Bug 2141597

Summary: FIPS self-test data for RSA-CRT contains incorrect parameters
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: medium Docs Contact:
Priority: high    
Version: 9.0CC: cllang, hkario, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-3.0.7-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2141598 2141599 2144006 2144007 (view as bug list) Environment:
Last Closed: 2023-05-09 08:20:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2141598, 2141599, 2144006, 2144007    

Description Dmitry Belyavskiy 2022-11-10 08:44:18 UTC 
At https://github.com/openssl/openssl/blob/master/providers/fips/self_test_data.inc#L1269-L1279:

    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
    ST_KAT_PARAM_END()
However, https://github.com/openssl/openssl/blob/master/providers/implementations/keymgmt/rsa_kmgmt.c#L244-L252 defines the correct parameters (in FIPS mode, which is relevant for the FIPS self-test data) as:

# define RSA_KEY_MP_TYPES()                                                    \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0),                           \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0),                           \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0),                         \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0),                         \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0),
See also https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_mp_names.c

As a result of this bug, the actual keys loaded will never be RSA-CRT keys.
Comment 1 Clemens Lang 2022-11-10 12:31:31 UTC 
*** Bug 2141598 has been marked as a duplicate of this bug. ***
Comment 2 Clemens Lang 2022-11-10 12:31:43 UTC 
*** Bug 2141599 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2023-05-09 08:20:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: openssl security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2523