Bug 2168665
Summary: | In FIPS mode, openssl should not support RSA encryption or decryption without padding (outside of RSASVE) or provide an indicator | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Clemens Lang <cllang> | |
Component: | openssl | Assignee: | Dmitry Belyavskiy <dbelyavs> | |
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> | |
Severity: | high | Docs Contact: | Jan Fiala <jafiala> | |
Priority: | high | |||
Version: | 9.0 | CC: | cllang, dbelyavs, ssorce | |
Target Milestone: | rc | Keywords: | Triaged, ZStream | |
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Deprecated Functionality | ||
Doc Text: |
.OpenSSL requires padding for RSA encryption in FIPS mode
OpenSSL no longer supports RSA encryption without padding in FIPS mode. RSA encryption without padding is uncommon and is rarely used. Note that key encapsulation with RSA (RSASVE) does not use padding but is still supported.
|
Story Points: | --- | |
Clone Of: | ||||
: | 2170420 2170421 2178029 (view as bug list) | Environment: | ||
Last Closed: | 2023-11-07 08:53:05 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2170420, 2170421, 2178029 |
Description
Clemens Lang
2023-02-09 17:28:17 UTC
Additionally, RSA signatures and signature verification should not support RSA_NO_PADDING. See https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch which disabled this for X9.31 – we need a similar patch applied to the RSA_NO_PADDING case directly above it. We also should check whether OAEP and PSS are inside the FIPS boundary Looks like RSA_NO_PADDING is already forbidden for signature/verification according to the code. I will add the rejection to encryption. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (openssl bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6627 |