forked from rpms/openssl
c0667361a5
The previous state of the patch did not work correctly when used with negative salt lengths, which OpenSSL uses a magic values. Setting the saltlength to max would yield an approved state in the indicator, while it is not approved. Additionally, update the patch to change the default PSS salt length with the current state of discussion upstream (see https://github.com/openssl/openssl/pull/19724). Resolves: rhbz#2142087 Signed-off-by: Clemens Lang <cllang@redhat.com>
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c
|
|
--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100
|
|
+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100
|
|
@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX
|
|
*secretlen = nlen;
|
|
return 1;
|
|
}
|
|
+
|
|
+#ifdef FIPS_MODULE
|
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/*
|
|
* Step (2): Generate a random byte string z of nlen bytes where
|
|
* 1 < z < n - 1
|
|
@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX *
|
|
return 1;
|
|
}
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
|
if (inlen != nlen) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|