]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a7d2754) | patch
FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures
authorslontis <shane.lontis@oracle.com>
Fri, 29 Aug 2025 04:11:59 +0000 (14:11 +1000)
committerPauli <ppzgs1@gmail.com>
Tue, 2 Sep 2025 23:48:47 +0000 (09:48 +1000)
commit5ce54ae14bd1ad1934dfe493fe39d89eb1d5b72d
tree964342045c37ae3dd08fa339e89eb21014418917tree
parenta7d2754661e85d14d9629fb4db0f8f5fcef28e61commit | diff
FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures

These algorithms do not have OIDS (Note that RSA does have OIDS),
and are not valid values for FIPS.
Note that this was only possible if the "ECDSA" algorithm is fetched.
Note that "ECDSA-SHA512-256" and "ECDSA-SHA512-224" are not currently
fetchable.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28377)
providers/common/securitycheck_fips.c diff | blob | blame | history
providers/fips/include/fips/fipsindicator.h diff | blob | blame | history
providers/implementations/signature/dsa_sig.c.in diff | blob | blame | history
providers/implementations/signature/ecdsa_sig.c.in diff | blob | blame | history
providers/implementations/signature/rsa_sig.c.in diff | blob | blame | history
test/recipes/30-test_evp_data/evppkey_ecdsa.txt diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git