]> git.ipfire.org Git - thirdparty/openssl.git/commit
Change all existing FIPS configurable checks to use FIPS indicators.
authorslontis <shane.lontis@oracle.com>
Mon, 1 Jul 2024 01:36:58 +0000 (11:36 +1000)
committerPauli <ppzgs1@gmail.com>
Wed, 10 Jul 2024 22:29:43 +0000 (08:29 +1000)
commitc13ddf0a6c71efac8ef546f0d3632341afab3f07
tree8c87439328e16479f39457c639d5128b3c7bee02
parentd4848934a61a668d16078f3118786c9a741b7efd
Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
32 files changed:
doc/man7/EVP_ASYM_CIPHER-RSA.pod
doc/man7/EVP_KDF-TLS1_PRF.pod
doc/man7/EVP_KEM-RSA.pod
doc/man7/EVP_KEYEXCH-DH.pod
doc/man7/EVP_KEYEXCH-ECDH.pod
doc/man7/EVP_SIGNATURE-DSA.pod
doc/man7/EVP_SIGNATURE-ECDSA.pod
doc/man7/EVP_SIGNATURE-RSA.pod
doc/man7/provider-asym_cipher.pod
doc/man7/provider-kem.pod
doc/man7/provider-keyexch.pod
doc/man7/provider-rand.pod
doc/man7/provider-signature.pod
providers/common/include/prov/fipsindicator.h
providers/common/include/prov/securitycheck.h
providers/common/securitycheck.c
providers/common/securitycheck_default.c
providers/common/securitycheck_fips.c
providers/implementations/asymciphers/rsa_enc.c
providers/implementations/exchange/dh_exch.c
providers/implementations/exchange/ecdh_exch.c
providers/implementations/kdfs/tls1_prf.c
providers/implementations/kem/rsa_kem.c
providers/implementations/rands/drbg.c
providers/implementations/rands/drbg_ctr.c
providers/implementations/rands/drbg_hash.c
providers/implementations/rands/drbg_hmac.c
providers/implementations/rands/drbg_local.h
providers/implementations/signature/dsa_sig.c
providers/implementations/signature/ecdsa_sig.c
providers/implementations/signature/rsa_sig.c
util/perl/OpenSSL/paramnames.pm