From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Nov 2023 07:45:42 +0900 Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch Signed-off-by: rpm-build --- lib/nettle/pk.c | 13 +++++-------- lib/pubkey.c | 3 --- tests/fips-test.c | 8 ++++---- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 4ddfcff..36a7c24 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, if (hash_len > vdata->size) hash_len = vdata->size; - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy - * mode */ switch (DIG_TO_MAC(sign_params->dsa_dig)) { - case GNUTLS_MAC_SHA1: case GNUTLS_MAC_SHA256: case GNUTLS_MAC_SHA384: case GNUTLS_MAC_SHA512: @@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, * 2048-bit or one of the known lengths (1024, 1280, * 1536, 1792; i.e., multiple of 256-bits). * - * In addition to this, only SHA-1 and SHA-2 are allowed - * for SigVer; it is checked in _pkcs1_rsa_verify_sig in + * In addition to this, only SHA-2 is allowed for + * SigVer; it is checked in _pkcs1_rsa_verify_sig in * lib/pubkey.c. */ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 && @@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, } /* RSA modulus size should be 2048-bit or larger in FIPS - * 140-3. In addition to this, only SHA-1 and SHA-2 are - * allowed for SigVer, while Nettle only supports - * SHA256, SHA384, and SHA512 for RSA-PSS (see + * 140-3. In addition to this, only SHA-2 is allowed + * for SigVer, while Nettle only supports SHA256, + * SHA384, and SHA512 for RSA-PSS (see * _rsa_pss_verify_digest in this file for the details). */ if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) { diff --git a/lib/pubkey.c b/lib/pubkey.c index 1139ad9..714806a 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, d.size = digest_size; if (pk == GNUTLS_PK_RSA) { - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy - * mode */ switch (me->id) { - case GNUTLS_MAC_SHA1: case GNUTLS_MAC_SHA256: case GNUTLS_MAC_SHA384: case GNUTLS_MAC_SHA512: diff --git a/tests/fips-test.c b/tests/fips-test.c index 180da05..09120c1 100644 --- a/tests/fips-test.c +++ b/tests/fips-test.c @@ -596,7 +596,7 @@ void doit(void) } FIPS_POP_CONTEXT(NOT_APPROVED); - /* Verify a signature created with 2432-bit RSA and SHA-1; approved */ + /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */ FIPS_PUSH_CONTEXT(); ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, @@ -604,7 +604,7 @@ void doit(void) if (ret < 0) { fail("gnutls_pubkey_verify_data2 failed\n"); } - FIPS_POP_CONTEXT(APPROVED); + FIPS_POP_CONTEXT(NOT_APPROVED); gnutls_free(signature.data); gnutls_pubkey_deinit(pubkey); gnutls_privkey_deinit(privkey); @@ -708,7 +708,7 @@ void doit(void) } FIPS_POP_CONTEXT(NOT_APPROVED); - /* Verify a signature created with ECDSA and SHA-1; approved */ + /* Verify a signature created with ECDSA and SHA-1; not approved */ FIPS_PUSH_CONTEXT(); ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, @@ -716,7 +716,7 @@ void doit(void) if (ret < 0) { fail("gnutls_pubkey_verify_data2 failed\n"); } - FIPS_POP_CONTEXT(APPROVED); + FIPS_POP_CONTEXT(NOT_APPROVED); gnutls_free(signature.data); /* Create a signature with ECDSA and SHA-1 (old API); not approved */ -- 2.41.0