forked from pool/openssl-3
Pedro Monreal Gonzalez
6bc57d937f
* SHA-1 is not allowed anymore in FIPS 186-5 for signature
verification operations. After 12/31/2030, NIST will disallow
SHA-1 for all of its usages.
* Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
- FIPS: RSA keygen PCT requirements.
* Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the
self-test requirements are covered by do_rsa_pct() for both
RSA-OAEP and RSA signatures [bsc#1221760]
* Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753]
* Add openssl-3-FIPS-PCT_rsa_keygen.patch
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode. [bsc#1220523]
* Rebase openssl-Force-FIPS.patch
- FIPS: Port openssl to use jitterentropy [bsc#1220523]
* Set the module in error state if the jitter RNG fails either on
initialization or entropy gathering because health tests failed.
* Add jitterentropy as a seeding source output also in crypto/info.c
* Move the jitter entropy collector and the associated lock out
of the header file to avoid redefinitions.
* Add the fips_local.cnf symlink to the spec file. This simlink
points to the openssl_fips.config file that is provided by the
crypto-policies package.
* Rebase openssl-3-jitterentropy-3.4.0.patch
* Rebase openssl-FIPS-enforce-EMS-support.patch
- FIPS: Block non-Approved Elliptic Curves [bsc#1221786]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=110
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
|
Date: Mon, 21 Aug 2023 16:01:48 +0200
|
|
Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch
|
|
|
|
Patch-name: 0091-FIPS-RSA-encapsulate.patch
|
|
Patch-id: 91
|
|
---
|
|
providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
|
index 365ae3d7d6..8a6f585d0b 100644
|
|
--- a/providers/implementations/kem/rsa_kem.c
|
|
+++ b/providers/implementations/kem/rsa_kem.c
|
|
@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
|
|
*secretlen = nlen;
|
|
return 1;
|
|
}
|
|
+
|
|
+#ifdef FIPS_MODULE
|
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/*
|
|
* Step (2): Generate a random byte string z of nlen bytes where
|
|
* 1 < z < n - 1
|
|
@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
|
|
return 1;
|
|
}
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
+ return 0;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
|
if (inlen != nlen) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
|
--
|
|
2.41.0
|
|
|