FIPS: Fix RSA X.931 padding check

The padding check was not complete and would miss the Message
Signature API case, which also needs to be rejected.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28741)

(cherry picked from commit b632daa5255614db0a305cd2f4eaf84d1816b540)

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index d8357cfe157886cba6c238407d8598e50128347b..a8ed75f00954e47ef3f22c1b96ed429c4d0ebf47 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -1513,9 +1513,8 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
 #ifdef FIPS_MODULE
 static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx)
 {
-    int approved = ((ctx->operation & EVP_PKEY_OP_SIGN) == 0);
-
-    if (!approved) {
+    if ((ctx->operation
+         & (EVP_PKEY_OP_SIGNMSG | EVP_PKEY_OP_SIGN)) != 0) {
         if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE2,
                                          ctx->libctx,
                                          "RSA Sign set ctx", "X931 Padding",

diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
index f1dc5dd2a224f1d35fa4e8aafc0410c4384ad176..42819f7c411e59473e7b404e3e7dcbfee6758d31 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
@@ -642,3 +642,12 @@ Key = RSA-2048
 Input = "Hello World"
 Result = DIGESTSIGNINIT_ERROR
 
+# RSA Signing with X931 is not approved in FIPS 140-3
+Availablein = fips
+FIPSversion = >=4.0.0
+DigestSign = SHA256
+Key = RSA-2048
+Ctrl = rsa_padding_mode:x931
+Input = "Hello World"
+Result = PKEY_CTRL_ERROR
+Reason = illegal or unsupported padding mode