#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
32b43b91 |
| 22-Aug-2024 |
slontis |
Update new FIPS indicator evp_tests to use FIPSversion + Availablein options. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: To
Update new FIPS indicator evp_tests to use FIPSversion + Availablein options. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25267)
show more ...
|
#
ea396c70 |
| 05-Aug-2024 |
slontis |
Add FIPS KMAC key check This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits
Add FIPS KMAC key check This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits for KMAC256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)
show more ...
|
#
390f00a1 |
| 31-Jul-2024 |
slontis |
Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mec
Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)
show more ...
|
#
77915ae8 |
| 08-Aug-2024 |
Pauli |
test: add error reasons to KMAC tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add error reasons to KMAC tests Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25135)
show more ...
|
#
3762a56b |
| 17-Jul-2024 |
Pauli |
test: add unit tests for no-short-mac Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/ope
test: add unit tests for no-short-mac Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24917)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
81bafac5 |
| 12-Jun-2023 |
Fergus Dall |
Add support for SHA256/192 This is defined in NIST SP 800-208 as the truncation to 192 bits of SHA256. Unlike other truncated hashes in the SHA2 suite, this variant doesn't have a di
Add support for SHA256/192 This is defined in NIST SP 800-208 as the truncation to 192 bits of SHA256. Unlike other truncated hashes in the SHA2 suite, this variant doesn't have a different initial state, it is just a pure truncation of the output. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21180)
show more ...
|
#
211c47ca |
| 15-Dec-2022 |
slontis |
Add KMAC support to KBKDF. Now that ACVP test vectors exist, support has been added for this mode. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Add KMAC support to KBKDF. Now that ACVP test vectors exist, support has been added for this mode. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf Note that the test vectors used fairly large values for the input key and the context, so the contraints for these has been increased from 256 to 512 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19916)
show more ...
|
#
abff8bd8 |
| 28-Nov-2022 |
Pauli |
Update fips version check to be more robust Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl
Update fips version check to be more robust Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19777)
show more ...
|
#
94976a1e |
| 12-Oct-2022 |
Tomas Mraz |
cmac_set_ctx_params(): Fail if cipher mode is not CBC Also add negative test cases for CMAC and GMAC using a cipher with wrong mode. Reviewed-by: Dmitry Belyavskiy <beldmit@gmai
cmac_set_ctx_params(): Fail if cipher mode is not CBC Also add negative test cases for CMAC and GMAC using a cipher with wrong mode. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19401)
show more ...
|
#
0648ec1c |
| 04-Jul-2022 |
Mingjun.Yang |
feat: add hmac-sm3 test cases from GM/T 0042-2015 Appendix D.3 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.c
feat: add hmac-sm3 test cases from GM/T 0042-2015 Appendix D.3 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18714)
show more ...
|
#
36b6db08 |
| 24-May-2021 |
Pauli |
test: add evp_tests for the MAC size and block size Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
test: add evp_tests for the MAC size and block size Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15427)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
6a38b09a |
| 28-Apr-2021 |
Pauli |
mac: allow XOF MACs to be specified either via control or via the dedicated function Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/150
mac: allow XOF MACs to be specified either via control or via the dedicated function Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
show more ...
|
#
2b05439f |
| 01-May-2021 |
Shane Lontis |
Fix KMAC bounds checks. Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M
Fix KMAC bounds checks. Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
45e72d1f |
| 22-Apr-2021 |
Pauli |
test: separate some DES based tests out to permit a no-des build to work One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into th
test: separate some DES based tests out to permit a no-des build to work One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into their own files which are conditionally excluded. Fixes #14958 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
show more ...
|
#
810a169e |
| 09-Apr-2021 |
Pauli |
kmac: add long customisation string example Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14810)
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
41df96ef |
| 25-Feb-2021 |
Pauli |
evp_test: updates for the new additional MAC_init arguments Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
5ccada09 |
| 07-Aug-2020 |
Shane Lontis |
Add evp_test fixes. Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable g
Add evp_test fixes. Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable groups. Changed the availablein option so it must be first - this then skips the entire test before any fetching happens. Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg), before the fetch happens. Added missing libctx's found by adding a libctx to test_evp. Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default' Added missing algorithm aliases for cipher/digests to the providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12236)
show more ...
|