Blame 0091-FIPS-RSA-encapsulate.patch
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
Date: Mon, 21 Aug 2023 16:01:48 +0200
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
Patch-name: 0091-FIPS-RSA-encapsulate.patch
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
Patch-id: 91
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
---
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
1 file changed, 15 insertions(+)
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
index 365ae3d7d6..8a6f585d0b 100644
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
--- a/providers/implementations/kem/rsa_kem.c
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+++ b/providers/implementations/kem/rsa_kem.c
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
*secretlen = nlen;
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
return 1;
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
}
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+#ifdef FIPS_MODULE
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ return 0;
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+#endif
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
/*
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
* Step (2): Generate a random byte string z of nlen bytes where
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
* 1 < z < n - 1
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
return 1;
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
}
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+#ifdef FIPS_MODULE
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ return 0;
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+#endif
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
+
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
if (inlen != nlen) {
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
--
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
2.41.0
|
|
![](https://seccdn.libravatar.org/avatar/2b144df64913845151df534542e1c73358afff4b3b67d9228c548513b08c6d02?s=16&d=retro) |
163057e |
|