Bug 2102537

Summary: [FIPS lab review] EC tuning
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED CURRENTRELEASE QA Contact: Alicja Kario <hkario>
Severity: medium Docs Contact:
Priority: high    
Version: 9.0CC: cllang, hkario, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-3.0.1-43.el9_0 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2115857 (view as bug list) Environment:
Last Closed: 2023-06-05 15:57:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2115857    

Description Dmitry Belyavskiy 2022-06-30 07:34:06 UTC 
- crypto/ec:

	- ossl_ecdh_simple_compute_key: I fail to find the check of the remote public key compliant to SP800-56A rev 3 5.6.2.3.3 or 5.6.2.3.4. I.e. I fail to see the link to ossl_ec_key_public_check_quick or ossl_ec_key_public_check via providers/implementations/keymgmt/ec_kmgmt.c.

	- ec_generate_key: I assume that this function is used to generate the ECDH key pair, too. If so, I fail to find the full key validation following SP800-56A rev 3 5.6.2.3.3. I.e. I fail to see the link to ossl_ec_key_public_check via providers/implementations/keymgmt/ec_kmgmt.c.

	- ec_generate_key: I assume that this function is used to generate the ECDH key pair, too. If so, I fail to find the pairwise consistency test for ECDH: generate a *new* public key from the private key and memcmp it with the original public key.
Comment 6 Clemens Lang 2023-06-05 15:57:26 UTC 
RHEL 9.1 contains openssl-3.0.1-43.el9_0.