Disable RSA-OAEP padding in FIPS mode

Resolves: rhbz#2118695
2022-08-17 10:34:43 +02:00 · 2022-08-17 10:34:43 +02:00 · c5605976bf
commit c5605976bf
parent f42be9ce3d
2 changed files with 153 additions and 0 deletions
--- a/libgcrypt-1.10.0-fips-disable-oaep.patch
+++ b/libgcrypt-1.10.0-fips-disable-oaep.patch
@ -0,0 +1,151 @@
 From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Wed, 17 Aug 2022 09:01:44 +0200
 Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode
 * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
  in FIPS mode for encryption
 * cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
  decryption
 ---
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 cipher/pubkey-util.c | 5 ++++-
 cipher/rsa.c         | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)
 diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
 index 4953caf3..244dd5d4 100644
 --- a/cipher/pubkey-util.c
 +++ b/cipher/pubkey-util.c
@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       const void * value;
       size_t valuelen;
 -      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
 +      /* The RSA OAEP encryption requires some more assurances in FIPS */
 +      if (fips_mode ())
 +        rc = GPG_ERR_INV_FLAG;
 +      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
 	rc = GPG_ERR_INV_OBJ;
       else
 	{
 diff --git a/cipher/rsa.c b/cipher/rsa.c
 index 96dba090..87f57b55 100644
 --- a/cipher/rsa.c
 +++ b/cipher/rsa.c
@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
       rc = GPG_ERR_INV_DATA;
       goto leave;
     }
 -  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
 +  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 ||
 +                       ctx.encoding == PUBKEY_ENC_OAEP))
     {
       rc = GPG_ERR_INV_FLAG;
       goto leave;
 -- 
 2.37.1
 From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Wed, 17 Aug 2022 10:31:19 +0200
 Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode
 * tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
  to fail in FIPS mode
 * tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
  mode
 ---
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/basic.c   | 14 +++++++++-----
 tests/pkcs1v2.c | 13 +++++++++++++
 2 files changed, 22 insertions(+), 5 deletions(-)
 diff --git a/tests/basic.c b/tests/basic.c
 index 26980e15..b4102c9f 100644
 --- a/tests/basic.c
 +++ b/tests/basic.c
@@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	"(flags oaep)",
 	1,
 	0,
 -	0 },
 +	0,
 +	FLAG_NOFIPS },
       { GCRY_PK_RSA,
         "(data\n (flags oaep)\n (hash-algo sha1)\n"
 	" (value #11223344556677889900AA#))\n",
 	"(flags oaep)(hash-algo sha1)",
 	1,
 	0,
 -	0 },
 +	0,
 +	FLAG_NOFIPS },
       { GCRY_PK_RSA,
         "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
 	" (value #11223344556677889900AA#))\n",
 	"(flags oaep)(hash-algo sha1)(label \"test\")",
 	1,
 	0,
 -	0 },
 +	0,
 +	FLAG_NOFIPS },
       { GCRY_PK_RSA,
         "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
 	" (value #11223344556677889900AA#)\n"
@@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	"(flags oaep)(hash-algo sha1)(label \"test\")",
 	1,
 	0,
 -	0 },
 +	0,
 +	FLAG_NOFIPS },
       {	0,
         "(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
 	NULL,
@@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	"(flags pkcs1)",
 	1,
 	0,
 -	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
 +	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS },
       {	0,
         "(data\n (flags pss)\n"
 	" (value #11223344556677889900AA#))\n",
 diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
 index 6c7f3d81..2fd495d5 100644
 --- a/tests/pkcs1v2.c
 +++ b/tests/pkcs1v2.c
@@ -186,11 +186,24 @@ check_oaep (void)
           err = gcry_pk_encrypt (&ciph, plain, pub_key);
           if (err)
             {
 +              if (in_fips_mode)
 +                {
 +                  gcry_sexp_release (plain);
 +                  plain = NULL;
 +                  continue;
 +                }
               show_sexp ("plain:\n", ciph);
               fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
             }
           else
             {
 +              if (in_fips_mode)
 +                {
 +                  fail ("The OAEP encryption unexpectedly worked in FIPS mode\n");
 +                  gcry_sexp_release (plain);
 +                  plain = NULL;
 +                  continue;
 +                }
               if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr,
                                     tbl[tno].m[mno].desc))
                 {
 -- 
 2.37.1
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -28,6 +28,7 @@ Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
 Patch5: libgcrypt-1.10.0-allow-short-salt.patch
 Patch6: libgcrypt-1.10.0-fips-getrandom.patch
 Patch7: libgcrypt-1.10.0-fips-selftest.patch
 Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@ -70,6 +71,7 @@ applications using libgcrypt.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %build
 # This package has a configure test which uses ASMs, but does not link the