We dont'want totally forbid RSA encryption.
Related: rhbz#2053289
This commit is contained in:
parent
9afaa3d1f4
commit
02c75e5a65
@ -89,15 +89,6 @@ diff -up openssl-3.0.0/providers/fips/fipsprov.c.fipsmin openssl-3.0.0/providers
|
||||
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
|
||||
#endif
|
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
|
||||
@@ -407,7 +407,7 @@ static const OSSL_ALGORITHM fips_signatu
|
||||
};
|
||||
|
||||
static const OSSL_ALGORITHM fips_asym_cipher[] = {
|
||||
- { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
||||
+ { PROV_NAMES_RSA, FIPS_UNAPPROVED_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
@@ -421,7 +424,7 @@ static const OSSL_ALGORITHM fips_keymgmt
|
||||
PROV_DESCS_DHX },
|
||||
#endif
|
||||
@ -128,18 +119,6 @@ diff -up openssl-3.0.0/providers/fips/fipsprov.c.fipsmin openssl-3.0.0/providers
|
||||
diff -up openssl-3.0.0/test/acvp_test.c.fipsmin openssl-3.0.0/test/acvp_test.c
|
||||
--- openssl-3.0.0/test/acvp_test.c.fipsmin 2022-01-12 18:34:17.283654119 +0100
|
||||
+++ openssl-3.0.0/test/acvp_test.c 2022-01-12 18:35:46.270430676 +0100
|
||||
@@ -1466,8 +1466,9 @@ int setup_tests(void)
|
||||
ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
|
||||
ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
|
||||
ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
|
||||
- ADD_ALL_TESTS(rsa_decryption_primitive_test,
|
||||
- OSSL_NELEM(rsa_decrypt_prim_data));
|
||||
+/* Red Hat FIPS provider doesn't have fips=yes property on RSA encryption */
|
||||
+/* ADD_ALL_TESTS(rsa_decryption_primitive_test,
|
||||
+ OSSL_NELEM(rsa_decrypt_prim_data)); */
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
ADD_ALL_TESTS(dh_safe_prime_keygen_test,
|
||||
@@ -1473,6 +1473,7 @@ int setup_tests(void)
|
||||
OSSL_NELEM(dh_safe_prime_keyver_data));
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
|
Loading…
Reference in New Issue
Block a user