evpmac_cmac_des.txt - OpenGrok history log for /openssl/test/recipes/30-test_evp_data/evpmac_cmac

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments
# 7ed6de99	05-Sep-2024	Tomas Mraz	Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
# 32b43b91	22-Aug-2024	slontis	Update new FIPS indicator evp_tests to use FIPSversion + Availablein options. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: To Update new FIPS indicator evp_tests to use FIPSversion + Availablein options. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25267) show more ...
# 4f5febe2	29-Jul-2024	slontis	Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compat Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022) show more ...
# bc431587	22-Jul-2024	slontis	Add FIPS indicator support for Triple-DES encryption. This leaves 3DES with the FIPS query "FIPS=yes", which allows Triple-DES to be used for Decryption by default. Disallow CMA Add FIPS indicator support for Triple-DES encryption. This leaves 3DES with the FIPS query "FIPS=yes", which allows Triple-DES to be used for Decryption by default. Disallow CMAC using Triple-DES in FIPS. This does not use a FIPS indicator. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24960) show more ...
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15
# 45e72d1f	22-Apr-2021	Pauli	test: separate some DES based tests out to permit a no-des build to work One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into th test: separate some DES based tests out to permit a no-des build to work One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into their own files which are conditionally excluded. Fixes #14958 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975) show more ...