]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ef1b74) | patch
fips: Prohibit SHA1 in DH & ECDH exchange
authorDimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Mon, 23 Sep 2024 11:57:22 +0000 (12:57 +0100)
committerTomas Mraz <tomas@openssl.org>
Fri, 27 Sep 2024 07:13:05 +0000 (09:13 +0200)
commited6862328745c51c2afa2b6485cc3e275d543c4e
treea7255348819a7a2faf0d93d96427b0a7dcea6ac2tree
parent3ef1b7426b05c18419ba0eb6495ec761c91834c1commit | diff
fips: Prohibit SHA1 in DH & ECDH exchange

See Section 5 Key Agreement Using Diffie-Hellman and MQV of
[NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).

Strengths less than 112bits is disallowed, thus eliminating SHA1.

Skip cms test case that requires use of SHA1 with X9.42 DH.

Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check

Add myself to Changes for fips indicator work

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25517)
CHANGES.md diff | blob | blame | history
providers/common/securitycheck_fips.c diff | blob | blame | history
providers/fips/include/fips/fipsindicator.h diff | blob | blame | history
providers/implementations/exchange/dh_exch.c diff | blob | blame | history
providers/implementations/exchange/ecdh_exch.c diff | blob | blame | history
test/recipes/80-test_cms.t diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git