openssl

rpms/openssl

Fork 1

Commit Graph

Author	SHA1	Message	Date
Clemens Lang	066be87ccd	Remove support for X9.31 signature padding in FIPS mode The current draft of FIPS 186-5 [1] no longer contains specifications for X9.31 signature padding. Instead, it contains the following information in Appendix E: > ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from > this standard. Since this situation is unlikely to change in future revisions of the draft, and future FIPS 140-3 validations of the provider will require X9.31 to be disabled or marked as not approved with an explicit indicator, disallow this padding mode now. Remove the X9.31 tests from the acvp test, since they will always fail now. [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2144015	2022-11-21 10:42:34 +01:00

Author

SHA1

Message

Date

Clemens Lang

066be87ccd

Remove support for X9.31 signature padding in FIPS mode

The current draft of FIPS 186-5 [1] no longer contains specifications
for X9.31 signature padding. Instead, it contains the following
information in Appendix E:

> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
> this standard.

Since this situation is unlikely to change in future revisions of the
draft, and future FIPS 140-3 validations of the provider will require
X9.31 to be disabled or marked as not approved with an explicit
indicator, disallow this padding mode now.

Remove the X9.31 tests from the acvp test, since they will always fail
now.

 [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144015

2022-11-21 10:42:34 +01:00

1 Commits