diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-05-12 10:56:47 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-05-19 10:49:32 +0900 |
commit | 468ffa8f9c471c910280e0d0ade521d0184ed533 (patch) | |
tree | 70aa2001bbc8307367aa114f71056590d84ee861 | |
parent | 6d3708942f846e389bd87fe3d7c6e7a1b3615bca (diff) | |
download | libgcrypt-468ffa8f9c471c910280e0d0ade521d0184ed533.tar.gz |
cipher: Allow verification of small RSA signatures in FIPS mode
* cipher/rsa.c (rsa_check_keysize): Formatting.
(rsa_check_verify_keysize): New function.
(rsa_verify): Allow using smaller keys for verification.
--
Applied the master commit of:
ca2afc9fb64d9a9b2f8930ba505d9ab6c8a57667
GnuPG-bug-id: 5975
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | cipher/rsa.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/cipher/rsa.c b/cipher/rsa.c index c6319b67..9f2b36e8 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -352,13 +352,35 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, static gpg_err_code_t rsa_check_keysize (unsigned int nbits) { - if (fips_mode() && nbits < 2048) + if (fips_mode () && nbits < 2048) return GPG_ERR_INV_VALUE; return GPG_ERR_NO_ERROR; } +/* Check the RSA key length is acceptable for signature verification + * + * FIPS allows signature verification with RSA keys of size + * 1024, 1280, 1536 and 1792 in legacy mode, but this is up to the + * calling application to decide if the signature is legacy and + * should be accepted. + */ +static gpg_err_code_t +rsa_check_verify_keysize (unsigned int nbits) +{ + if (fips_mode ()) + { + if ((nbits >= 1024 && (nbits % 256) == 0) || nbits >= 2048) + return GPG_ERR_NO_ERROR; + + return GPG_ERR_INV_VALUE; + } + + return GPG_ERR_NO_ERROR; +} + + /**************** * Generate a key pair with a key of size NBITS. * USE_E = 0 let Libcgrypt decide what exponent to use. @@ -1602,7 +1624,7 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t result = NULL; unsigned int nbits = rsa_get_nbits (keyparms); - rc = rsa_check_keysize (nbits); + rc = rsa_check_verify_keysize (nbits); if (rc) return rc; |