From 47f8f0d6e528bd7a00ff00d0ae30d5ae67e5ed29 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 1 Aug 2024 13:45:08 +1000
Subject: [PATCH] fips: add PKCS#1 version 1.5 padding check option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
---
 util/mk-fipsmodule-cnf.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index c1574b69482..82bc8061021 100644
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -18,6 +18,7 @@ my $drgb_no_trunc_dgst = 1;
 my $kdf_digest_check = 1;
 my $dsa_sign_disabled = 1;
 my $tdes_encrypt_disabled = 1;
+my $pkcs15_pad_disable = 1;
 my $rsa_sign_x931_pad_disabled = 1;
 my $kdf_key_check = 1;
 my $pbkdf2_lower_bound_check = 1;
@@ -66,6 +67,7 @@ sshkdf-digest-check = $kdf_digest_check
 sskdf-digest-check = $kdf_digest_check
 x963kdf-digest-check = $kdf_digest_check
 tdes-encrypt-disabled = $tdes_encrypt_disabled
+rsa-pkcs15-padding-disabled = $pkcs15_pad_disable
 rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled
 hkdf-key-check = $kdf_key_check
 tls13-kdf-key-check = $kdf_key_check
-- 
2.47.2