git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Thu, 25 Sep 2025 20:08:37 +0000 (16:08 -0400)
committer	Neil Horman <nhorman@openssl.org>
	Sat, 27 Sep 2025 20:01:19 +0000 (16:01 -0400)
commit	3206bb708246a97b281133009a419fb7421971d9
tree	3c174dabc0f27fefa793dd953039f62a754933fa	tree \| snapshot
parent	3addc8bb3a8e62e701d44ae849437f97940632cd	commit \| diff

Revert "fips: remove redundant RSA encrypt/decrypt KAT"

This reverts commit 635bf4946a7e948f26a348ddc3b5a8d282354f64.

During code review for FIPS-140-3 certification, our lab noticed that
the known answer test for RSA was removed. This was done in the above
commit, as part of
https://github.com/openssl/openssl/pull/25988

Under the assertion that FIPS 140-3 Implementation Guidance section D.G
had relaxed the requirements for testing, obviating the need for this
test.

However, for the 3.5 FIPS-140-3 certification we are adding assertions
for support of KAS-IFC-SSC, which follows FIPS-140-3 I.G section D.F,
which does not contain the same relaxed constraints. As such we need to
reintroduce the test.

While the specifics of the I.G requirements are slightly different in
D.F (allowing for other, potentially less time-consuming tests), the
most expedient path forward here is to simply re-introduce the test as
it existed previously, hence the reversion of the above commit.

Fixes openssl/private#832

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28676)

providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history
test/recipes/03-test_fipsinstall.t		diff \| blob \| blame \| history