From ac3559e51e518bfa852de28e0371191e3860ab20 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Fri, 29 Aug 2025 16:57:12 +0100 Subject: [PATCH] Fix test_ssl.rb in FIPS. test_post_connect_check_with_anon_ciphers: test_tmp_dh_callback: test_tmp_dh: DH missing the q value on unknown named parameters (ciphers) is not FIPS-approved, according to the FIPS-186-4 APPENDIX B: Key Pair Generation - B.1.1 Key Pair Generation Using Extra Random Bits, the inputs p, q, and g are required. However, TLS doesn't send q. https://csrc.nist.gov/pubs/fips/186-4/final OpenSSL has a special workaround to recover the missing "q" value for known named parameters, which is the reason why other tests that use the default parameters in `lib/openssl/ssl.rb` are working. Note that the test_post_connect_check_with_anon_ciphers test got the following error on `OpenSSL.debug = true` in FIPS. ``` /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:551: warning: error on stack: error:0A0C0103:SSL routines:tls_construct_server_key_exchange:internal error ``` test_get_ephemeral_key: kRSA (PKCS1-v1_5 padding) is not allowed in FIPS according to the NIST SP 800-131A Rev. 2 - 6 Key Agreement and Key Transport Using RSA - Table 5: Approval Status for the RSA-based Key Agreement and Key Transport Schemes - PKCS1-v1_5 padding - Disallowed after 2023 https://csrc.nist.gov/pubs/sp/800/131/a/r2/final Note that the test_get_ephemeral_key test got the following error on `OpenSSL.debug = true` in FIPS. ``` test/openssl/test_ssl.rb:2326: warning: error on stack: error:1C8000A8:Provider routines:rsa_encrypt:invalid padding mode ``` --- Rakefile | 1 - test/openssl/test_ssl.rb | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 3674c1c9d..3d94f9166 100644 --- a/Rakefile +++ b/Rakefile @@ -34,7 +34,6 @@ Rake::TestTask.new(:test_fips_internal) do |t| 'test/openssl/test_ns_spki.rb', 'test/openssl/test_ocsp.rb', 'test/openssl/test_pkcs12.rb', - 'test/openssl/test_ssl.rb', 'test/openssl/test_ts.rb', 'test/openssl/test_x509cert.rb', 'test/openssl/test_x509crl.rb', diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index fc19f4d94..7abe2c6df 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -685,6 +685,8 @@ def test_sslctx_set_params end def test_post_connect_check_with_anon_ciphers + # DH missing the q value on unknown named parameters is not FIPS-approved. + omit_on_fips omit "AWS-LC does not support DHE ciphersuites" if aws_lc? ctx_proc = -> ctx { @@ -1747,6 +1749,9 @@ def test_sync_close_without_connect end def test_get_ephemeral_key + # kRSA is not FIPS-approved. + omit_on_fips + # kRSA ctx_proc1 = proc { |ctx| ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION @@ -1863,6 +1868,8 @@ def test_fallback_scsv end def test_tmp_dh_callback + # DH missing the q value on unknown named parameters is not FIPS-approved. + omit_on_fips omit "AWS-LC does not support DHE ciphersuites" if aws_lc? dh = Fixtures.pkey("dh-1") @@ -2131,6 +2138,8 @@ def test_connect_works_when_setting_dh_callback_to_nil end def test_tmp_dh + # DH missing the q value on unknown named parameters is not FIPS-approved. + omit_on_fips omit "AWS-LC does not support DHE ciphersuites" if aws_lc? dh = Fixtures.pkey("dh-1")