX_set_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; } app_params_free(params); if (!ok) goto end; } ctx2 = EVP_MAC_CTX_dup(ctx); if (ctx2 == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); goto end; } if (!do_mac(ctx, read_buffer, module_bio, module_mac, &module_mac_len)) goto end; /* Calculate the MAC for the indicator status - it may not be used */ mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL, strlen(INSTALL_STATUS_VAL)); if (mem_bio == NULL) { BIO_printf(bio_err, "Unable to create memory BIO\n"); goto end; } if (!do_mac(ctx2, read_buffer, mem_bio, install_mac, &install_mac_len)) goto end; if (verify) { if (fips_opts.self_test_onload == 1) install_mac_len = 0; if (!verify_config(in_fname, section_name, module_mac, module_mac_len, install_mac, install_mac_len)) goto end; if (!quiet) BIO_printf(bio_err, "VERIFY PASSED\n"); } else { conf = generate_config_and_load(prov_name, section_name, module_mac, module_mac_len, &fips_opts); if (conf == NULL) goto end; if (!load_fips_prov_and_run_self_test(prov_name, &is_fips_140_2_prov)) goto end; /* * In OpenSSL 3.1 the code was changed so that the status indicator is * not written out by default since this is a FIPS 140-3 requirement. * For backwards compatibility - if the detected FIPS provider is 3.0.X * (Which was a FIPS 140-2 validation), then the indicator status will * be written to the config file unless 'self_test_onload' is set on the * command line. */ if (set_selftest_onload_option == 0 && is_fips_140_2_prov) fips_opts.self_test_onload = 0; fout = out_fname == NULL ? dup_bio_out(FORMAT_TEXT) : bio_open_default(out_fname, 'w', FORMAT_TEXT); if (fout == NULL) { BIO_printf(bio_err, "Failed to open file\n"); goto end; } if (!write_config_fips_section(fout, section_name, module_mac, module_mac_len, &fips_opts, install_mac, install_mac_len)) goto end; if (!quiet) BIO_printf(bio_err, "INSTALL PASSED\n"); } ret = 0; end: if (ret == 1) { if (!quiet) BIO_printf(bio_err, "%s FAILED\n", verify ? "VERIFY" : "INSTALL"); ERR_print_errors(bio_err); } cleanup: OPENSSL_free(module_path); BIO_free(fout); BIO_free(mem_bio); BIO_free(module_bio); sk_OPENSSL_STRING_free(opts); EVP_MAC_free(mac); EVP_MAC_CTX_free(ctx2); EVP_MAC_CTX_free(ctx); OPENSSL_free(read_buffer); free_config_and_unload(conf); return ret; } static int self_test_events(const OSSL_PARAM params[], void *arg) { const OSSL_PARAM *p = NULL; const char *phase = NULL, *type = NULL, *desc = NULL; int ret = 0; p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) goto err; phase = (const char *)p->data; p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) goto err; desc = (const char *)p->data; p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) goto err; type = (const char *)p->data; if (self_test_log) { if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) BIO_printf(bio_err, "%s : (%s) : ", desc, type); else if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) BIO_printf(bio_err, "%s\n", phase); } /* * The self test code will internally corrupt the KAT test result if an * error is returned during the corrupt phase. */ if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0 && (self_test_corrupt_desc != NULL || self_test_corrupt_type != NULL)) { if (self_test_corrupt_desc != NULL && strcmp(self_test_corrupt_desc, desc) != 0) goto end; if (self_test_corrupt_type != NULL && strcmp(self_test_corrupt_type, type) != 0) goto end; BIO_printf(bio_err, "%s ", phase); goto err; } end: ret = 1; err: return ret; }