Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-36679

CMS encryption doesn't work by default in FIPS mode

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • 0.5
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q3
    • Hide
      • when in non-FIPS mode, cms encryption with RSA keys uses PKCS#1 v1.5 padding with 3DES cipher
      • when in non-FIPS mode, cms encryption with ECDSA keys uses single-pass DH with SHA-1 KDF and 3DES cipher
      • when in FIPS mode, cms encryption with RSA keys use RSA-OAEP with AES-128-CBC cipher
      • when in FIPS mode, cms encryption with ECDSA keys uses single-pass DH with SHA-1 KDF and AES-128-CBC cipher
      Show
      when in non-FIPS mode, cms encryption with RSA keys uses PKCS#1 v1.5 padding with 3DES cipher when in non-FIPS mode, cms encryption with ECDSA keys uses single-pass DH with SHA-1 KDF and 3DES cipher when in FIPS mode, cms encryption with RSA keys use RSA-OAEP with AES-128-CBC cipher when in FIPS mode, cms encryption with ECDSA keys uses single-pass DH with SHA-1 KDF and AES-128-CBC cipher
    • Pass
    • None
    • Unspecified Release Note Type - Unknown
    • None

      When openssl is used to encrypt a file using asymmetric cryptography using CMS in FIPS mode, the operation fails both with RSA and with ECDSA key.

      openssl-3.2.1-3.el10

              hkario@redhat.com Alicja Kario
              hkario@redhat.com Alicja Kario
              Dmitry Belyavskiy Dmitry Belyavskiy
              Alicja Kario Alicja Kario
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: