rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity
1c469fd6d2
openssl/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
Dmitry Belyavskiy 98cf25a4c0 Rebasing to OpenSSL 3.5.1 
Resolves: RHEL-90350
Resolves: RHEL-95613
Resolves: RHEL-97796
Resolves: RHEL-99353
Resolves: RHEL-100168
2025-07-01 16:33:14 +02:00

27 lines
1.2 KiB
Diff
Raw Blame History

From bc8584fab56834724a8aa70aba1c1f56f1d794e2 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 24 Mar 2025 11:03:45 -0400
Subject: [PATCH 28/53] FIPS: RSA: Mark x931 as not approved by default
Signed-off-by: Simo Sorce <simo@redhat.com>
---
providers/fips/include/fips_indicator_params.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
index 6bd783eb0a..c1b029de86 100644
--- a/providers/fips/include/fips_indicator_params.inc
+++ b/providers/fips/include/fips_indicator_params.inc
@@ -15,7 +15,7 @@ OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0)
OSSL_FIPS_PARAM(tdes_encrypt_disallowed, TDES_ENCRYPT_DISABLED, 0)
OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 1)
OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0)
-OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0)
+OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 1)
OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0)
OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0)
OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0)
--
2.50.0
Reference in New Issue View Git Blame Copy Permalink