From: Simo Sorce Date: Fri, 3 Oct 2025 15:49:24 +0000 (-0400) Subject: FIPS: Fix RSA X.931 padding check X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b632daa5255614db0a305cd2f4eaf84d1816b540;p=thirdparty%2Fopenssl.git FIPS: Fix RSA X.931 padding check The padding check was not complete and would miss the Message Signature API case, which also needs to be rejected. Signed-off-by: Simo Sorce Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28741) --- diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 7ad55468e80..d5b1fcf59fd 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -1492,9 +1492,8 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, #ifdef FIPS_MODULE static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx) { - int approved = ((ctx->operation & EVP_PKEY_OP_SIGN) == 0); - - if (!approved) { + if ((ctx->operation + & (EVP_PKEY_OP_SIGNMSG | EVP_PKEY_OP_SIGN)) != 0) { if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE2, ctx->libctx, "RSA Sign set ctx", "X931 Padding", diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt index f1dc5dd2a22..42819f7c411 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt @@ -642,3 +642,12 @@ Key = RSA-2048 Input = "Hello World" Result = DIGESTSIGNINIT_ERROR +# RSA Signing with X931 is not approved in FIPS 140-3 +Availablein = fips +FIPSversion = >=4.0.0 +DigestSign = SHA256 +Key = RSA-2048 +Ctrl = rsa_padding_mode:x931 +Input = "Hello World" +Result = PKEY_CTRL_ERROR +Reason = illegal or unsupported padding mode