296ae60f11
Resolves: RHEL-80811 Resolves: RHEL-57022 Resolves: RHEL-24098 Resolves: RHEL-24097 Resolves: RHEL-86865
444 lines
22 KiB
Diff
444 lines
22 KiB
Diff
From 8cb662f002e33c6fb99b96ef24733e16e3dc48ad Mon Sep 17 00:00:00 2001
|
|
From: Simo Sorce <simo@redhat.com>
|
|
Date: Fri, 7 Mar 2025 18:20:30 -0500
|
|
Subject: [PATCH 27/50] FIPS: RSA: size/mode restrictions
|
|
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
---
|
|
providers/implementations/signature/rsa_sig.c | 26 +++++++++
|
|
ssl/ssl_ciph.c | 3 +
|
|
test/recipes/30-test_evp_data/evppkey_rsa.txt | 55 ++++++++++++++++++-
|
|
.../30-test_evp_data/evppkey_rsa_common.txt | 8 +--
|
|
4 files changed, 87 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
|
index b08c9685dd..0e0810f60a 100644
|
|
--- a/providers/implementations/signature/rsa_sig.c
|
|
+++ b/providers/implementations/signature/rsa_sig.c
|
|
@@ -940,6 +940,19 @@ static int rsa_verify_recover(void *vprsactx,
|
|
{
|
|
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
|
int ret;
|
|
+# ifdef FIPS_MODULE
|
|
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
|
+
|
|
+ if (rsabits < 2048) {
|
|
+ if (rsabits != 1024
|
|
+ && rsabits != 1280
|
|
+ && rsabits != 1536
|
|
+ && rsabits != 1792) {
|
|
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+# endif
|
|
|
|
if (!ossl_prov_is_running())
|
|
return 0;
|
|
@@ -1034,6 +1047,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
|
|
const unsigned char *tbs, size_t tbslen)
|
|
{
|
|
size_t rslen;
|
|
+# ifdef FIPS_MODULE
|
|
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
|
+
|
|
+ if (rsabits < 2048) {
|
|
+ if (rsabits != 1024
|
|
+ && rsabits != 1280
|
|
+ && rsabits != 1536
|
|
+ && rsabits != 1792) {
|
|
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+# endif
|
|
|
|
if (!ossl_prov_is_running())
|
|
return 0;
|
|
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
|
index 19420d6c6a..5ab1ccee93 100644
|
|
--- a/ssl/ssl_ciph.c
|
|
+++ b/ssl/ssl_ciph.c
|
|
@@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
|
|
ctx->disabled_mkey_mask = 0;
|
|
ctx->disabled_auth_mask = 0;
|
|
|
|
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
|
|
+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
|
|
+
|
|
/*
|
|
* We ignore any errors from the fetches below. They are expected to fail
|
|
* if these algorithms are not available.
|
|
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
|
|
index f1dc5dd2a2..103556c750 100644
|
|
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
|
|
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
|
|
@@ -268,8 +268,8 @@ TwIDAQAB
|
|
|
|
PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT
|
|
|
|
-
|
|
# Wrong MGF1 digest
|
|
+Availablein = default
|
|
Verify = RSA-2048
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_pss_saltlen:0
|
|
@@ -279,7 +279,19 @@ Input="0123456789ABCDEF0123456789ABCDEF"
|
|
Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
|
|
Result = VERIFY_ERROR
|
|
|
|
+# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify
|
|
+Availablein = fips
|
|
+Verify = RSA-2048
|
|
+Ctrl = rsa_padding_mode:pss
|
|
+Ctrl = rsa_pss_saltlen:0
|
|
+Ctrl = digest:sha256
|
|
+Ctrl = rsa_mgf1_md:sha1
|
|
+Input="0123456789ABCDEF0123456789ABCDEF"
|
|
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
|
|
+Result = PKEY_CTRL_ERROR
|
|
+
|
|
# Verify using default parameters
|
|
+Availablein = default
|
|
Verify = RSA-PSS-DEFAULT
|
|
Input="0123456789ABCDEF0123"
|
|
Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
|
|
@@ -303,36 +315,42 @@ fc6CnohE9iWxFeXpxKWc+PgRO2g0M2ov0mibRyy7Xlyr5nQ1DFm2wX4XaHT7Qvj8
|
|
PRdqAX7cYf0ybEszyQIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=5c81a3e2a658246628cd0ee8b00bb4c012bc9739
|
|
Output=014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=27f71611446aa6eabf037f7dedeede3203244991
|
|
Output=010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=03ecc2c33e93f05fc7224fcc0d461356cb897217
|
|
Output=007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=246c727b4b9494849dddb068d582e179ac20999c
|
|
Output=009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912
|
|
Output=00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-2
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -348,36 +366,42 @@ nQ6tsIdYbKSJM9o8yVPZW9DtUN4Q3ctnNhB9bIMcf2Y+gzykwJfnAM4PuUX4j7hf
|
|
6OWncxclZbkUpHGkQwIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=3552be69dd74bdc56d2cf8c38ef7bafe269040fe
|
|
Output=0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=609143ff7240e55c062aba8b9e4426a781919bc9
|
|
Output=02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=0afd22f879a9cda7c584f4135f8f1c961db114c0
|
|
Output=0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=405dd56d395ef0f01b555c48f748cc32b210650b
|
|
Output=0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=a2c313b0440c8a0c47233b87f0a160c61af3eae7
|
|
Output=021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-3
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -393,36 +417,42 @@ MAz5u2xTrR3IoXi4FdtCNamp2gwG3k5hXqEnfOVZ6cEI3ljBSoGqd/Wm+NEzVJRJ
|
|
iEjIuVlAdAvnv3w3BQIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd
|
|
Output=0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=04a10944bfe11ab801e77889f3fd3d7f4ff0b629
|
|
Output=049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=ba01243db223eb97fb86d746c3148adaaa0ca344
|
|
Output=03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=934bb0d38d6836daec9de82a9648d4593da67cd2
|
|
Output=0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=ec35d81abd1cceac425a935758b683465c8bd879
|
|
Output=022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-4
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -438,18 +468,21 @@ pLDMjaMl7YqmdrDQ9ibgp38HaSFwrKyAgvQvqn3HzRI+cw4xqHmFIEyry+ZnDUOi
|
|
3Sst3vXgU5L8ITvFBwIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-5
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=d98b7061943510bc3dd9162f7169aabdbdcd0222
|
|
Output=0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-5
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=7ae8e699f754988f4fd645e463302e49a2552072
|
|
Output=08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-5
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -463,12 +496,14 @@ Ctrl = rsa_mgf1_md:sha1
|
|
Input=ee3de96783fd0a157c8b20bf5566124124dcfe65
|
|
Output=0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-5
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=1204df0b03c2724e2709c23fc71789a21b00ae4c
|
|
Output=0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-5
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -484,36 +519,42 @@ Kl8QsJwxGvjA/7W3opfy78Y7jWsFEJMfC5jki/X8bsTnuNsf+usIw44CrbjwOkgi
|
|
nJnpaUMfYcuMTcaY0QIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6
|
|
Output=04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=92d0bcae82b641f578f040f5151be8eda6d42299
|
|
Output=0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=3569bd8fd2e28f2443375efa94f186f6911ffc2b
|
|
Output=086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=7abbb7b42de335730a0b641f1e314b6950b84f98
|
|
Output=0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=55b7eb27be7a787a59eb7e5fac468db8917a7725
|
|
Output=02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-6
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -529,36 +570,42 @@ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgTfJ2kpmyMQIuNon0MnXn4zLHq/B
|
|
2LXF01SAItcGTqKaswIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d
|
|
Output=187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=402140dc605b2f5c5ec0d15bce9f9ba8857fe117
|
|
Output=10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20
|
|
Output=2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=1fc2201d0c442a4736cd8b2cd00c959c47a3bf42
|
|
Output=32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=e4351b66819e5a31501f89acc7faf57030e9aac5
|
|
Output=07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-7
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
@@ -574,36 +621,42 @@ R1PbPO4O4Gx9+uix1TtZUyGPnM7qaVsIZo7eqtztlGOx15DV6/J+kRW0bK1NmiuO
|
|
+rBWGwgQNEc5raBzPwIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=a1dd230d8ead860199b6277c2ecfe3d95f6d9160
|
|
Output=0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=f6e68e53c602c5c65fa67b5aa6d786e5524b12ab
|
|
Output=2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=d6f9fcd3ae27f32bb2c7c93536782eba52af1f76
|
|
Output=2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=7ff2a53ce2e2d900d468e498f230a5f5dd0020de
|
|
Output=1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
Input=4eb309f7022ba0b03bb78601b12931ec7c1be8d3
|
|
Output=33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee
|
|
|
|
+Availablein = default
|
|
Verify=RSA-PSS-8
|
|
Ctrl = rsa_padding_mode:pss
|
|
Ctrl = rsa_mgf1_md:sha1
|
|
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
|
index 17ceb59148..972e90f32f 100644
|
|
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
|
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
|
@@ -285,7 +285,7 @@ FIPSversion = >=3.4.0
|
|
Decrypt = RSA-2048
|
|
Ctrl = rsa_padding_mode:none
|
|
Input = 0000000000000000000000000000000000000000
|
|
-Result = KEYOP_ERROR
|
|
+Result = KEYOP_LENGTH_ERROR
|
|
|
|
# RSADP Ciphertext = 1 should fail
|
|
Availablein = fips
|
|
@@ -293,7 +293,7 @@ FIPSversion = >=3.4.0
|
|
Decrypt = RSA-2048
|
|
Ctrl = rsa_padding_mode:none
|
|
Input = 0000000000000000000000000000000000000001
|
|
-Result = KEYOP_ERROR
|
|
+Result = KEYOP_LENGTH_ERROR
|
|
|
|
# RSADP Ciphertext = 2 should pass
|
|
Availablein = default
|
|
@@ -315,7 +315,7 @@ FIPSversion = >=3.4.0
|
|
Decrypt = RSA-2048
|
|
Ctrl = rsa_padding_mode:none
|
|
Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44e
|
|
-Result = KEYOP_ERROR
|
|
+Result = KEYOP_LENGTH_ERROR
|
|
|
|
# RSADP Ciphertext = n should fail
|
|
Availablein = default
|
|
@@ -2074,7 +2074,7 @@ Securitycheck = 1
|
|
Unapproved = 1
|
|
CtrlInit = key-check:0
|
|
Input = 550AF55A2904E7B9762352F8FB7FA235
|
|
-Result = KEYOP_MISMATCH
|
|
+Result = KEYOP_LENGTH_ERROR
|
|
|
|
# Signing with SHA1 is not allowed in fips mode
|
|
Availablein = fips
|
|
--
|
|
2.49.0
|
|
|