git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Thu, 25 Sep 2025 20:08:37 +0000 (16:08 -0400)
committer	Neil Horman <nhorman@openssl.org>
	Sat, 27 Sep 2025 20:07:20 +0000 (16:07 -0400)
commit	033a3480ca317caa8284ace552a4d97e39d2173a
tree	ffceab2bd80dfa7bfd8b15af42aa5717863c6551	tree \| snapshot
parent	25d9b42e7266e9f1d469867f1a39434bacfe92d6	commit \| diff

Revert "fips: remove redundant RSA encrypt/decrypt KAT"

This reverts commit 635bf4946a7e948f26a348ddc3b5a8d282354f64.

During code review for FIPS-140-3 certification, our lab noticed that
the known answer test for RSA was removed. This was done in the above
commit, as part of
https://github.com/openssl/openssl/pull/25988

Under the assertion that FIPS 140-3 Implementation Guidance section D.G
had relaxed the requirements for testing, obviating the need for this
test.

However, for the 3.5 FIPS-140-3 certification we are adding assertions
for support of KAS-IFC-SSC, which follows FIPS-140-3 I.G section D.F,
which does not contain the same relaxed constraints. As such we need to
reintroduce the test.

While the specifics of the I.G requirements are slightly different in
D.F (allowing for other, potentially less time-consuming tests), the
most expedient path forward here is to simply re-introduce the test as
it existed previously, hence the reversion of the above commit.

Fixes openssl/private#832

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28676)

(cherry picked from commit 3206bb708246a97b281133009a419fb7421971d9)

providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history
test/recipes/03-test_fipsinstall.t		diff \| blob \| blame \| history