From 5d738bdd7fe0e7e68f6b423b2c3d010eecbd88b8 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Tue, 22 Nov 2022 12:57:21 +0100 Subject: [PATCH] Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 --- 0090-FIPS-RSA-encapsulate.patch | 32 ++++++++++++++++++++++++++++++++ openssl.spec | 4 ++++ 2 files changed, 36 insertions(+) create mode 100644 0090-FIPS-RSA-encapsulate.patch diff --git a/0090-FIPS-RSA-encapsulate.patch b/0090-FIPS-RSA-encapsulate.patch new file mode 100644 index 0000000..0e24cf8 --- /dev/null +++ b/0090-FIPS-RSA-encapsulate.patch @@ -0,0 +1,32 @@ +diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c +--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100 ++++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100 +@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX + *secretlen = nlen; + return 1; + } ++ ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* + * Step (2): Generate a random byte string z of nlen bytes where + * 1 < z < n - 1 +@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX * + return 1; + } + ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* Step (2): check the input ciphertext 'inlen' matches the nlen */ + if (inlen != nlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); diff --git a/openssl.spec b/openssl.spec index 7975059..287a6f2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -184,6 +184,8 @@ Patch87: 0087-FIPS-RSA-selftest-params.patch Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142087 Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2144561 +Patch90: 0090-FIPS-RSA-encapsulate.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -535,6 +537,8 @@ install -m644 %{SOURCE9} \ Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 +- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode + Resolves: rhbz#2145170 * Tue Nov 01 2022 Dmitry Belyavskiy - 1:3.0.1-43 - CVE-2022-3602: X.509 Email Address Buffer Overflow