FIPS RSA CRT tests must use correct parameters

Resolves: rhbz#2144006
This commit is contained in:
Dmitry Belyavskiy 2022-11-16 13:16:23 +01:00 committed by Clemens Lang
parent 474a112b98
commit fb8fee4b43
2 changed files with 45 additions and 0 deletions

View File

@ -0,0 +1,41 @@
From 34e3cbf99f2113ca01b460cf37b56460262979af Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Wed, 26 Oct 2022 11:10:50 +1000
Subject: [PATCH] Use RSA CRT parameters in FIPS self tests.
Fixes #19488
Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
---
providers/fips/self_test_data.inc | 10 +++++-----
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 5f057d5679f1..8ae8cd6f4a5a 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -1270,11 +1270,11 @@ static const ST_KAT_PARAM rsa_crt_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
ST_KAT_PARAM_END()
};

View File

@ -168,6 +168,8 @@ Patch79: 0079-CVE-2022-3602.patch
Patch85: 0085-FIPS-RSA-disable-shake.patch Patch85: 0085-FIPS-RSA-disable-shake.patch
#https://github.com/openssl/openssl/pull/17546 #https://github.com/openssl/openssl/pull/17546
Patch86: 0086-avoid-bio-memleak.patch Patch86: 0086-avoid-bio-memleak.patch
#https://github.com/openssl/openssl/pull/19501
Patch87: 0087-FIPS-RSA-selftest-params.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -503,6 +505,8 @@ install -m644 %{SOURCE9} \
Resolves: rhbz#2144010 Resolves: rhbz#2144010
- Avoid memory leaks in TLS - Avoid memory leaks in TLS
Resolves: rhbz#2144008 Resolves: rhbz#2144008
- FIPS RSA CRT tests must use correct parameters
Resolves: rhbz#2144006
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3602: X.509 Email Address Buffer Overflow