Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 07e4d7f4747005e3ce56423182ad047eb05d8e16
https://github.com/openssl/openssl/commit/07e4d7f4747005e3ce56423182ad047eb05d8e16
Author: slontis <shane.lon...@oracle.com>
Date: 2024-07-29 (Mon, 29 Jul 2024)
Changed paths:
M apps/fipsinstall.c
M crypto/rsa/rsa_ossl.c
M crypto/rsa/rsa_x931.c
M doc/man1/openssl-fipsinstall.pod.in
M doc/man7/EVP_SIGNATURE-RSA.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M doc/man7/provider-signature.pod
M include/openssl/fips_names.h
M providers/common/include/prov/fipscommon.h
M providers/fips/fipsprov.c
M providers/implementations/signature/rsa_sig.c
M test/evp_test.c
M test/recipes/30-test_evp_data/evppkey_rsa_common.txt
M util/mk-fipsmodule-cnf.pl
M util/perl/OpenSSL/paramnames.pm
Log Message:
-----------
Add RSA Signature restrictions for X9.31 padding in the FIPS provider.
In FIPS 140-3, RSA Signing with X9.31 padding is not approved,
but verification is allowed for legacy purposes. An indicator has been added
for RSA signing with X9.31 padding.
A strict restriction on the size of the RSA modulus has been added
i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec).
Added implementation comments to the X9.31 padding code
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24021)
To unsubscribe from these emails, change your notification settings at
https://github.com/openssl/openssl/settings/notifications
