Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode

Resolves: rhbz#2145170
This commit is contained in:
Dmitry Belyavskiy 2022-11-22 12:57:21 +01:00
parent 80de7ffd9c
commit 5d738bdd7f
2 changed files with 36 additions and 0 deletions

View File

@ -0,0 +1,32 @@
diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c
--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100
+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100
@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX
*secretlen = nlen;
return 1;
}
+
+#ifdef FIPS_MODULE
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+#endif
+
/*
* Step (2): Generate a random byte string z of nlen bytes where
* 1 < z < n - 1
@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX *
return 1;
}
+#ifdef FIPS_MODULE
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+#endif
+
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
if (inlen != nlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);

View File

@ -184,6 +184,8 @@ Patch87: 0087-FIPS-RSA-selftest-params.patch
Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2142087 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2144561
Patch90: 0090-FIPS-RSA-encapsulate.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -535,6 +537,8 @@ install -m644 %{SOURCE9} \
Resolves: rhbz#2144012 Resolves: rhbz#2144012
- Clamp default PSS salt length to digest size for FIPS 186-4 compliance - Clamp default PSS salt length to digest size for FIPS 186-4 compliance
Related: rhbz#2144012 Related: rhbz#2144012
- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
Resolves: rhbz#2145170
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3602: X.509 Email Address Buffer Overflow