Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-107193

Signature parameter error when using rsa_mgf1_md:sha1

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Minor Minor
    • None
    • rhel-10.1
    • fips-provider-next
    • None
    • No
    • Low
    • rhel-security-crypto-clubs
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

       

      # openssl dgst -sha384 -sigopt rsa_padding_mode:pss -sign rsa/3096/key -out tmp-sig -sigopt rsa_mgf1_md:sha1 message.txt
      
      Signature parameter error "rsa_mgf1_md:sha1" 80C2FE08AD7F0000:error:1C8000AE:Provider routines:rsa_setup_mgf1_md:digest not allowed:providers/implementations/signature/rsa_sig.c:484:digest=sha1

       

      This was allowed when using openssl-fips-provider.

      Please provide the package NVR for which the bug is seen:

      fips-provider-next-1.2.0-1.el10

      Steps to reproduce

      1. Enable FIPS mode.
      2. See the description.

      Expected results

      Message can be signed using rsa_mgf1_md:sha1.

      Additional information

      Tested by /CoreOS/openssl/Regression/bz2142121-In-FIPS-mode-openssl-should-reject-SHAKE-as.

      Actual results

              rhn-engineering-ssorce Simo Sorce
              omoris Ondrej Moris
              Simo Sorce Simo Sorce
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: