From 960e6deebf9ad0e96ff10ba8dbf19f8eb29e8385 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 23 Feb 2023 14:39:15 +0100
Subject: [PATCH] Abort on PCT failure

Related: rhbz#2168324
---
 0044-FIPS-140-3-keychecks.patch | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch
index 6c69089..ba2818c 100644
--- a/0044-FIPS-140-3-keychecks.patch
+++ b/0044-FIPS-140-3-keychecks.patch
@@ -129,7 +129,7 @@ diff -up openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c.pairwise ope
 +    /* Pairwise consistency test */
 +    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
 +        && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
-+        goto err;
++        abort();
 +#endif
  
      if (gctx->group_check != NULL)
@@ -263,7 +263,7 @@ diff -up openssl-3.0.7/providers/implementations/keymgmt/rsa_kmgmt.c.pairwise op
 +#ifdef FIPS_MODULE
 +    /* Pairwise consistency test */
 +    if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
-+        goto err;
++        abort();
 +#endif
   err:
      BN_GENCB_free(gencb);
@@ -316,7 +316,7 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op
  {
      PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
  
-@@ -1504,6 +1504,35 @@ static const OSSL_PARAM *rsa_settable_ct
+@@ -1504,6 +1504,45 @@ static const OSSL_PARAM *rsa_settable_ct
      return EVP_MD_settable_ctx_params(prsactx->md);
  }
  
@@ -324,8 +324,9 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op
 +int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
 +{
 +    static const char data[32];
-+    unsigned char sigbuf[256];
-+    size_t siglen = sizeof(sigbuf);
++    unsigned char *sigbuf = NULL;
++    size_t siglen = 0;
++    int ret = 0;
 +
 +    if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
 +        return 0;
@@ -333,19 +334,28 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op
 +    if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
 +        return 0;
 +
-+    if (rsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
++    if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
 +        return 0;
 +
-+    if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
++    if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
 +        return 0;
 +
++    if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
++        goto err;
++
++    if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
++        goto err;
++
 +    if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
-+        return 0;
++        goto err;
 +
 +    if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
-+        return 0;
++        goto err;
++    ret = 1;
 +
-+    return 1;
++ err:
++    OPENSSL_free(sigbuf);
++    return ret;
 +}
 +#endif
 +