Blame SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch

727bdf
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
727bdf
From: Clemens Lang <cllang@redhat.com>
727bdf
Date: Fri, 22 Jul 2022 13:59:37 +0200
727bdf
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
727bdf
727bdf
Review by our lab for FIPS 140-3 certification expects the RSA
727bdf
encryption and decryption tests to use a supported padding mode, not raw
727bdf
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
727bdf
727bdf
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
727bdf
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
727bdf
a known-answer test, a comparison test, or a fault-detection test.
727bdf
727bdf
Comparison tests are not an option, because they would require
727bdf
a separate implementation of RSA-OAEP, which we do not have. Fault
727bdf
detection tests require implementing fault detection mechanisms into the
727bdf
cryptographic algorithm implementation, we we also do not have.
727bdf
727bdf
As a consequence, a known-answer test must be used to test RSA
727bdf
encryption and decryption, but RSA encryption with OAEP padding is not
727bdf
deterministic, and thus encryption will always yield different results
727bdf
that could not be compared to known answers. For this reason, this
727bdf
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
727bdf
which is the source of randomness for RSA-OAEP, to a fixed value. This
727bdf
setting is only available during self-test execution, and the parameter
727bdf
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
727bdf
727bdf
Signed-off-by: Clemens Lang <cllang@redhat.com>
727bdf
---
727bdf
 crypto/rsa/rsa_local.h                        |  8 ++
727bdf
 crypto/rsa/rsa_oaep.c                         | 34 ++++++--
727bdf
 include/openssl/core_names.h                  |  3 +
727bdf
 providers/fips/self_test_data.inc             | 83 +++++++++++--------
727bdf
 providers/fips/self_test_kats.c               |  7 ++
727bdf
 .../implementations/asymciphers/rsa_enc.c     | 41 ++++++++-
727bdf
 6 files changed, 133 insertions(+), 43 deletions(-)
727bdf
727bdf
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
727bdf
index ea70da05ad..dde57a1a0e 100644
727bdf
--- a/crypto/rsa/rsa_local.h
727bdf
+++ b/crypto/rsa/rsa_local.h
727bdf
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
727bdf
                                          int tlen, const unsigned char *from,
727bdf
                                          int flen);
727bdf
 
727bdf
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
727bdf
+                                             unsigned char *to, int tlen,
727bdf
+                                             const unsigned char *from, int flen,
727bdf
+                                             const unsigned char *param,
727bdf
+                                             int plen, const EVP_MD *md,
727bdf
+                                             const EVP_MD *mgf1md,
727bdf
+                                             const char *redhat_st_seed);
727bdf
+
727bdf
 #endif /* OSSL_CRYPTO_RSA_LOCAL_H */
727bdf
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
727bdf
index d9be1a4f98..b2f7f7dc4b 100644
727bdf
--- a/crypto/rsa/rsa_oaep.c
727bdf
+++ b/crypto/rsa/rsa_oaep.c
727bdf
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
727bdf
                                                    param, plen, NULL, NULL);
727bdf
 }
727bdf
 
727bdf
+#ifdef FIPS_MODULE
727bdf
+extern int REDHAT_FIPS_asym_cipher_st;
727bdf
+#endif /* FIPS_MODULE */
727bdf
+
727bdf
 /*
727bdf
  * Perform the padding as per NIST 800-56B 7.2.2.3
727bdf
  *      from (K) is the key material.
727bdf
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
727bdf
  * Step numbers are included here but not in the constant time inverse below
727bdf
  * to avoid complicating an already difficult enough function.
727bdf
  */
727bdf
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
727bdf
-                                            unsigned char *to, int tlen,
727bdf
-                                            const unsigned char *from, int flen,
727bdf
-                                            const unsigned char *param,
727bdf
-                                            int plen, const EVP_MD *md,
727bdf
-                                            const EVP_MD *mgf1md)
727bdf
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
727bdf
+                                             unsigned char *to, int tlen,
727bdf
+                                             const unsigned char *from, int flen,
727bdf
+                                             const unsigned char *param,
727bdf
+                                             int plen, const EVP_MD *md,
727bdf
+                                             const EVP_MD *mgf1md,
727bdf
+                                             const char *redhat_st_seed)
727bdf
 {
727bdf
     int rv = 0;
727bdf
     int i, emlen = tlen - 1;
727bdf
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
727bdf
     db[emlen - flen - mdlen - 1] = 0x01;
727bdf
     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
727bdf
     /* step 3d: generate random byte string */
727bdf
+#ifdef FIPS_MODULE
727bdf
+    if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
727bdf
+        memcpy(seed, redhat_st_seed, mdlen);
727bdf
+    } else
727bdf
+#endif
727bdf
     if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
727bdf
         goto err;
727bdf
 
727bdf
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
727bdf
     return rv;
727bdf
 }
727bdf
 
727bdf
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
727bdf
+                                            unsigned char *to, int tlen,
727bdf
+                                            const unsigned char *from, int flen,
727bdf
+                                            const unsigned char *param,
727bdf
+                                            int plen, const EVP_MD *md,
727bdf
+                                            const EVP_MD *mgf1md)
727bdf
+{
727bdf
+    return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
727bdf
+                                                    flen, param, plen, md,
727bdf
+                                                    mgf1md, NULL);
727bdf
+}
727bdf
+
727bdf
 int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
727bdf
                                     const unsigned char *from, int flen,
727bdf
                                     const unsigned char *param, int plen,
727bdf
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
727bdf
index 59a6e79566..11216fb8f8 100644
727bdf
--- a/include/openssl/core_names.h
727bdf
+++ b/include/openssl/core_names.h
727bdf
@@ -469,6 +469,9 @@ extern "C" {
727bdf
 #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
727bdf
 #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
727bdf
 #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
727bdf
+#ifdef FIPS_MODULE
727bdf
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED     "redhat-kat-oaep-seed"
727bdf
+#endif
727bdf
 
727bdf
 /*
727bdf
  * Encoder / decoder parameters
727bdf
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
727bdf
index 4e30ec56dd..0103c87528 100644
727bdf
--- a/providers/fips/self_test_data.inc
727bdf
+++ b/providers/fips/self_test_data.inc
727bdf
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
727bdf
     ST_KAT_PARAM_END()
727bdf
 };
727bdf
 
727bdf
+/*-
727bdf
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
727bdf
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
727bdf
+ * HP/UX PA-RISC compilers.
727bdf
+ */
727bdf
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
727bdf
+static const char oaep_fixed_seed[] = {
727bdf
+    0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
727bdf
+    0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
727bdf
+    0x2e, 0x4b, 0x2c, 0xe6
727bdf
+};
727bdf
+
727bdf
 static const ST_KAT_PARAM rsa_enc_params[] = {
727bdf
-    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
727bdf
-                            OSSL_PKEY_RSA_PAD_MODE_NONE),
727bdf
+    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
727bdf
+    ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
727bdf
+                       oaep_fixed_seed),
727bdf
     ST_KAT_PARAM_END()
727bdf
 };
727bdf
 
727bdf
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
727bdf
     0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
727bdf
 };
727bdf
 
727bdf
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
727bdf
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
727bdf
    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
727bdf
    0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
727bdf
 };
727bdf
 static const unsigned char rsa_asym_expected_encrypt[256] = {
727bdf
-    0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
727bdf
-    0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
727bdf
-    0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
727bdf
-    0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
727bdf
-    0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
727bdf
-    0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
727bdf
-    0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
727bdf
-    0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
727bdf
-    0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
727bdf
-    0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
727bdf
-    0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
727bdf
-    0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
727bdf
-    0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
727bdf
-    0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
727bdf
-    0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
727bdf
-    0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
727bdf
-    0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
727bdf
-    0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
727bdf
-    0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
727bdf
-    0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
727bdf
-    0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
727bdf
-    0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
727bdf
-    0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
727bdf
-    0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
727bdf
-    0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
727bdf
-    0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
727bdf
-    0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
727bdf
-    0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
727bdf
-    0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
727bdf
-    0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
727bdf
-    0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
727bdf
-    0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
727bdf
+    0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
727bdf
+    0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
727bdf
+    0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
727bdf
+    0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
727bdf
+    0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
727bdf
+    0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
727bdf
+    0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
727bdf
+    0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
727bdf
+    0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
727bdf
+    0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
727bdf
+    0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
727bdf
+    0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
727bdf
+    0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
727bdf
+    0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
727bdf
+    0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
727bdf
+    0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
727bdf
+    0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
727bdf
+    0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
727bdf
+    0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
727bdf
+    0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
727bdf
+    0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
727bdf
+    0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
727bdf
+    0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
727bdf
+    0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
727bdf
+    0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
727bdf
+    0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
727bdf
+    0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
727bdf
+    0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
727bdf
+    0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
727bdf
+    0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
727bdf
+    0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
727bdf
+    0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
727bdf
 };
727bdf
 
727bdf
 #ifndef OPENSSL_NO_EC
727bdf
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
727bdf
index 064794d9bf..b6d5e8e134 100644
727bdf
--- a/providers/fips/self_test_kats.c
727bdf
+++ b/providers/fips/self_test_kats.c
727bdf
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
727bdf
     return ret;
727bdf
 }
727bdf
 
727bdf
+int REDHAT_FIPS_asym_cipher_st = 0;
727bdf
+
727bdf
 static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
727bdf
 {
727bdf
     int i, ret = 1;
727bdf
 
727bdf
+    REDHAT_FIPS_asym_cipher_st = 1;
727bdf
+
727bdf
     for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
727bdf
         if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
727bdf
             ret = 0;
727bdf
     }
727bdf
+
727bdf
+    REDHAT_FIPS_asym_cipher_st = 0;
727bdf
+
727bdf
     return ret;
727bdf
 }
727bdf
 
727bdf
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
727bdf
index 00cf65fcd6..83be3d8ede 100644
727bdf
--- a/providers/implementations/asymciphers/rsa_enc.c
727bdf
+++ b/providers/implementations/asymciphers/rsa_enc.c
727bdf
@@ -30,6 +30,9 @@
727bdf
 #include "prov/implementations.h"
727bdf
 #include "prov/providercommon.h"
727bdf
 #include "prov/securitycheck.h"
727bdf
+#ifdef FIPS_MODULE
727bdf
+# include "crypto/rsa/rsa_local.h"
727bdf
+#endif
727bdf
 
727bdf
 #include <stdlib.h>
727bdf
 
727bdf
@@ -75,6 +78,9 @@ typedef struct {
727bdf
     /* TLS padding */
727bdf
     unsigned int client_version;
727bdf
     unsigned int alt_version;
727bdf
+#ifdef FIPS_MODULE
727bdf
+    char *redhat_st_oaep_seed;
727bdf
+#endif /* FIPS_MODULE */
727bdf
 } PROV_RSA_CTX;
727bdf
 
727bdf
 static void *rsa_newctx(void *provctx)
727bdf
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
727bdf
             return 0;
727bdf
         }
727bdf
         ret =
727bdf
-            ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
727bdf
+#ifdef FIPS_MODULE
727bdf
+            ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
727bdf
+#else
727bdf
+            ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
727bdf
+#endif
727bdf
+                                                    prsactx->libctx, tbuf,
727bdf
                                                     rsasize, in, inlen,
727bdf
                                                     prsactx->oaep_label,
727bdf
                                                     prsactx->oaep_labellen,
727bdf
                                                     prsactx->oaep_md,
727bdf
-                                                    prsactx->mgf1_md);
727bdf
+                                                    prsactx->mgf1_md
727bdf
+#ifdef FIPS_MODULE
727bdf
+                                                    , prsactx->redhat_st_oaep_seed
727bdf
+#endif
727bdf
+                                                    );
727bdf
 
727bdf
         if (!ret) {
727bdf
             OPENSSL_free(tbuf);
727bdf
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
727bdf
     EVP_MD_free(prsactx->oaep_md);
727bdf
     EVP_MD_free(prsactx->mgf1_md);
727bdf
     OPENSSL_free(prsactx->oaep_label);
727bdf
+#ifdef FIPS_MODULE
727bdf
+    OPENSSL_free(prsactx->redhat_st_oaep_seed);
727bdf
+#endif /* FIPS_MODULE */
727bdf
 
727bdf
     OPENSSL_free(prsactx);
727bdf
 }
727bdf
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
727bdf
                     NULL, 0),
727bdf
     OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
727bdf
     OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
727bdf
+#ifdef FIPS_MODULE
727bdf
+    OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
727bdf
+#endif /* FIPS_MODULE */
727bdf
     OSSL_PARAM_END
727bdf
 };
727bdf
 
727bdf
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
727bdf
     return known_gettable_ctx_params;
727bdf
 }
727bdf
 
727bdf
+#ifdef FIPS_MODULE
727bdf
+extern int REDHAT_FIPS_asym_cipher_st;
727bdf
+#endif /* FIPS_MODULE */
727bdf
+
727bdf
 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
727bdf
 {
727bdf
     PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
727bdf
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
727bdf
         prsactx->oaep_labellen = tmp_labellen;
727bdf
     }
727bdf
 
727bdf
+#ifdef FIPS_MODULE
727bdf
+    p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
727bdf
+    if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
727bdf
+        void *tmp_oaep_seed = NULL;
727bdf
+
727bdf
+        if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
727bdf
+            return 0;
727bdf
+        OPENSSL_free(prsactx->redhat_st_oaep_seed);
727bdf
+        prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
727bdf
+    }
727bdf
+#endif /* FIPS_MODULE */
727bdf
+
727bdf
     p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
727bdf
     if (p != NULL) {
727bdf
         unsigned int client_version;
727bdf
-- 
727bdf
2.37.1
727bdf