2024-04-30 14:09:30 +00:00
|
|
|
From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001
|
|
|
|
From: rpm-build <rpm-build>
|
|
|
|
Date: Mon, 20 Nov 2023 07:45:42 +0900
|
|
|
|
Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch
|
2023-11-07 11:18:23 +00:00
|
|
|
|
2024-04-30 14:09:30 +00:00
|
|
|
Signed-off-by: rpm-build <rpm-build>
|
2023-11-07 11:18:23 +00:00
|
|
|
---
|
|
|
|
lib/nettle/pk.c | 13 +++++--------
|
|
|
|
lib/pubkey.c | 3 ---
|
|
|
|
tests/fips-test.c | 8 ++++----
|
|
|
|
3 files changed, 9 insertions(+), 15 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
2024-04-30 14:09:30 +00:00
|
|
|
index 4ddfcff..36a7c24 100644
|
2023-11-07 11:18:23 +00:00
|
|
|
--- a/lib/nettle/pk.c
|
|
|
|
+++ b/lib/nettle/pk.c
|
2024-04-30 14:09:30 +00:00
|
|
|
@@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
|
|
|
if (hash_len > vdata->size)
|
|
|
|
hash_len = vdata->size;
|
2023-11-07 11:18:23 +00:00
|
|
|
|
2024-04-30 14:09:30 +00:00
|
|
|
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
|
2023-11-07 11:18:23 +00:00
|
|
|
- * mode */
|
2024-04-30 14:09:30 +00:00
|
|
|
switch (DIG_TO_MAC(sign_params->dsa_dig)) {
|
|
|
|
- case GNUTLS_MAC_SHA1:
|
|
|
|
case GNUTLS_MAC_SHA256:
|
|
|
|
case GNUTLS_MAC_SHA384:
|
|
|
|
case GNUTLS_MAC_SHA512:
|
|
|
|
@@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
2023-11-07 11:18:23 +00:00
|
|
|
* 2048-bit or one of the known lengths (1024, 1280,
|
|
|
|
* 1536, 1792; i.e., multiple of 256-bits).
|
|
|
|
*
|
|
|
|
- * In addition to this, only SHA-1 and SHA-2 are allowed
|
|
|
|
- * for SigVer; it is checked in _pkcs1_rsa_verify_sig in
|
|
|
|
+ * In addition to this, only SHA-2 is allowed for
|
|
|
|
+ * SigVer; it is checked in _pkcs1_rsa_verify_sig in
|
|
|
|
* lib/pubkey.c.
|
|
|
|
*/
|
2024-04-30 14:09:30 +00:00
|
|
|
if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
|
|
|
|
@@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
|
|
|
}
|
2023-11-07 11:18:23 +00:00
|
|
|
|
2024-04-30 14:09:30 +00:00
|
|
|
/* RSA modulus size should be 2048-bit or larger in FIPS
|
2023-11-07 11:18:23 +00:00
|
|
|
- * 140-3. In addition to this, only SHA-1 and SHA-2 are
|
|
|
|
- * allowed for SigVer, while Nettle only supports
|
|
|
|
- * SHA256, SHA384, and SHA512 for RSA-PSS (see
|
|
|
|
+ * 140-3. In addition to this, only SHA-2 is allowed
|
|
|
|
+ * for SigVer, while Nettle only supports SHA256,
|
|
|
|
+ * SHA384, and SHA512 for RSA-PSS (see
|
|
|
|
* _rsa_pss_verify_digest in this file for the details).
|
|
|
|
*/
|
2024-04-30 14:09:30 +00:00
|
|
|
if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) {
|
2023-11-07 11:18:23 +00:00
|
|
|
diff --git a/lib/pubkey.c b/lib/pubkey.c
|
2024-04-30 14:09:30 +00:00
|
|
|
index 1139ad9..714806a 100644
|
2023-11-07 11:18:23 +00:00
|
|
|
--- a/lib/pubkey.c
|
|
|
|
+++ b/lib/pubkey.c
|
2024-04-30 14:09:30 +00:00
|
|
|
@@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
|
2023-11-07 11:18:23 +00:00
|
|
|
d.size = digest_size;
|
|
|
|
|
|
|
|
if (pk == GNUTLS_PK_RSA) {
|
|
|
|
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
|
|
|
|
- * mode */
|
|
|
|
switch (me->id) {
|
|
|
|
- case GNUTLS_MAC_SHA1:
|
|
|
|
case GNUTLS_MAC_SHA256:
|
|
|
|
case GNUTLS_MAC_SHA384:
|
|
|
|
case GNUTLS_MAC_SHA512:
|
|
|
|
diff --git a/tests/fips-test.c b/tests/fips-test.c
|
2024-04-30 14:09:30 +00:00
|
|
|
index 180da05..09120c1 100644
|
2023-11-07 11:18:23 +00:00
|
|
|
--- a/tests/fips-test.c
|
|
|
|
+++ b/tests/fips-test.c
|
2024-04-30 14:09:30 +00:00
|
|
|
@@ -596,7 +596,7 @@ void doit(void)
|
2023-11-07 11:18:23 +00:00
|
|
|
}
|
|
|
|
FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
|
|
|
|
|
|
- /* Verify a signature created with 2432-bit RSA and SHA-1; approved */
|
|
|
|
+ /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */
|
|
|
|
FIPS_PUSH_CONTEXT();
|
|
|
|
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1,
|
2024-04-30 14:09:30 +00:00
|
|
|
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
|
|
|
|
@@ -604,7 +604,7 @@ void doit(void)
|
2023-11-07 11:18:23 +00:00
|
|
|
if (ret < 0) {
|
|
|
|
fail("gnutls_pubkey_verify_data2 failed\n");
|
|
|
|
}
|
|
|
|
- FIPS_POP_CONTEXT(APPROVED);
|
|
|
|
+ FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
|
|
gnutls_free(signature.data);
|
|
|
|
gnutls_pubkey_deinit(pubkey);
|
|
|
|
gnutls_privkey_deinit(privkey);
|
2024-04-30 14:09:30 +00:00
|
|
|
@@ -708,7 +708,7 @@ void doit(void)
|
2023-11-07 11:18:23 +00:00
|
|
|
}
|
|
|
|
FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
|
|
|
|
|
|
- /* Verify a signature created with ECDSA and SHA-1; approved */
|
|
|
|
+ /* Verify a signature created with ECDSA and SHA-1; not approved */
|
|
|
|
FIPS_PUSH_CONTEXT();
|
|
|
|
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1,
|
2024-04-30 14:09:30 +00:00
|
|
|
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
|
|
|
|
@@ -716,7 +716,7 @@ void doit(void)
|
2023-11-07 11:18:23 +00:00
|
|
|
if (ret < 0) {
|
|
|
|
fail("gnutls_pubkey_verify_data2 failed\n");
|
|
|
|
}
|
|
|
|
- FIPS_POP_CONTEXT(APPROVED);
|
|
|
|
+ FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
|
|
gnutls_free(signature.data);
|
|
|
|
|
|
|
|
/* Create a signature with ECDSA and SHA-1 (old API); not approved */
|
|
|
|
--
|
|
|
|
2.41.0
|
|
|
|
|