From 8d17cca5b8dc0d93a3a612a47461ee4cabb9fc98 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Sat, 29 Aug 2020 12:55:43 +1000
Subject: [PATCH] Add fips checks for rsa encryption

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
---
 .../implementations/asymciphers/rsa_enc.c     | 28 ++++++++++++++----
 test/recipes/15-test_rsaoaep.t                | 17 +++++++++--
 test/testrsa2048.pem                          | 29 +++++++++++++++++++
 3 files changed, 66 insertions(+), 8 deletions(-)
 create mode 100644 test/testrsa2048.pem

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index f53284ca49..437d7c5de9 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -29,13 +29,14 @@
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
+#include "prov/check.h"
 
 #include <stdlib.h>
 
 static OSSL_FUNC_asym_cipher_newctx_fn rsa_newctx;
-static OSSL_FUNC_asym_cipher_encrypt_init_fn rsa_init;
+static OSSL_FUNC_asym_cipher_encrypt_init_fn rsa_encrypt_init;
 static OSSL_FUNC_asym_cipher_encrypt_fn rsa_encrypt;
-static OSSL_FUNC_asym_cipher_decrypt_init_fn rsa_init;
+static OSSL_FUNC_asym_cipher_decrypt_init_fn rsa_decrypt_init;
 static OSSL_FUNC_asym_cipher_decrypt_fn rsa_decrypt;
 static OSSL_FUNC_asym_cipher_freectx_fn rsa_freectx;
 static OSSL_FUNC_asym_cipher_dupctx_fn rsa_dupctx;
@@ -64,6 +65,7 @@ typedef struct {
     OPENSSL_CTX *libctx;
     RSA *rsa;
     int pad_mode;
+    int operation;
     /* OAEP message digest */
     EVP_MD *oaep_md;
     /* message digest for MGF1 */
@@ -90,7 +92,7 @@ static void *rsa_newctx(void *provctx)
     return prsactx;
 }
 
-static int rsa_init(void *vprsactx, void *vrsa)
+static int rsa_init(void *vprsactx, void *vrsa, int operation)
 {
     PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
 
@@ -101,6 +103,7 @@ static int rsa_init(void *vprsactx, void *vrsa)
         return 0;
     RSA_free(prsactx->rsa);
     prsactx->rsa = vrsa;
+    prsactx->operation = operation;
 
     switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
     case RSA_FLAG_TYPE_RSA:
@@ -110,10 +113,23 @@ static int rsa_init(void *vprsactx, void *vrsa)
         ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return 0;
     }
-
+    if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCRYPT)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
     return 1;
 }
 
+static int rsa_encrypt_init(void *vprsactx, void *vrsa)
+{
+    return rsa_init(vprsactx, vrsa, EVP_PKEY_OP_ENCRYPT);
+}
+
+static int rsa_decrypt_init(void *vprsactx, void *vrsa)
+{
+    return rsa_init(vprsactx, vrsa, EVP_PKEY_OP_DECRYPT);
+}
+
 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                        size_t outsize, const unsigned char *in, size_t inlen)
 {
@@ -549,9 +565,9 @@ static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx)
 
 const OSSL_DISPATCH rsa_asym_cipher_functions[] = {
     { OSSL_FUNC_ASYM_CIPHER_NEWCTX, (void (*)(void))rsa_newctx },
-    { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_init },
+    { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_encrypt_init },
     { OSSL_FUNC_ASYM_CIPHER_ENCRYPT, (void (*)(void))rsa_encrypt },
-    { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_init },
+    { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_decrypt_init },
     { OSSL_FUNC_ASYM_CIPHER_DECRYPT, (void (*)(void))rsa_decrypt },
     { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))rsa_freectx },
     { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))rsa_dupctx },
diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t
index 59646bd223..923e5fdcb8 100644
--- a/test/recipes/15-test_rsaoaep.t
+++ b/test/recipes/15-test_rsaoaep.t
@@ -23,7 +23,7 @@ use platform;
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
-    ($no_fips ? 0 : 1)          # FIPS install test
+    ($no_fips ? 0 : 2)          # FIPS install test
     + 9;
 
 my @prov = ( );
@@ -36,7 +36,8 @@ my $enc3_file = "enc3.bin";
 my $dec1_file = "dec1.txt";
 my $dec2_file = "dec2.txt";
 my $dec3_file = "dec3.txt";
-my $key_file = srctop_file("test", "testrsa.pem");
+my $key_file = srctop_file("test", "testrsa2048.pem");
+my $small_key_file = srctop_file("test", "testrsa.pem");
 
 unless ($no_fips) {
     @prov = ( "-provider-path", $provpath, "-config", $provconf );
@@ -47,6 +48,18 @@ unless ($no_fips) {
                 '-module', $infile])),
        "fipsinstall");
     $ENV{OPENSSL_TEST_LIBCTX} = "1";
+
+    ok(!run(app(['openssl', 'pkeyutl',
+                @prov,
+                '-encrypt',
+                '-in', $msg_file,
+                '-inkey', $small_key_file,
+                '-pkeyopt', 'pad-mode:oaep',
+                '-pkeyopt', 'oaep-label:123',
+                '-pkeyopt', 'digest:sha1',
+                '-pkeyopt', 'mgf1-digest:sha1',
+                '-out', $enc1_file])),
+       "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
 }
 
 ok(run(app(['openssl', 'pkeyutl',
diff --git a/test/testrsa2048.pem b/test/testrsa2048.pem
new file mode 100644
index 0000000000..a04028abcd
--- /dev/null
+++ b/test/testrsa2048.pem
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV
+n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW
+B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP
+6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr
+LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7
+yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt
+A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X
+ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS
+IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W
+glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo
+qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC
+XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe
+hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv
+6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK
+hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY
+eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A
+RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg
+T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR
+2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK
+HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ
+qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg
+esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq
+IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7
+aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu
+SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH
+fMkTd7GabVourqIZdgvu1Q==
+-----END PRIVATE KEY-----
+
-- 
2.34.1