Bug 2102535

Summary: [FIPS lab review] self-test
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Clemens Lang <cllang>
Status: CLOSED CURRENTRELEASE QA Contact: Alicja Kario <hkario>
Severity: medium Docs Contact:
Priority: high    
Version: 9.0CC: cllang, hkario, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-3.0.1-39.el9_0 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2112978 (view as bug list) Environment:
Last Closed: 2023-06-05 15:54:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2112978    

Description Dmitry Belyavskiy 2022-06-30 07:29:40 UTC 
- self_test_sign

- the signature generation / verification should be done on a full message and not a pre-computed digest.

- rsa_enc_params should have one allowed padding mode (TBC)

- st_kat_kas_tests:
- DH: The self test looks like it uses an arbitrary PQG set. Considering the previous round, we only validated safeprimes (MODP, FFDHE) - please have a self test with one of those
Comment 1 Clemens Lang 2022-07-12 10:54:44 UTC 
As confirmed by the lab, rsa_enc_params should use OAEP padding.
Comment 7 Clemens Lang 2022-08-02 11:53:06 UTC 
https://gitlab.com/redhat/centos-stream/rpms/openssl/-/merge_requests/76
Comment 10 Clemens Lang 2023-06-05 15:54:47 UTC 
RHEL 9.1 contains openssl-3.0.1-43.el9_0.