diff options
| author | Pauli <ppzgs1@gmail.com> | 2024-08-01 05:45:08 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-08-07 19:35:51 +0200 |
| commit | 47f8f0d6e528bd7a00ff00d0ae30d5ae67e5ed29 (patch) | |
| tree | 02dd2bc977b5e2f711b77aafcdd41497c2c53698 /util | |
| parent | rsa: disallow PKCS#1 version 1.5 padding for encrpytion under FIPS. (diff) | |
| download | openssl-47f8f0d6e528bd7a00ff00d0ae30d5ae67e5ed29.tar.xz openssl-47f8f0d6e528bd7a00ff00d0ae30d5ae67e5ed29.zip | |
fips: add PKCS#1 version 1.5 padding check option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
Diffstat (limited to 'util')
| -rw-r--r-- | util/mk-fipsmodule-cnf.pl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl index c1574b6948..82bc806102 100644 --- a/util/mk-fipsmodule-cnf.pl +++ b/util/mk-fipsmodule-cnf.pl @@ -18,6 +18,7 @@ my $drgb_no_trunc_dgst = 1; my $kdf_digest_check = 1; my $dsa_sign_disabled = 1; my $tdes_encrypt_disabled = 1; +my $pkcs15_pad_disable = 1; my $rsa_sign_x931_pad_disabled = 1; my $kdf_key_check = 1; my $pbkdf2_lower_bound_check = 1; @@ -66,6 +67,7 @@ sshkdf-digest-check = $kdf_digest_check sskdf-digest-check = $kdf_digest_check x963kdf-digest-check = $kdf_digest_check tdes-encrypt-disabled = $tdes_encrypt_disabled +rsa-pkcs15-padding-disabled = $pkcs15_pad_disable rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled hkdf-key-check = $kdf_key_check tls13-kdf-key-check = $kdf_key_check |