From: Pauli <ppzgs1@gmail.com>
Date: Thu, 1 Aug 2024 03:45:08 +0000 (+1000)
Subject: fips: add PKCS#1 version 1.5 padding check option
X-Git-Tag: openssl-3.4.0-alpha1~202
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47f8f0d6e528bd7a00ff00d0ae30d5ae67e5ed29;p=thirdparty%2Fopenssl.git

fips: add PKCS#1 version 1.5 padding check option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
---

diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index c1574b69482..82bc8061021 100644
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -18,6 +18,7 @@ my $drgb_no_trunc_dgst = 1;
 my $kdf_digest_check = 1;
 my $dsa_sign_disabled = 1;
 my $tdes_encrypt_disabled = 1;
+my $pkcs15_pad_disable = 1;
 my $rsa_sign_x931_pad_disabled = 1;
 my $kdf_key_check = 1;
 my $pbkdf2_lower_bound_check = 1;
@@ -66,6 +67,7 @@ sshkdf-digest-check = $kdf_digest_check
 sskdf-digest-check = $kdf_digest_check
 x963kdf-digest-check = $kdf_digest_check
 tdes-encrypt-disabled = $tdes_encrypt_disabled
+rsa-pkcs15-padding-disabled = $pkcs15_pad_disable
 rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled
 hkdf-key-check = $kdf_key_check
 tls13-kdf-key-check = $kdf_key_check