Commit Graph

17 Commits (67bb06894f278ebffa420ab704c063b5d1925614)

Author SHA1 Message Date
Sahana Prasad 05b87f449d Remove the listing of brainpool curves in FIPS mode
1 year ago
Sahana Prasad 05bbcc9920 - Upload new upstream sources without manually hobbling them.
2 years ago
Dmitry Belyavskiy 4999352324 OpenSSL rsa_verify_recover key length checks in FIPS mode
2 years ago
Dmitry Belyavskiy 477d91adec Rebasing to OpenSSL 3.0.7
2 years ago
Dmitry Belyavskiy f4e1bded66 Improve diagnostics when passing unsupported groups in TLS
2 years ago
Dmitry Belyavskiy 8638196167 Ciphersuites with RSAPSK KX should be filterd in FIPS mode
2 years ago
Dmitry Belyavskiy b5de6bd830 In FIPS mode limit key sizes for signature verification
3 years ago
Dmitry Belyavskiy 7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode
3 years ago
Dmitry Belyavskiy b393177f7d `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
3 years ago
Dmitry Belyavskiy 69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
3 years ago
Dmitry Belyavskiy 1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
3 years ago
Dmitry Belyavskiy ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms
3 years ago
Dmitry Belyavskiy 02c75e5a65 We dont'want totally forbid RSA encryption.
3 years ago
Dmitry Belyavskiy 7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport
3 years ago
Dmitry Belyavskiy 922b5301ea Adjust FIPS provider version
3 years ago
Dmitry Belyavskiy d237e7f301 Restoring fips=yes to SHA-1
3 years ago
Dmitry Belyavskiy cc37486d86 Minimize the list of services allowed for FIPS
3 years ago