rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity
a10s
openssl/0025-FIPS-RSA-encapsulate-limits.patch
Dmitry Belyavskiy 296ae60f11 Rebasing OpenSSL to 3.5 
Resolves: RHEL-80811
Resolves: RHEL-57022
Resolves: RHEL-24098
Resolves: RHEL-24097
Resolves: RHEL-86865
2025-04-16 10:23:19 +02:00

60 lines
2.0 KiB
Diff
Raw Permalink Blame History

From 1ba2caa0c71e45e5ccc9cec2e389d3ee7c68a252 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
Subject: [PATCH 25/50] FIPS: RSA: encapsulate limits
Patch-name: 0091-FIPS-RSA-encapsulate.patch
Patch-id: 91
Patch-status: |
# 0091-FIPS-RSA-encapsulate.patch
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
providers/implementations/kem/rsa_kem.c | 14 ++++++++++++++
test/recipes/30-test_evp_data/evppkey_rsa_kem.txt | 1 +
2 files changed, 15 insertions(+)
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 7494dcc010..5d6123e8cb 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -284,6 +284,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
/* Step (1): nlen = Ceil(len(n)/8) */
nlen = RSA_size(prsactx->rsa);
+#ifdef FIPS_MODULE
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+#endif
+
if (out == NULL) {
if (nlen == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
@@ -360,6 +367,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
/* Step (1): get the byte length of n */
nlen = RSA_size(prsactx->rsa);
+#ifdef FIPS_MODULE
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+#endif
+
if (out == NULL) {
if (nlen == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt b/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt
index ecab1454e7..8e5edd35fe 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_kem.txt
@@ -108,3 +108,4 @@ Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Op = RSASVE
+Result = TEST_ENCAPSULATE_LEN_ERROR
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink