-
Bug
-
Resolution: Not a Bug
-
Minor
-
None
-
rhel-10.1
-
None
-
No
-
Low
-
rhel-security-crypto-clubs
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
All
-
None
What were you trying to do that didn't work?
# openssl dgst -sha384 -sigopt rsa_padding_mode:pss -sign rsa/3096/key -out tmp-sig -sigopt rsa_mgf1_md:sha1 message.txt Signature parameter error "rsa_mgf1_md:sha1" 80C2FE08AD7F0000:error:1C8000AE:Provider routines:rsa_setup_mgf1_md:digest not allowed:providers/implementations/signature/rsa_sig.c:484:digest=sha1
This was allowed when using openssl-fips-provider.
Please provide the package NVR for which the bug is seen:
fips-provider-next-1.2.0-1.el10
Steps to reproduce
- Enable FIPS mode.
- See the description.
Expected results
Message can be signed using rsa_mgf1_md:sha1.
Additional information
Tested by /CoreOS/openssl/Regression/bz2142121-In-FIPS-mode-openssl-should-reject-SHAKE-as.