Bug 2169757

Summary: In FIPS mode, openssl should reject EVP_PKEY_fromdata() for short DHX keys, or provide an indicator
Product: Red Hat Enterprise Linux 9 Reporter: Clemens Lang <cllang>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: high Docs Contact:
Priority: high    
Version: 9.0CC: cllang, hkario, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-3.0.7-19.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2178030 2178031 2178032 (view as bug list) Environment:
Last Closed: 2023-11-07 08:53:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2178030, 2178031, 2178032    

Description Clemens Lang 2023-02-14 15:34:20 UTC 
Description of problem:
Using EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL), EVP_PKEY_fromdata_init(ctx) and EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) with params containing a 512-bit DHX keypair, a short keypair can be created and will pass EVP_PKEY_public_check() and EVP_PKEY_private_check().

This should not work in FIPS mode, and OpenSSL should reject import of a short key or provide an explicit indicator to check for this.


Version-Release number of selected component (if applicable):
openssl-3.0.1-46.el9_0

How reproducible:
Run the attached reproducer provided by the lab.

Steps to Reproduce:
1. gcc -std=c99 -Wall -Werror -pedantic -D_XOPEN_SOURCE=600 -o dhver dhver.c -lcrypto
2. ./dhver

Actual results:
This is OpenSSL 3.0.1 14 Dec 2021 (0x30000010).
FIPS enabled: 1
All operations finished successfully!

Expected results:
Failure.
Comment 21 errata-xmlrpc 2023-11-07 08:53:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssl bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6627