Add new configurable item pbkdf2-lower-bound-check

Since FIPS provider performs lower bound check by default from v3.0, the
default value for new configurable item will be one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24120)

apps/fipsinstall.c

@@ -55,6 +55,7 @@ typedef enum OPTION_choice {
     OPT_SSHKDF_KEY_CHECK,
     OPT_SSKDF_KEY_CHECK,
     OPT_X963KDF_KEY_CHECK,
+    OPT_NO_PBKDF2_LOWER_BOUND_CHECK,
     OPT_SELF_TEST_ONLOAD, OPT_SELF_TEST_ONINSTALL
 } OPTION_CHOICE;
 
@@ -112,6 +113,8 @@ const OPTIONS fipsinstall_options[] = {
      "Enable key check for SSKDF"},
     {"x963kdf_key_check", OPT_X963KDF_KEY_CHECK, '-',
      "Enable key check for X963KDF"},
+    {"no_pbkdf2_lower_bound_check", OPT_NO_PBKDF2_LOWER_BOUND_CHECK, '-',
+     "Disable lower bound check for PBKDF2"},
     OPT_SECTION("Input"),
     {"in", OPT_IN, '<', "Input config file, used when verifying"},
 
@@ -150,6 +153,7 @@ typedef struct {
     unsigned int sshkdf_key_check : 1;
     unsigned int sskdf_key_check : 1;
     unsigned int x963kdf_key_check : 1;
+    unsigned int pbkdf2_lower_bound_check : 1;
 } FIPS_OPTS;
 
 /* Pedantic FIPS compliance */
@@ -175,6 +179,7 @@ static const FIPS_OPTS pedantic_opts = {
     1,      /* sshkdf_key_check */
     1,      /* sskdf_key_check */
     1,      /* x963kdf_key_check */
+    1,      /* pbkdf2_lower_bound_check */
 };
 
 /* Default FIPS settings for backward compatibility */
@@ -200,6 +205,7 @@ static FIPS_OPTS fips_opts = {
     0,      /* sshkdf_key_check */
     0,      /* sskdf_key_check */
     0,      /* x963kdf_key_check */
+    1,      /* pbkdf2_lower_bound_check */
 };
 
 static int check_non_pedantic_fips(int pedantic, const char *name)
@@ -361,6 +367,9 @@ static int write_config_fips_section(BIO *out, const char *section,
                       opts->sskdf_key_check ? "1": "0") <= 0
         || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_X963KDF_KEY_CHECK,
                       opts->x963kdf_key_check ? "1": "0") <= 0
+        || BIO_printf(out, "%s = %s\n",
+                      OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK,
+                      opts->pbkdf2_lower_bound_check ? "1" : "0") <= 0
         || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
                       module_mac_len))
         goto end;
@@ -595,6 +604,11 @@ int fipsinstall_main(int argc, char **argv)
         case OPT_X963KDF_KEY_CHECK:
             fips_opts.x963kdf_key_check = 1;
             break;
+        case OPT_NO_PBKDF2_LOWER_BOUND_CHECK:
+            if (!check_non_pedantic_fips(pedantic, "no_pbkdf2_lower_bound_check"))
+                goto end;
+            fips_opts.pbkdf2_lower_bound_check = 0;
+            break;
         case OPT_QUIET:
             quiet = 1;
             /* FALLTHROUGH */

doc/man1/openssl-fipsinstall.pod.in

@@ -31,6 +31,7 @@ B<openssl fipsinstall>
 [B<-sskdf_digest_check>]
 [B<-x963kdf_digest_check>]
 [B<-dsa_sign_disabled>]
+[B<-no_pbkdf2_lower_bound_check>]
 [B<-no_short_mac>]
 [B<-tdes_encrypt_disabled>]
 [B<-rsa_sign_x931_disabled>]
@@ -299,6 +300,11 @@ Configure the module to enable a run-time short key-derivation key check when
 deriving a key by X963KDF.
 See NIST SP 800-131Ar2 for details.
 
+=item B<-no_pbkdf2_lower_bound_check>
+
+Configure the module to not perform run-time lower bound check for PBKDF2.
+See NIST SP 800-132 for details.
+
 =item B<-self_test_onload>
 
 Do not write the two fields related to the "test status indicator" and

include/openssl/fips_names.h

@@ -198,6 +198,14 @@ extern "C" {
  */
 # define OSSL_PROV_FIPS_PARAM_X963KDF_KEY_CHECK "x963kdf-key-check"
 
+/*
+ * A boolean that determines if the runtime lower bound check for PBKDF2 is
+ * performed.
+ * This is enabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK "pbkdf2-lower-bound-check"
+
 # ifdef __cplusplus
 }
 # endif

providers/common/include/prov/fipscommon.h

@@ -29,5 +29,6 @@ int FIPS_tls1_prf_key_check(OSSL_LIB_CTX *libctx);
 int FIPS_sshkdf_key_check(OSSL_LIB_CTX *libctx);
 int FIPS_sskdf_key_check(OSSL_LIB_CTX *libctx);
 int FIPS_x963kdf_key_check(OSSL_LIB_CTX *libctx);
+int FIPS_pbkdf2_lower_bound_check(OSSL_LIB_CTX *libctx);
 
 #endif

providers/fips/fipsprov.c

@@ -104,6 +104,7 @@ typedef struct fips_global_st {
     FIPS_OPTION fips_sshkdf_key_check;
     FIPS_OPTION fips_sskdf_key_check;
     FIPS_OPTION fips_x963kdf_key_check;
+    FIPS_OPTION fips_pbkdf2_lower_bound_check;
 } FIPS_GLOBAL;
 
 static void init_fips_option(FIPS_OPTION *opt, int enabled)
@@ -137,6 +138,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
     init_fips_option(&fgbl->fips_sshkdf_key_check, 0);
     init_fips_option(&fgbl->fips_sskdf_key_check, 0);
     init_fips_option(&fgbl->fips_x963kdf_key_check, 0);
+    init_fips_option(&fgbl->fips_pbkdf2_lower_bound_check, 1);
     return fgbl;
 }
 
@@ -185,6 +187,8 @@ static const OSSL_PARAM fips_param_types[] = {
                     0),
     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_X963KDF_KEY_CHECK, OSSL_PARAM_INTEGER, NULL,
                     0),
+    OSSL_PARAM_DEFN(OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK,
+                    OSSL_PARAM_INTEGER, NULL, 0),
     OSSL_PARAM_END
 };
 
@@ -198,7 +202,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
     * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
     * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
     */
-    OSSL_PARAM core_params[26], *p = core_params;
+    OSSL_PARAM core_params[27], *p = core_params;
 
     *p++ = OSSL_PARAM_construct_utf8_ptr(
             OSSL_PROV_PARAM_CORE_MODULE_FILENAME,
@@ -269,6 +273,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
                         fips_sskdf_key_check);
     FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_X963KDF_KEY_CHECK,
                         fips_x963kdf_key_check);
+    FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK,
+                        fips_pbkdf2_lower_bound_check);
 #undef FIPS_FEATURE_OPTION
 
     *p = OSSL_PARAM_construct_end();
@@ -348,6 +354,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
                      fips_sskdf_key_check);
     FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_X963KDF_KEY_CHECK,
                      fips_x963kdf_key_check);
+    FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK,
+                     fips_pbkdf2_lower_bound_check);
 #undef FIPS_FEATURE_GET
     return 1;
 }
@@ -898,6 +906,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
     FIPS_SET_OPTION(fgbl, fips_sshkdf_key_check);
     FIPS_SET_OPTION(fgbl, fips_sskdf_key_check);
     FIPS_SET_OPTION(fgbl, fips_x963kdf_key_check);
+    FIPS_SET_OPTION(fgbl, fips_pbkdf2_lower_bound_check);
 #undef FIPS_SET_OPTION
 
     ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
@@ -1116,6 +1125,7 @@ FIPS_FEATURE_CHECK(FIPS_tls1_prf_key_check, fips_tls1_prf_key_check)
 FIPS_FEATURE_CHECK(FIPS_sshkdf_key_check, fips_sshkdf_key_check)
 FIPS_FEATURE_CHECK(FIPS_sskdf_key_check, fips_sskdf_key_check)
 FIPS_FEATURE_CHECK(FIPS_x963kdf_key_check, fips_x963kdf_key_check)
+FIPS_FEATURE_CHECK(FIPS_pbkdf2_lower_bound_check, fips_pbkdf2_lower_bound_check)
 
 #undef FIPS_FEATURE_CHECK
 

providers/implementations/kdfs/pbkdf2.c

@@ -28,6 +28,7 @@
 #include "prov/providercommon.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
+#include "prov/fipscommon.h"
 #include "prov/fipsindicator.h"
 #include "pbkdf2.h"
 
@@ -205,11 +206,6 @@ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
 }
 
 #ifdef FIPS_MODULE
-static int fips_lower_bound_check_enabled(OSSL_LIB_CTX *libctx)
-{
-    return ossl_kdf_pbkdf2_default_checks; /* Always is 1 */
-}
-
 static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen)
 {
     OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
@@ -221,7 +217,7 @@ static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen)
     if (!approved) {
         if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx,
                                          "PBKDF2", desc,
-                                         fips_lower_bound_check_enabled)) {
+                                         FIPS_pbkdf2_lower_bound_check)) {
             ERR_raise(ERR_LIB_PROV, error);
             return 0;
         }

test/recipes/03-test_fipsinstall.t

@@ -30,7 +30,8 @@ my @pedantic_okay =
 
 # Incompatible options for pedantic FIPS compliance
 my @pedantic_fail =
-    ( 'no_conditional_errors', 'no_security_checks', 'self_test_oninstall' );
+    ( 'no_conditional_errors', 'no_security_checks', 'self_test_oninstall',
+      'no_pbkdf2_lower_bound_check' );
 
 plan tests => 35 + (scalar @pedantic_okay) + (scalar @pedantic_fail);
 

util/mk-fipsmodule-cnf.pl

@@ -20,6 +20,7 @@ my $dsa_sign_disabled = 1;
 my $tdes_encrypt_disabled = 1;
 my $rsa_sign_x931_pad_disabled = 1;
 my $kdf_key_check = 1;
+my $pbkdf2_lower_bound_check = 1;
 
 my $activate = 1;
 my $version = 1;
@@ -72,4 +73,5 @@ tls1-prf-key-check = $kdf_key_check
 sshkdf-key-check = $kdf_key_check
 sskdf-key-check = $kdf_key_check
 x963kdf-key-check = $kdf_key_check
+pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check
 _____

util/perl/OpenSSL/paramnames.pm

@@ -49,6 +49,7 @@ my %params = (
     'PROV_PARAM_SSHKDF_KEY_CHECK' =>       "sshkdf-key-check",       # uint
     'PROV_PARAM_SSKDF_KEY_CHECK' =>        "sskdf-key-check",        # uint
     'PROV_PARAM_X963KDF_KEY_CHECK' =>      "x963kdf-key-check",      # uint
+    'PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK' => "pbkdf2-lower-bound-check", # uint
 
 # Self test callback parameters
     'PROV_PARAM_SELF_TEST_PHASE' =>  "st-phase",# utf8_string