[rpms/openssl] rebase_40beta: Use SHA256 in the RSA pairwise key consistency check

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Use SHA256 in the RSA pairwise key consistency check
Date: Tue, 09 Jun 2026 12:44:24 GMT	[thread overview]
Message-ID: <178100906459.1.9059065665211684586.rpms-openssl-757524ec0067@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 757524ec0067a0856ebf37f1d12616b433a78855
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2019-02-06T12:56:35+01:00
Stats  : +6/-8 in 1 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/757524ec0067a0856ebf37f1d12616b433a78855?branch=rebase_40beta

Log:
Use SHA256 in the RSA pairwise key consistency check

---
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index d24242b..ce35cda 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -10120,7 +10120,7 @@ diff -up openssl-1.1.1/crypto/rsa/rsa_err.c.fips openssl-1.1.1/crypto/rsa/rsa_er
 diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_gen.c
 --- openssl-1.1.1/crypto/rsa/rsa_gen.c.fips	2018-09-11 14:48:21.000000000 +0200
 +++ openssl-1.1.1/crypto/rsa/rsa_gen.c	2018-09-13 08:51:22.118520736 +0200
-@@ -18,6 +18,78 @@
+@@ -18,6 +18,76 @@
  #include "internal/cryptlib.h"
  #include <openssl/bn.h>
  #include "rsa_locl.h"
@@ -10142,11 +10142,9 @@ diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_ge
 +
 +    /* Perform pairwise consistency signature test */
 +    if (!fips_pkey_signature_test(pk, tbs, -1,
-+                                  NULL, 0, EVP_sha1(),
++                                  NULL, 0, EVP_sha256(),
 +                                  EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-+        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
-+                                     EVP_MD_CTX_FLAG_PAD_X931, NULL)
-+        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
++        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(),
 +                                     EVP_MD_CTX_FLAG_PAD_PSS, NULL))
 +        goto err;
 +    /* Now perform pairwise consistency encrypt/decrypt test */
@@ -10199,7 +10197,7 @@ diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_ge
  
  static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                                BN_GENCB *cb);
-@@ -31,6 +103,13 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -31,6 +101,13 @@ static int rsa_builtin_keygen(RSA *rsa,
   */
  int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  {
@@ -10213,7 +10211,7 @@ diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_ge
      if (rsa->meth->rsa_keygen != NULL)
          return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
  
-@@ -41,6 +120,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi
+@@ -41,6 +118,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi
  int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
                                   BIGNUM *e_value, BN_GENCB *cb)
  {
@@ -10227,7 +10225,7 @@ diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_ge
      /* multi-prime is only supported with the builtin key generation */
      if (rsa->meth->rsa_multi_prime_keygen != NULL) {
          return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
-@@ -57,10 +143,285 @@ int RSA_generate_multi_prime_key(RSA *rs
+@@ -57,10 +141,285 @@ int RSA_generate_multi_prime_key(RSA *rs
          else
              return 0;
      }

                 reply	other threads:[~2026-06-09 12:44 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100906459.1.9059065665211684586.rpms-openssl-757524ec0067@fedoraproject.org \
    --to=tmraz@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox