Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0 #21957

Closed
wants to merge 1 commit into from
Closed

04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0 #21957

wants to merge 1 commit into from

Conversation

t8m
Copy link
Member

@t8m t8m commented Sep 4, 2023

The test encrypted RSA key with DES3 which is still allowed in the 3.0 fips provider.

Instead use the traditional key format that uses MD5 to create the password based key. MD5 is disallowed in the 3.0 fips provider.

This should fix Provider compatibility CI:
https://github.com/openssl/openssl/actions/runs/6075083978/job/16480942800

Checklist
  • tests are added or updated

@t8m
04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0
d88c14c 
The test encrypted RSA key with DES3 which is still
allowed in the 3.0 fips provider.

Instead use the traditional key format that uses MD5
to create the password based key. MD5 is disallowed
in the 3.0 fips provider.
@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug severity: urgent Fixes an urgent issue (exempt from 24h grace period) tests: exempted The PR is exempt from requirements for testing labels Sep 4, 2023
@t8m
Copy link
Member Author

t8m commented Sep 4, 2023

Urgent as this is a CI failure fix.

@t8m t8m requested a review from slontis September 4, 2023 19:44
@paulidale paulidale removed the approval: otc review pending This pull request needs review by an OTC member label Sep 4, 2023
@paulidale
Copy link
Contributor

Okay with urgent.

slontis
slontis approved these changes Sep 5, 2023
View reviewed changes
Copy link
Member

@slontis slontis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok with urgent..

Verified that it uses PEM_do_header() which calls EVP_BytesToKey() using MD5.

@slontis slontis added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Sep 5, 2023
@t8m
Copy link
Member Author

t8m commented Sep 5, 2023

Merged to the master branch. Thank you for the reviews.

@t8m t8m closed this Sep 5, 2023
openssl-machine pushed a commit that referenced this pull request Sep 5, 2023
@t8m
04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0
75ac8f0 
The test encrypted RSA key with DES3 which is still
allowed in the 3.0 fips provider.

Instead use the traditional key format that uses MD5
to create the password based key. MD5 is disallowed
in the 3.0 fips provider.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21957)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulidale paulidale paulidale approved these changes

@slontis slontis slontis approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch severity: urgent Fixes an urgent issue (exempt from 24h grace period) tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@t8m @paulidale @slontis