[openssl/openssl] 85caa4: Disable DSA signing in the FIPS provider.
Shane
noreply at github.com
Thu Jul 25 23:26:00 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 85caa417e0915aaae9fa6f87ccfa6c4c79b41dbb
https://github.com/openssl/openssl/commit/85caa417e0915aaae9fa6f87ccfa6c4c79b41dbb
Author: slontis <shane.lontis at oracle.com>
Date: 2024-07-26 (Fri, 26 Jul 2024)
Changed paths:
M apps/fipsinstall.c
M doc/man1/openssl-fipsinstall.pod.in
M doc/man7/EVP_SIGNATURE-DSA.pod
M doc/man7/provider-signature.pod
M include/openssl/fips_names.h
M providers/common/include/prov/fipscommon.h
M providers/common/include/prov/securitycheck.h
M providers/fips/fipsprov.c
M providers/fips/self_test_data.inc
M providers/fips/self_test_kats.c
M providers/implementations/signature/dsa_sig.c
M test/acvp_test.c
M test/evp_test.c
M test/recipes/20-test_cli_fips.t
M test/recipes/30-test_evp_data/evppkey_dsa.txt
M test/recipes/80-test_cms.t
M test/recipes/80-test_ssl_new.t
M test/recipes/80-test_ssl_old.t
M util/mk-fipsmodule-cnf.pl
M util/perl/OpenSSL/paramnames.pm
Log Message:
-----------
Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context.
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24799)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list