mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
32,935 Commits 34 Branches 385 Tags 420 MiB
c20d923b46
Commit Graph

5 Commits

Author SHA1 Message Date
slontis
50ea5cdcb7 Add option to FIPS module to enforce EMS check during KDF TLS1_PRF. 
Fixes #19989

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)
 2023-03-07 18:24:45 +01:00
Matt Caswell
6ce58488bd Store some FIPS global variables in the FIPS_GLOBAL structure 
We had some FIPS global variables that were based on values from the
config file. In theory if two instances of the fips module are loaded
they could be based on different config files which would cause this to
fail. Instead we store them in the FIPS_GLOBAL structure.

Fixes #14364

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14814)
 2021-04-16 14:27:28 +01:00
Matt Caswell
8020d79b40 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
 2021-03-11 13:27:36 +00:00
Shane Lontis
7b676cc8c6 Fix external symbols related to provider related security checks for 
keys and digests.

Partial fix for #12964

This adds ossl_ names for the following symbols:

digest_get_approved_nid, digest_get_approved_nid_with_sha1
digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid,
securitycheck_enabled,
dh_check_key, dsa_check_key, ec_check_key,

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
 2021-02-18 21:14:32 +10:00
Shane Lontis
7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
 2020-09-18 14:20:39 +01:00