29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
Index: openssl-3.1.4/crypto/rsa/rsa_gen.c
|
|
===================================================================
|
|
--- openssl-3.1.4.orig/crypto/rsa/rsa_gen.c
|
|
+++ openssl-3.1.4/crypto/rsa/rsa_gen.c
|
|
@@ -428,7 +428,12 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
|
|
|
#ifdef FIPS_MODULE
|
|
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
|
|
- pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
|
|
+ /* FIPS MODE needs to always run the pairwise test. But, the
|
|
+ * rsa_keygen_pairwise_test() PCT as self-test requirements will be
|
|
+ * covered by do_rsa_pct() for both RSA-OAEP and RSA signatures and
|
|
+ * this PCT can be skipped here. See bsc#1221760 for more info.
|
|
+ */
|
|
+ pairwise_test = 0;
|
|
#else
|
|
/*
|
|
* Only multi-prime keys or insecure keys with a small key length or a
|
|
@@ -463,6 +468,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
|
rsa->dmp1 = NULL;
|
|
rsa->dmq1 = NULL;
|
|
rsa->iqmp = NULL;
|
|
+#ifdef FIPS_MODULE
|
|
+ abort();
|
|
+#endif /* FIPS_MODULE */
|
|
}
|
|
}
|
|
return ok;
|