From: Pauli <ppzgs1@gmail.com>
Date: Wed, 31 Jul 2024 04:03:52 +0000 (+1000)
Subject: rsa: disallow PKCS#1 version 1.5 padding for encrpytion under FIPS.
X-Git-Tag: openssl-3.4.0-alpha1~203
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e92868432018ebd7063c5dfe7594a5c58780038e;p=thirdparty%2Fopenssl.git

rsa: disallow PKCS#1 version 1.5 padding for encrpytion under FIPS.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
---

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 8181b4fbc44..0860ef7890d 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -158,6 +158,19 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
     if (!ossl_prov_is_running())
         return 0;
 
+#ifdef FIPS_MODULE
+    if ((prsactx->pad_mode == RSA_PKCS1_PADDING
+         || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
+        && !ossl_FIPS_IND_on_unapproved(OSSL_FIPS_IND_GET(prsactx),
+                                        OSSL_FIPS_IND_SETTABLE1,
+                                        prsactx->libctx, "RSA Encrypt",
+                                        "PKCS#1 v1.5 padding",
+                                        FIPS_rsa_pkcs15_padding_disabled)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE);
+        return 0;
+    }
+#endif
+
     if (out == NULL) {
         size_t len = RSA_size(prsactx->rsa);
 
@@ -462,6 +475,9 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
     if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params,
                                      OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK))
         return  0;
+    if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params,
+                                     OSSL_ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED))
+        return  0;
 
     p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST);
     if (p != NULL) {
@@ -600,6 +616,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
     OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
     OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
     OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK)
+    OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED)
     OSSL_PARAM_END
 };