root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
32,863 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
slontis 60c435aa6d Add FIPS build instructions 
If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)

(cherry picked from commit 2b42290f08)
 2023-07-14 11:35:47 +10:00
Pauli 4e258b5fe9 doc: update FIPS provider version information 
With 3.0.8 validated, we need to note this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21049)

(cherry picked from commit 73f59aa8eb)
 2023-06-01 16:20:56 +10:00
Matt Caswell cb224f4e27 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/20508)
 2023-03-14 12:49:46 +00:00
Pauli 73b0126150 update documentation to note that EdDSA is not FIPS approved 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20343)

(cherry picked from commit fdd4716dd6)
 2023-02-22 11:29:58 +11:00
Pauli 58f28b402a doc: remove EdDSA from list of non-FIPS algorithms. 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20219)

(cherry picked from commit 92c0e33e37)
 2023-02-08 07:50:31 +11:00
Pauli 12d2997109
fips: document that the EdDSA algorithms are not-validated 
Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent their accidental
use.  This therefore requires that applications always specify the "fips=yes"
property query to enforce FIPS correctness.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

(cherry picked from commit 8353b2dfac)
 2023-01-24 12:37:31 +00:00
slontis de22633a87 Add missing HISTORY sections for OpenSSL 3.0 related documents. 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)

(cherry picked from commit 4741c80c05)
 2022-11-21 12:06:31 +01:00
Dimitris Apostolou 0aaa71b90a Fix typos 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)

(cherry picked from commit e304aa87b3)
 2022-11-09 15:30:29 +01:00
Matt Caswell 36bbaa8b05 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2022-06-21 14:03:39 +01:00
slontis b40c753b6e Add documentation for key validation that indicates the difference between the 
EVP_PKEY_XXX_check() calls for the default and fips providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18235)

(cherry picked from commit 0b3d2594d0)
 2022-05-09 10:08:07 +10:00
Beat Bolli 2fc02378ff doc: use the documented =item markers 
The generated lists[1] look weird when using a dash as the list item
character. Perlpod documents[2] '*' for unordered lists and '1.' (note
the period) for ordered lists. Use these characters instead.

[1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms
[2] https://perldoc.perl.org/perlpod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
 2021-08-04 15:02:27 +10:00
Pauli 5540855bda doc: document that config_diagnostics is sensible but involves risk 
Also:

- add this option to the sample configurations in the documentation.
- note that it is a sensible choice when using FIPS via config

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16172)
 2021-07-30 15:41:06 +10:00
Dmitry Belyavskiy a73a5d0a14 Missing link to fips_config documentation 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15940)
 2021-06-29 21:05:40 +02:00
Tomas Mraz c4e9167437 Rename also the OSSL_PROVIDER_name() function 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
 2021-06-01 12:43:57 +02:00
Tomas Mraz ed576acdf5 Rename all getters to use get/get0 in name 
For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
 2021-06-01 12:40:00 +02:00
Richard Levitte 0491691342 DOCS: Fixups of the migration guide and the FIPS module manual 
The markup needed a few touch-ups

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15377)
 2021-05-21 15:01:47 +02:00
Shane Lontis b7140b0604 Add migration guide for 3.0 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)
 2021-05-20 08:44:08 +01:00