rpms / openssl

Clone
Source Code
GIT

Blame SOURCES/0091-FIPS-RSA-encapsulate.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   1ac26c278290edf9cbda7fb8e162387891be829a
  2.   SOURCES
  3.   0091-FIPS-RSA-encapsulate.patch
Blob History Raw
1ac26c 
diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c
1ac26c 
--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap	2022-11-22 12:27:30.994530801 +0100
1ac26c 
+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c	2022-11-22 12:32:15.916875495 +0100
1ac26c 
@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX
1ac26c 
             *secretlen = nlen;
1ac26c 
         return 1;
1ac26c 
     }
1ac26c 
+
1ac26c 
+#ifdef FIPS_MODULE
1ac26c 
+    if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
1ac26c 
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
1ac26c 
+        return 0;
1ac26c 
+    }
1ac26c 
+#endif
1ac26c 
+
1ac26c 
     /*
1ac26c 
      * Step (2): Generate a random byte string z of nlen bytes where
1ac26c 
      *            1 < z < n - 1
1ac26c 
@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX *
1ac26c 
         return 1;
1ac26c 
     }
1ac26c
1ac26c 
+#ifdef FIPS_MODULE
1ac26c 
+    if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
1ac26c 
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
1ac26c 
+        return 0;
1ac26c 
+    }
1ac26c 
+#endif
1ac26c 
+
1ac26c 
     /* Step (2): check the input ciphertext 'inlen' matches the nlen */
1ac26c 
     if (inlen != nlen) {
1ac26c 
         ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation