| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
05681e0e |
| 08-Aug-2024 |
slontis |
Add FIPS Indicator for ECDH cofactor.
FIPS KAS requires use of ECC CDH.
The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key w
Add FIPS Indicator for ECDH cofactor.
FIPS KAS requires use of ECC CDH.
The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key when deriving the shared secret.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25139)
show more ...
|
| #
06da1473 |
| 03-Jul-2024 |
slontis |
Add FIPS indicators to evp_test
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
u
Add FIPS indicators to evp_test
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
| #
7a810fac |
| 04-Sep-2020 |
Shane Lontis |
Add 'fips-securitychecks' option and plumb this into the actual fips checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
|
| #
341c3e7f |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for ecdh key agreement
For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when
Add fips checks for ecdh key agreement
For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when testing in fips mode.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
show more ...
|
| #
5ccada09 |
| 07-Aug-2020 |
Shane Lontis |
Add evp_test fixes.
Changed many tests so they also test fips (and removed 'availablein = default' from some tests).
Seperated the monolithic evppkey.txt file into smaller maintainable g
Add evp_test fixes.
Changed many tests so they also test fips (and removed 'availablein = default' from some tests).
Seperated the monolithic evppkey.txt file into smaller maintainable groups.
Changed the availablein option so it must be first - this then skips the entire test before any fetching happens.
Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg),
before the fetch happens.
Added missing libctx's found by adding a libctx to test_evp.
Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default'
Added missing algorithm aliases for cipher/digests to the providers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12236)
show more ...
|
