fips: add PKCS#1 version 1.5 padding check option

author Pauli <ppzgs1@gmail.com>

Thu, 1 Aug 2024 03:45:08 +0000 (13:45 +1000)

committer Tomas Mraz <tomas@openssl.org>

Wed, 7 Aug 2024 17:35:51 +0000 (19:35 +0200)
author Pauli <ppzgs1@gmail.com>
Thu, 1 Aug 2024 03:45:08 +0000 (13:45 +1000)
committer Tomas Mraz <tomas@openssl.org>
Wed, 7 Aug 2024 17:35:51 +0000 (19:35 +0200)
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl

index c1574b69482852f5e2422017c1ac8f738a5aa2ac..82bc80610211e6fd3dab80787ad5fe74790c798f 100644 (file)
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -18,6 +18,7 @@ my $drgb_no_trunc_dgst = 1;
  my $kdf_digest_check = 1;
  my $dsa_sign_disabled = 1;
  my $tdes_encrypt_disabled = 1;
+my $pkcs15_pad_disable = 1;
  my $rsa_sign_x931_pad_disabled = 1;
  my $kdf_key_check = 1;
  my $pbkdf2_lower_bound_check = 1;
@@ -66,6 +67,7 @@ sshkdf-digest-check = $kdf_digest_check
  sskdf-digest-check = $kdf_digest_check
  x963kdf-digest-check = $kdf_digest_check
  tdes-encrypt-disabled = $tdes_encrypt_disabled
+rsa-pkcs15-padding-disabled = $pkcs15_pad_disable
  rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled
  hkdf-key-check = $kdf_key_check
  tls13-kdf-key-check = $kdf_key_check
author	Pauli <ppzgs1@gmail.com>
	Thu, 1 Aug 2024 03:45:08 +0000 (13:45 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 7 Aug 2024 17:35:51 +0000 (19:35 +0200)