Index: openssl-1.1.1l/crypto/rsa/rsa_pmeth.c =================================================================== --- openssl-1.1.1l.orig/crypto/rsa/rsa_pmeth.c +++ openssl-1.1.1l/crypto/rsa/rsa_pmeth.c @@ -140,13 +140,11 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - /* PKCS1-v1.5 padding is disallowed after 2023 */ - fips_sli_disapprove_EVP_PKEY_CTX(ctx); ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa); - if (ret <= 0) return ret; + fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md); ret = sltmp; } else if (rctx->pad_mode == RSA_X931_PADDING) { if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { @@ -179,13 +177,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { - /* PKCS1-v1.5 padding is disallowed after 2023 */ - fips_sli_disapprove_EVP_PKEY_CTX(ctx); unsigned int sltmp; ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; + fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md); ret = sltmp; } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { if (!setup_tbuf(rctx, ctx)) @@ -290,10 +287,13 @@ static int pkey_rsa_verify(EVP_PKEY_CTX if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) { - /* PKCS1-v1.5 padding is disallowed after 2023 */ - fips_sli_disapprove_EVP_PKEY_CTX(ctx); - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); + int ret; + ret = RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + sig, siglen, rsa); + if (ret <= 0) + return 0; + fips_sli_check_hash_sigver_EVP_PKEY_CTX(ctx, rctx->md); + return ret; } if (tbslen != (size_t)EVP_MD_size(rctx->md)) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);