fips: Allow SigVer only with RSA keys with modulus >= 2048 bits

Brings the behaviour in line with gnutls-3.8.3-6.el9_6.5 (RHEL-171165).

Resolves: RHEL-183027
This commit is contained in:
Alexander Sosedkin 2026-07-02 19:56:51 +02:00
parent 20b3bf3ea9
commit 2d191398bd
2 changed files with 4 additions and 78 deletions

View File

@ -1,75 +0,0 @@
commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Nov 19 10:48:51 2025 +0100
Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits"
This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec.
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 5986a410c2..d14efbaaf0 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
bits = mpz_sizeinbase(pub.n, 2);
- /* In FIPS 140-3, RSA key size should be larger than 2048-bit.
+ /* In FIPS 140-3, RSA key size should be larger than
+ * 2048-bit or one of the known lengths (1024, 1280,
+ * 1536, 1792; i.e., multiple of 256-bits).
+ *
* In addition to this, only SHA-2 is allowed
* for SigVer; it is checked in _pkcs1_rsa_verify_sig in
* lib/pubkey.c.
*/
- if (unlikely(bits < 2048)) {
+ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
+ bits != 1536 && bits != 1792)) {
not_approved = true;
}
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
index 61a76d3c09..d134a35f8c 100644
--- a/tests/fips-rsa-sizes.c
+++ b/tests/fips-rsa-sizes.c
@@ -250,24 +250,35 @@ void doit(void)
assert(gnutls_fips140_context_init(&fips_context) == 0);
+ /* 512-bit RSA: no generate, no sign, no verify */
generate_unsuccessfully(&privkey, &pubkey, 512);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 512-bit RSA again (to be safer about going in and out of FIPS) */
generate_unsuccessfully(&privkey, &pubkey, 512);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 600-bit RSA: no generate, no sign, no verify */
generate_unsuccessfully(&privkey, &pubkey, 600);
sign_verify_unsuccessfully(privkey, pubkey);
+
+ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 768);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 1024-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1024);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1280-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1280);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */
generate_unsuccessfully(&privkey, &pubkey, 1500);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 1536-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1536);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1792-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1792);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */
generate_unsuccessfully(&privkey, &pubkey, 2000);
sign_verify_unsuccessfully(privkey, pubkey);

View File

@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
}
Version: 3.8.10
Release: 6%{?dist}
Release: 7%{?dist}
# not upstreamed
Patch: gnutls-3.2.7-rpath.patch
Patch: gnutls-3.7.2-enable-intel-cet.patch
@ -32,8 +32,6 @@ Patch: gnutls-3.8.10-tests-ktls.patch
# reverts
# * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode
Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch
# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch
# CVE fixes backported from 3.8.12 release
# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041
@ -516,6 +514,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
%endif
%changelog
* Thu Jul 02 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-7
- fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
* Fri Jun 12 2026 Daiki Ueno <dueno@redhat.com> - 3.8.10-6
- Fix order of previous changelog entries (RHEL-172270)