fips: zeroization of public security parameters (PSPs)

ISO 19790:2012/Cor.1:2015 7.9 requires cryptographic module to provide methods to zeroise all unproctected security sensitive parameters (which inclues both Critical/Private **and** Public security parameters). And those that are temprorarly stored are required to be zeroised after they are no longer needed at security levels 2 and higher. Comply with the above requirements by always zeroising public security parameters whenever they are freed. This is currently done under the FIPS feature, however the requirement comes from the ISO 19790:2012 which may also be needed in other jurisdictions. If not always. Note FIPS 140-3 includes ISO 19790:2012 by reference. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24355)
2024-12-15 06:01:37 +08:00 · 2024-04-28 19:40:26 +01:00 · 2024-04-28 19:40:26 +01:00 · fa338aa7cd
commit fa338aa7cd
parent fa4ee40434
5 changed files with 25 additions and 0 deletions
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@ -746,9 +746,13 @@ void EC_POINT_free(EC_POINT *point)
    if (point == NULL)
        return;

+#ifdef FIPS_MODULE
+    EC_POINT_clear_free(point);
+#else
    if (point->meth->point_finish != 0)
        point->meth->point_finish(point);
    OPENSSL_free(point);
+#endif
 }

 void EC_POINT_clear_free(EC_POINT *point)
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@ -27,11 +27,19 @@ void ossl_ffc_params_init(FFC_PARAMS *params)

 void ossl_ffc_params_cleanup(FFC_PARAMS *params)
 {
+#ifdef FIPS_MODULE
+    BN_clear_free(params->p);
+    BN_clear_free(params->q);
+    BN_clear_free(params->g);
+    BN_clear_free(params->j);
+    OPENSSL_clear_free(params->seed, params->seedlen);
+#else
    BN_free(params->p);
    BN_free(params->q);
    BN_free(params->g);
    BN_free(params->j);
    OPENSSL_free(params->seed);
+#endif
    ossl_ffc_params_init(params);
 }

--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@ -159,8 +159,13 @@ void RSA_free(RSA *r)
    CRYPTO_THREAD_lock_free(r->lock);
    CRYPTO_FREE_REF(&r->references);

+#ifdef FIPS_MODULE
+    BN_clear_free(r->n);
+    BN_clear_free(r->e);
+#else
    BN_free(r->n);
    BN_free(r->e);
+#endif
    BN_clear_free(r->d);
    BN_clear_free(r->p);
    BN_clear_free(r->q);
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@ -117,7 +117,11 @@ static void kdf_hkdf_reset(void *vctx)
    void *provctx = ctx->provctx;

    ossl_prov_digest_reset(&ctx->digest);
+#ifdef FIPS_MODULE
+    OPENSSL_clear_free(ctx->salt, ctx->salt_len);
+#else
    OPENSSL_free(ctx->salt);
+#endif
    OPENSSL_free(ctx->prefix);
    OPENSSL_free(ctx->label);
    OPENSSL_clear_free(ctx->data, ctx->data_len);
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@ -90,7 +90,11 @@ static void *kdf_pbkdf2_new(void *provctx)
 static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
 {
    ossl_prov_digest_reset(&ctx->digest);
+#ifdef FIPS_MODULE
+    OPENSSL_clear_free(ctx->salt, ctx->salt_len);
+#else
    OPENSSL_free(ctx->salt);
+#endif
    OPENSSL_clear_free(ctx->pass, ctx->pass_len);
    memset(ctx, 0, sizeof(*ctx));
 }