fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
Brings the behaviour in line with gnutls-3.8.3-6.el9_6.5 (RHEL-171165). Resolves: RHEL-183027
This commit is contained in:
parent
20b3bf3ea9
commit
2d191398bd
@ -1,75 +0,0 @@
|
||||
commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c
|
||||
Author: Alexander Sosedkin <asosedkin@redhat.com>
|
||||
Date: Wed Nov 19 10:48:51 2025 +0100
|
||||
|
||||
Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits"
|
||||
|
||||
This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec.
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index 5986a410c2..d14efbaaf0 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
||||
|
||||
bits = mpz_sizeinbase(pub.n, 2);
|
||||
|
||||
- /* In FIPS 140-3, RSA key size should be larger than 2048-bit.
|
||||
+ /* In FIPS 140-3, RSA key size should be larger than
|
||||
+ * 2048-bit or one of the known lengths (1024, 1280,
|
||||
+ * 1536, 1792; i.e., multiple of 256-bits).
|
||||
+ *
|
||||
* In addition to this, only SHA-2 is allowed
|
||||
* for SigVer; it is checked in _pkcs1_rsa_verify_sig in
|
||||
* lib/pubkey.c.
|
||||
*/
|
||||
- if (unlikely(bits < 2048)) {
|
||||
+ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
|
||||
+ bits != 1536 && bits != 1792)) {
|
||||
not_approved = true;
|
||||
}
|
||||
|
||||
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
|
||||
index 61a76d3c09..d134a35f8c 100644
|
||||
--- a/tests/fips-rsa-sizes.c
|
||||
+++ b/tests/fips-rsa-sizes.c
|
||||
@@ -250,24 +250,35 @@ void doit(void)
|
||||
|
||||
assert(gnutls_fips140_context_init(&fips_context) == 0);
|
||||
|
||||
+ /* 512-bit RSA: no generate, no sign, no verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 512);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ /* 512-bit RSA again (to be safer about going in and out of FIPS) */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 512);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ /* 600-bit RSA: no generate, no sign, no verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 600);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+
|
||||
+ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 768);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ /* 1024-bit RSA exception: nogenerate, nosign, verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 1024);
|
||||
- sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ nosign_verify(privkey, pubkey);
|
||||
+ /* 1280-bit RSA exception: nogenerate, nosign, verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 1280);
|
||||
- sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ nosign_verify(privkey, pubkey);
|
||||
+ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 1500);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ /* 1536-bit RSA exception: nogenerate, nosign, verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 1536);
|
||||
- sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ nosign_verify(privkey, pubkey);
|
||||
+ /* 1792-bit RSA exception: nogenerate, nosign, verify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 1792);
|
||||
- sign_verify_unsuccessfully(privkey, pubkey);
|
||||
+ nosign_verify(privkey, pubkey);
|
||||
+ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */
|
||||
generate_unsuccessfully(&privkey, &pubkey, 2000);
|
||||
sign_verify_unsuccessfully(privkey, pubkey);
|
||||
|
||||
@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
|
||||
}
|
||||
|
||||
Version: 3.8.10
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
# not upstreamed
|
||||
Patch: gnutls-3.2.7-rpath.patch
|
||||
Patch: gnutls-3.7.2-enable-intel-cet.patch
|
||||
@ -32,8 +32,6 @@ Patch: gnutls-3.8.10-tests-ktls.patch
|
||||
# reverts
|
||||
# * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode
|
||||
Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch
|
||||
# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
|
||||
Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch
|
||||
|
||||
# CVE fixes backported from 3.8.12 release
|
||||
# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041
|
||||
@ -516,6 +514,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jul 02 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-7
|
||||
- fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
|
||||
|
||||
* Fri Jun 12 2026 Daiki Ueno <dueno@redhat.com> - 3.8.10-6
|
||||
- Fix order of previous changelog entries (RHEL-172270)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user