-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.0 FIPS provider is not compatible with tests in 3.0.5 #19171
Comments
We should be testing the 3.0.0 FIPS provider against 3.0.x and master. We wouldn't necessarily have to build the 3.0.0 FIPS provider every time, it's immutable after all. It would be nice to keep our current test of the 3.0.x and master FIPS providers against each other (but not critical IMO). |
The key mismatch issue is a BREAKING CHANGE.. EVP_PKEY_eq() was changed from just checking the public key to potentially checking the private key... e..g.
This will break on the d value check.. The newer 3.0.5 provider code for rsa_match() (as well as other match functions) conditionally checks the private key only if there is no public key.. This was to cater for keys that only had a private component. |
@paulidale are you less confused now - I updated the comment |
I was more concerned about us missing this change being breaking 😭 |
Not sure that changing the selection was a good idea. It was documented to do something, and it was changed.. |
This kind of thing will happen if there is no test, no matter what you do.. |
With the EVP_PKEY_eq() changed back to just select public I get a smaller set of failures..
|
04 and 25 seem to be related to ECExplicit curves The 30_test_evp ones I will check tomorrow but it looks bad if they are failing KAT's.. |
Our CI is meant to have a test in it explicitly for checking that we don't make any breaking changes in the provider ABI. And that applies for all of 3.x ... earlier release binaries must be useable with the newer releases. |
Yeah I was suprised when I learned what the CI loop was actually doing.. Basically we have a fips provider that cant currently be used with the latest security fixes. |
Yeah, that doesn't seem right. We should probably do both of those things. |
One thing are true API breaking changes. We should not allow them. On the other hand, we really CANNOT use the unmodified 3.1 or even 3.0.x test suite to test against the 3.0.0 FIPS provider because it for sure will contain bugs, that were fixed in later versions. These WILL make the test suite fail unless each and every of such newly added testcases are excluded from the test if 3.0.0 FIPS provider is used. |
I think I agree with @t8m. We should be able to argue that "doesn't behave according to spec" is subject for correction, and that the correction can't be deemed an API breaking change. It's a bit unlucky that the behavior fault was on both sides at the same time, sure, but that shouldn't matter. |
This also implies that no-one is using the fips provider correctly currently.
|
Once these issues are addressed the instructions required to build need to be very clear... |
We must test that it works and is not broken for that usage. How we do that isn't relevant - that we add tests that don't let us use the test suite as-is happens to be problem that needs a solution. We must maintain ABI (not just API) compatibility. Now don't get me wrong on this but people simply do not use the test suite for operational checks. They will build a release and may decide to run the test suite. But they do not do that (in general) in the production environment where they will install a fips provider from one release and use it with a later OpenSSL release build. Also always without running the test suite on that combination - the production environment is not generally a development environment and testing would be done at build not at production time. If using the test suite from later versions for this sort of testing is the strategy then the test suite needs to be able to cope with precisely this context when being used in that manner. i.e. we have to separate out those tests that cannot run on the older provider builds. This isn't just a fips thing - this is meant to work for all providers for all earlier releases - whether they are fips or non fips. We have an ABI guarantee here for a reason - so that providers from older releases can be used always on newer releases. Any way you look at it - this is a major mistake in the testing which must be fixed. |
evp_test 38
The des failures are related to the fix for the incorrect ivlen in
Which will fail with the old provider.. |
evp_test 48 The first failure if here (There could be more!!)
Code was added for reiniting macs inside the providers Evp_test was updated with this PR to test reinit Reinit obviously doesnt work with the 3.0 FIPS provider... If the fips provider ever gets updated this patch would be a good addition. |
evp_test 54
Code was added here for always adding padding when using PROV_DH_KDF_X9_42_ASN1 The offending test is:
i.e the old 3.0 provider used the padding set in the Ctrl. The new provider ignores this value and always does padding. |
evp_test 57
This has the same issue with the mac reinit as 48 |
evp_test 51
Is the kdf_derive() issue described in the intro comments. |
The Explicit curve errors are related to this: For both 04-test_encoder_decoder.t and 25-test_verify.t
The expected output is (and the output from the default provider is)
We get a unexpected pass with the old fips provider
|
I noticed there is some dup code added into providers for either kdf or mac.. If we test this anywhere it would also fail. |
I think that covers all the errors.. |
Trying to be tricky in EVP_PKEY_eq() by doing something like
Doesnt quite work since RSA keys dont work with EVP_PKEY_get_raw_public_key().. Arrgh!! |
We could use keymgmt has() function to check whether the public key and/or private key is present. |
I don't see a need for either hold on this issue. The tests need to be update and additional CIs run to catch similar sooner. The only item here that constitutes a regression IMO is the |
I think the main driver for this is that a release needs to be done in order to fix this.. |
Fixes openssl#19171 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#19201)
Fixes openssl#19171 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#19201)
I am not sure why we ended up testing the stable 3.0.X branch against master and NOT
3.0.0 source tarball against latest stable 3.0.X branch..
The consequence of this is that the end user can not run tests without failures if they run
3.0.0 source tarball against latest stable 3.0.X branch..
I have verified that there is at least one breaking change (see comment below related to key mismatch) when using the OpenSSL 3.0 fips provider with OpenSSL 3.0.5.
The first failure I looked at happens because the tests were updated to match changes inside the provider..
e.g:
Inside provider/exchange/kdf_exch.c the new code is
Inside the 3.0 fips provider the code is much simpler and does not do the
As evp_test was then updated to deliberately double the len this will fail with the 3.0 fips provider...
How do we fix this?
What is the process that users should follow to deploy and test the OpenSSL 3.0 FIPS provider?
Test failures
04-test_encoder_decoder.t (Wstat: 256 Tests: 3 Failed: 1)
Failed test: 3
Non-zero exit status: 1
25-test_verify.t (Wstat: 512 Tests: 163 Failed: 2)
Failed tests: 115-116
Non-zero exit status: 2
30-test_evp.t (Wstat: 3072 Tests: 103 Failed: 12)
Failed tests: 38, 48, 51-52, 54, 57-63
Non-zero exit status: 12
65-test_cmp_client.t (Wstat: 256 Tests: 3 Failed: 1)
Failed test: 3
Non-zero exit status: 1
65-test_cmp_protect.t (Wstat: 256 Tests: 3 Failed: 1)
Failed test: 3
Non-zero exit status: 1
80-test_cms.t (Wstat: 1792 Tests: 12 Failed: 7)
Failed tests: 2-6, 9, 11
Non-zero exit status: 7
80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28)
Failed tests: 1-21, 23-28, 30
Non-zero exit status: 28
80-test_ssl_old.t (Wstat: 512 Tests: 11 Failed: 2)
Failed tests: 7-8
Non-zero exit status: 2
90-test_sslapi.t (Wstat: 256 Tests: 2 Failed: 1)
Failed test: 2
Non-zero exit status: 1
Files=243, Tests=3437, 474 wallclock secs ( 6.86 usr 0.60 sys + 375.70 cusr 41.42 csys = 424.58 CPU)
NOTE there are quite a few.. keypair mismatch errors such as..
X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405 happens quite
The text was updated successfully, but these errors were encountered: