From b5de6bd83004a35bd0632d184866570f70f2bf61 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 23 May 2022 15:25:42 +0200 Subject: [PATCH] In FIPS mode limit key sizes for signature verification Resolves: rhbz#2077884 --- 0045-FIPS-services-minimize.patch | 23 +++++++++++++++++++++++ openssl.spec | 4 ++++ 2 files changed, 27 insertions(+) diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch index e10b504..7fd3d8d 100644 --- a/0045-FIPS-services-minimize.patch +++ b/0045-FIPS-services-minimize.patch @@ -694,3 +694,26 @@ diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c /* * We ignore any errors from the fetches below. They are expected to fail * if theose algorithms are not available. +diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c +--- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200 ++++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200 +@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; diff --git a/openssl.spec b/openssl.spec index c744ef8..7cf641a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -454,6 +454,10 @@ install -m644 %{SOURCE9} \ - Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2085088 +- In FIPS mode, signature verification works with keys of arbitrary size + above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys + below 2048 bits +- Resolves: rhbz#2077884 * Wed May 18 2022 Clemens Lang - 1:3.0.1-31 - Disable SHA-1 signature verification in FIPS mode