openssl/providers/fips
Dimitri John Ledkov 9d70bba135 fips no-des: compile out TDES KAT
FIPS provider correctly supports no-des build time option and doesn't
advertise DES related algorithms. However KAT test for DES is still
attempted to be executed and fails.

This prevents configuring FIPS provider without legacy behaviour as
defined in SP 800-131Arev2. Also see #25761 internal docs.

Fix `enable-fips no-des` build option, and add a daily checker for
"legacy-free" (as much as currently feasible) FIPS configuration.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25762)
2024-10-24 15:27:43 +02:00
..
include kdfs: implement key length check in X9.42 2024-09-30 20:03:49 +02:00
build.info Add FIPS indicator helpers 2024-07-11 08:29:43 +10:00
fips_entry.c
fipsindicator.c Cleanups for FIPS options.. 2024-08-28 14:46:16 +02:00
fipsprov.c jitter: support an internal jitter entropy source in the FIPS provider 2024-10-09 13:53:10 +11:00
self_test_data.inc fips no-des: compile out TDES KAT 2024-10-24 15:27:43 +02:00
self_test_kats.c Change FIPS self tests to use EVP_PKEY_sign/verify API. 2024-10-04 17:41:13 +02:00
self_test.c Copyright year updates 2024-09-05 09:35:49 +02:00
self_test.h Copyright year updates 2024-09-05 09:35:49 +02:00