-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
openssl-3.0.7-18.el9_2
-
None
-
None
-
ZStream
-
1
-
sst_security_crypto
-
ssg_security
-
0.2
-
False
-
-
None
-
Crypto24Q1
-
-
Pass
-
Not Needed
-
RegressionOnly
-
None
This is a clone of issue RHEL-15990 to use for version rhel-9.2.0.z
–
Original description:
From 56Arev3 the owner needs to gain assurance of the public key validity as mentioned in :
5.6.2.1 Assurances Required by the Key Pair Owner
Prior to the use of a static or ephemeral key pair in a key-establishment transaction, the keypair owner shall confirm the validity of the key pair by obtaining the following assurances:
...
Assurance of public-key validity – assurance that the public key has the correct
representation for a non-identity element of the correct cryptographic subgroup, as uniquely determined by the domain parameters (see Section 5.6.2.1.3 for the methods for obtaining this assurance).
This was further refined in a recent RFG by the CMVP stating that the ECDH key generation service shall include a call to the public key validation.
This is compliant for DH but not for ECDH where ec_generate_key() does not call ossl_ec_key_public_check().
A possible solution would be to add something like this similar to what was already done for DH in crypto/dh/dh_key.c:
#ifdef FIPS_MODULE if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); goto err; } #endif
Something like this in ec_generate_key() :
#ifdef FIPS_MODULE if (ossl_ec_key_public_check(eckey, ctx) <= 0) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); goto err; } #endif
- clones
-
RHEL-15990 NIST SP 800-56Arev3 Section 5.6.2.1 - Missing ECDH Public Key Check
- Closed
- links to
-
RHSA-2023:124380 openssl security and bug fix update
- mentioned on