-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| #11869
Conversation
In the FIPS module, the code as written generate an unconditional error. Fixes openssl#11865
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the form I was going to comment with but @mattcaswell pipped me to it :)
Why didn't our tests pick this issue up? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch
I have no idea. Please someone investigate |
yeah I will look. |
This is test test case for the rsa pading:
note I even added a test for SSLV23_PADDING when I |
My guess is its only testing the default provider not the FIPS provider (which is where this issue occurs). |
Although I would have expected evp_test to test this padding - and that should cover both providers. |
and this compiles, so FIPS_MODULE is never defined: diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 8ffde9f..fdfdf92 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -71,6 +71,7 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
if (md == NULL)
md = EVP_sha1();
#else
+ssss
RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
return 0;
#endif |
... Now I'm lost, the FIPS code is probably dead alltogrther, |
I have no idea what you're doing, @bernd-edlinger. When I add an "ssss" line like you fid, my compiler does complain! |
hmm.
but the int3 makes the test/rsa_test fail:
I have configured with |
With |
Perhaps Configure should output a message about that. |
Yeah, if I want to debug something, I do usually try to build everthing statically, |
OTOH, when there is not FIPS which test case should complain about that ? |
|
but how can it be, that the no-pic version with int3 in the oaep code path
but @mattcaswell you said that the evp test should also trigger? |
Okay, now shared object:
@levitte yes, the ssss version does not compile but int3 does not cause any test failures. That explains why this defect cant be found in our tests. |
The same duplication I already saw with the AES code. |
Hmm, is it possible that the deprecated legacy AES API is |
It's possible that our OAEP tests aren't performed with the FIPS module. That doesn't make the code dead. |
I wouldn't call it a good sign either. |
There are a number of OAEP tests in test/recipes/30-test_evp_data/evppkey.txt. The EVP tests are supposed to be run by both the default provider and the FIPS provider, so I would have expected those tests to pick up this issue. I haven't investigated why it didn't. |
Ah, the answer is easy:
|
You can't have a known answer test when the encyption is randomized. |
We should perhaps add a roundtrip (i.e. encrypt then decrypt) test in evp_extra_test for OAEP. |
Could we add encryption stanzas for evp_test? |
Well, I think the problem there is as @bernd-edlinger points out "You can't have a known answer test when the encyption is randomized." |
You can if you supply the entropy. |
Do we have that capability in evp_test? |
not yet :) |
now, I am curious, are there FIPS test vectors for that? |
We do at the moment but not in a nice manner. The DRBG tests implement something that is adequate. The changes in #11682 will break what is currently done but the capability needs to be available and it is on the TODO list. |
I cant see any.. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
In the FIPS module, the code as written generate an unconditional error. Fixes #11865 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from #11869)
Merged e637d47 rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| |
In the FIPS module, the code as written generate an unconditional
error.
Fixes #11865