-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-9.4
-
openssl-3.0.7-25.el9
-
None
-
None
-
ZStream
-
2
-
sst_security_crypto
-
ssg_security
-
26
-
0.2
-
False
-
-
No
-
Crypto24Q1, Crypto23Q4
-
Approved Blocker
-
-
Pass
-
Not Needed
-
RegressionOnly
-
Release Note Not Required
-
None
From 56Arev3 the owner needs to gain assurance of the public key validity as mentioned in :
5.6.2.1 Assurances Required by the Key Pair Owner
Prior to the use of a static or ephemeral key pair in a key-establishment transaction, the keypair owner shall confirm the validity of the key pair by obtaining the following assurances:
...
Assurance of public-key validity – assurance that the public key has the correct
representation for a non-identity element of the correct cryptographic subgroup, as uniquely determined by the domain parameters (see Section 5.6.2.1.3 for the methods for obtaining this assurance).
This was further refined in a recent RFG by the CMVP stating that the ECDH key generation service shall include a call to the public key validation.
This is compliant for DH but not for ECDH where ec_generate_key() does not call ossl_ec_key_public_check().
A possible solution would be to add something like this similar to what was already done for DH in crypto/dh/dh_key.c:
#ifdef FIPS_MODULE if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); goto err; } #endif
Something like this in ec_generate_key() :
#ifdef FIPS_MODULE if (ossl_ec_key_public_check(eckey, ctx) <= 0) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); goto err; } #endif
- is cloned by
-
RHEL-15992 NIST SP 800-56Arev3 Section 5.6.2.1 - Missing ECDH Public Key Check [rhel-9.2.0.z]
- Closed
-
RHEL-15993 NIST SP 800-56Arev3 Section 5.6.2.1 - Missing ECDH Public Key Check [rhel-9.3.0.z]
- Closed
- links to
-
RHBA-2023:124119 openssl bug fix and enhancement update
- mentioned on