Bug 2141599

Summary: FIPS self-test data for RSA-CRT contains incorrect parameters
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: high    
Version: 9.2CC: cllang, qe-baseos-security
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2141597 Environment:
Last Closed: 2022-11-10 12:31:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2141597    
Bug Blocks: 2141598    

Description Dmitry Belyavskiy 2022-11-10 08:49:28 UTC 
+++ This bug was initially created as a clone of Bug #2141597 +++

At https://github.com/openssl/openssl/blob/master/providers/fips/self_test_data.inc#L1269-L1279:

    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
    ST_KAT_PARAM_END()
However, https://github.com/openssl/openssl/blob/master/providers/implementations/keymgmt/rsa_kmgmt.c#L244-L252 defines the correct parameters (in FIPS mode, which is relevant for the FIPS self-test data) as:

# define RSA_KEY_MP_TYPES()                                                    \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0),                           \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0),                           \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0),                         \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0),                         \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0),
See also https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_mp_names.c

As a result of this bug, the actual keys loaded will never be RSA-CRT keys.
Comment 1 Clemens Lang 2022-11-10 12:31:43 UTC 
We will have to re-create this ticket using z-stream cloning for it to get release+, so I'm closing this as duplicate.

*** This bug has been marked as a duplicate of bug 2141597 ***