| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
38a71831 |
| 09-Jul-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Me
adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24821)
show more ...
|
| #
85caa417 |
| 04-Jul-2024 |
slontis |
Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATU
Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24799)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
71cf587e |
| 12-Jun-2023 |
Pauli |
fips: update DSA security check to fix legacy verify strengths
Refer SP 800-131Ar2 table 2:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
Fixes #21185
fips: update DSA security check to fix legacy verify strengths
Refer SP 800-131Ar2 table 2:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
Fixes #21185
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21186)
show more ...
|
| #
653a7706 |
| 04-Jul-2022 |
Clemens Lang |
APPS: dgst: Support properties when signing
The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and
APPS: dgst: Support properties when signing
The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and
add tests that check that operations that would usually fail with the
FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
Additionally, modify the behavior of dgst -list to also use the current
library context and property query. This reduces the output below the
headline "Supported digests" to a list of the digest algorithms that
will actually work with the current configuration, which is closer to
what users probably expect with this headline.
See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
show more ...
|
| #
30b2c359 |
| 15-Jun-2022 |
Clemens Lang |
APPS: dsaparam, gendsa: Support setting properties
The -provider and -propquery options did not work on dsaparam and
gendsa. Fix this and add tests that check that operations that are no
APPS: dsaparam, gendsa: Support setting properties
The -provider and -propquery options did not work on dsaparam and
gendsa. Fix this and add tests that check that operations that are not
supported by the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also https://bugzilla.redhat.com/show_bug.cgi?id=2094956, where this
was initially reported.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18576)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
e25b4db7 |
| 29-Sep-2020 |
Richard Levitte |
TEST: Remove the build of fipsmodule.cnf from test recipes
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's
TEST: Remove the build of fipsmodule.cnf from test recipes
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
show more ...
|
| #
3a2171f6 |
| 11-Feb-2021 |
Matt Caswell |
Don't forget the type of thing we are loading
The apps helper function load_key_certs_crls() is a general purpose
function for loading different types of objects from a given URI. It
Don't forget the type of thing we are loading
The apps helper function load_key_certs_crls() is a general purpose
function for loading different types of objects from a given URI. It
sets up an OSSL_STORE and calls OSSL_STORE_expect() so that the store
knows what type of thing to expect to load. Unfortunately this wasn't
working and was always setting "expect" to 0 - which means "anything".
Fixes #13709
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14191)
show more ...
|
| #
4605c5ab |
| 12-Nov-2020 |
Shane Lontis |
Fix dsa securitycheck for fips.
Fixes #12627
Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error w
Fix dsa securitycheck for fips.
Fixes #12627
Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
show more ...
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
fc959d71 |
| 22-Sep-2020 |
Shane Lontis |
Update openssl list to support new provider objects.
Added Keymanager, signatures, kem, asymciphers and keyexchange.
Added -select option so that specific algorithms are easier to view w
Update openssl list to support new provider objects.
Added Keymanager, signatures, kem, asymciphers and keyexchange.
Added -select option so that specific algorithms are easier to view when using -verbose
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
| #
39d9be39 |
| 26-Jun-2020 |
Nicola Tuveri |
Add CLI tests in FIPS configuration
Add positive and negative tests of CLI apps using configuration files
via environment variables to force FIPS mode.
Reviewed-by: Shane Lontis
Add CLI tests in FIPS configuration
Add positive and negative tests of CLI apps using configuration files
via environment variables to force FIPS mode.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12291)
show more ...
|
