git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Thu, 25 Sep 2025 20:08:37 +0000 (16:08 -0400)
committer	Neil Horman <nhorman@openssl.org>
	Sat, 27 Sep 2025 20:07:09 +0000 (16:07 -0400)
commit	1fd7ebe7e420b6c754e84e76db913119b1d48a23
tree	b8296eb85d393b00cbaf810863eca396d18c1923	tree \| snapshot
parent	4ea5644a67e0767bf2fe6090e15ab931e31452e6	commit \| diff

Revert "fips: remove redundant RSA encrypt/decrypt KAT"

This reverts commit 635bf4946a7e948f26a348ddc3b5a8d282354f64.

During code review for FIPS-140-3 certification, our lab noticed that
the known answer test for RSA was removed. This was done in the above
commit, as part of
https://github.com/openssl/openssl/pull/25988

Under the assertion that FIPS 140-3 Implementation Guidance section D.G
had relaxed the requirements for testing, obviating the need for this
test.

However, for the 3.5 FIPS-140-3 certification we are adding assertions
for support of KAS-IFC-SSC, which follows FIPS-140-3 I.G section D.F,
which does not contain the same relaxed constraints. As such we need to
reintroduce the test.

While the specifics of the I.G requirements are slightly different in
D.F (allowing for other, potentially less time-consuming tests), the
most expedient path forward here is to simply re-introduce the test as
it existed previously, hence the reversion of the above commit.

Fixes openssl/private#832

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28676)

(cherry picked from commit 3206bb708246a97b281133009a419fb7421971d9)

providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history
test/recipes/03-test_fipsinstall.t		diff \| blob \| blame \| history