FIPS RSA CRT tests must use correct parameters

Resolves: rhbz#2144006
2 years ago · fb8fee4b43
parent 474a112b98
commit fb8fee4b43
2 changed files with 45 additions and 0 deletions
--- a/0087-FIPS-RSA-selftest-params.patch
+++ b/0087-FIPS-RSA-selftest-params.patch
@ -0,0 +1,41 @@
+From 34e3cbf99f2113ca01b460cf37b56460262979af Mon Sep 17 00:00:00 2001
+From: slontis <shane.lontis@oracle.com>
+Date: Wed, 26 Oct 2022 11:10:50 +1000
+Subject: [PATCH] Use RSA CRT parameters in FIPS self tests.
+
+Fixes #19488
+
+Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
+The invalid names cause CRT parameters to be silently ignored.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19501)
+
+(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
+(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
+---
+ providers/fips/self_test_data.inc | 10 +++++-----
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 5f057d5679f1..8ae8cd6f4a5a 100644
+--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
+@@ -1270,11 +1270,11 @@ static const ST_KAT_PARAM rsa_crt_key[] = {
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
+     ST_KAT_PARAM_END()
+ };
+ 
--- a/openssl.spec
+++ b/openssl.spec
@ -168,6 +168,8 @@ Patch79: 0079-CVE-2022-3602.patch
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
 Patch86: 0086-avoid-bio-memleak.patch
+#https://github.com/openssl/openssl/pull/19501
+Patch87: 0087-FIPS-RSA-selftest-params.patch

 License: ASL 2.0
 URL: http://www.openssl.org/
@ -503,6 +505,8 @@ install -m644 %{SOURCE9} \
  Resolves: rhbz#2144010
 - Avoid memory leaks in TLS
  Resolves: rhbz#2144008
+- FIPS RSA CRT tests must use correct parameters
+  Resolves: rhbz#2144006

 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow