#
8a1f6546 |
| 25-Apr-2024 |
Tomas Mraz |
Adjust FIPS EC/DSA self test data for different nonce generation Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.
Adjust FIPS EC/DSA self test data for different nonce generation Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24265)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
23fd48da |
| 13-Mar-2024 |
pohsingwu |
Use RFC 5869 test case for HKDF self-test According to NIST SP 800-131Ar2 section 8, the length of the key-derivation key shall be at least 112 bits. Reviewed-by: Tom Cosgrove <
Use RFC 5869 test case for HKDF self-test According to NIST SP 800-131Ar2 section 8, the length of the key-derivation key shall be at least 112 bits. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23833)
show more ...
|
#
3cb07553 |
| 05-Mar-2024 |
Joachim Vandersmissen |
Implement KAT for KBKDF with KMAC128 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23745)
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
451cb23c |
| 03-Mar-2023 |
Clemens Lang |
fips: Use salt >= 16 bytes in PBKDF2 selftest NIST SP 800-132 [1] section 5.1 says "[t]he length of the randomly-generated portion of the salt shall be at least 128 bits", which impl
fips: Use salt >= 16 bytes in PBKDF2 selftest NIST SP 800-132 [1] section 5.1 says "[t]he length of the randomly-generated portion of the salt shall be at least 128 bits", which implies that the salt for PBKDF2 must be at least 16 bytes long (see also Appendix A.2.1). The FIPS 140-3 IG [2] section 10.3.A requires that "the lengths and the properties of the Password and Salt parameters, as well as the desired length of the Master Key used in a CAST shall be among those supported by the module in the approved mode." As a consequence, the salt length in the self test must be at least 16 bytes long for FIPS 140-3 compliance. Switch the self test to use the only test vector from RFC 6070 that uses salt that is long enough to fulfil this requirement. Since RFC 6070 does not provide expected results for PBKDF2 with HMAC-SHA256, use the output from [3], which was generated with python cryptography, which was tested against the RFC 6070 vectors with HMAC-SHA1. [1]: https://doi.org/10.6028/NIST.SP.800-132 [2]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf [3]: https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20429)
show more ...
|
#
a11064c8 |
| 26-Oct-2022 |
Pauli |
Update FIPS KATs for 140-3 Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us>
Update FIPS KATs for 140-3 Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
show more ...
|
#
c7424fe6 |
| 26-Oct-2022 |
slontis |
Use RSA CRT parameters in FIPS self tests. Fixes #19488 Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests. The invalid names cause CRT parameters to be silently
Use RSA CRT parameters in FIPS self tests. Fixes #19488 Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests. The invalid names cause CRT parameters to be silently ignored. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19501)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
9c5d1451 |
| 12-Jan-2022 |
Pauli |
Avoid using a macro expansion in a macro when statically initialising Circumvents a problem with ancient PA-RISC compilers on HP/UX. Fixes #17477 Reviewed-by: Tomas Mraz <t
Avoid using a macro expansion in a macro when statically initialising Circumvents a problem with ancient PA-RISC compilers on HP/UX. Fixes #17477 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17478)
show more ...
|
#
bf7c9011 |
| 03-Aug-2021 |
Pauli |
fips: add power up test for TLS 1.3 KDF The power up known answer test for the TLS 1.3 KDF does just the first step to derive the "client_early_traffic_secret" using the two modes of the
fips: add power up test for TLS 1.3 KDF The power up known answer test for the TLS 1.3 KDF does just the first step to derive the "client_early_traffic_secret" using the two modes of the KDF. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
show more ...
|
#
3b1978e4 |
| 21-Jun-2021 |
Shane Lontis |
Change self test for AES_CGM to perform both an encrypt and decrypt. This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and decrypt. (This makes
Change self test for AES_CGM to perform both an encrypt and decrypt. This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and decrypt. (This makes no logical sense since this is not an inverse cipher). I have left the AES_ECB decrypt test in (although it may not be needed) since it is actually testing the inverse cipher case. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15844)
show more ...
|
#
d84c368b |
| 17-Jun-2021 |
Shane Lontis |
Add self test for ECDSA using curve with a binary field Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl
Add self test for ECDSA using curve with a binary field Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15794)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
3fed2718 |
| 12-Apr-2021 |
Shane Lontis |
Add FIPS Self test for AES_ECB decrypt Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt
Add FIPS Self test for AES_ECB decrypt Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse function during decryption mode). Added a mode to the cipher test so that the AES_GCM only does an encrypt and AES_ECB only does a decrypt. TDES still does both. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14825)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
a8eb71ad |
| 01-Feb-2021 |
Richard Levitte |
Allow the sshkdf type to be passed as a single character This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1. This also slightly modifies the way diverse paramete
Allow the sshkdf type to be passed as a single character This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1. This also slightly modifies the way diverse parameters in are specified in providers/fips/self_test_data.inc for better consistency. Fixes #14027 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14035)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
270a5ce1 |
| 14-Dec-2020 |
Juergen Christ |
Fix parameter types in sshkdf Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string parameters. This caused endianness problems on big-endian machines. As a res
Fix parameter types in sshkdf Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string parameters. This caused endianness problems on big-endian machines. As a result, it is not possible to pass FIPS tests since the parameter was stored with an integer value but read via a cast to char pointer. While this works on little endian machines, big endian s390 read the most significant bits instead of the least significant (as done by, e.g., x86). Change the parameter to char array and fix the usages. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/13781)
show more ...
|
#
3a1ee3c1 |
| 17-Dec-2020 |
Richard Levitte |
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedor
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
acd3e548 |
| 23-Nov-2020 |
Shane Lontis |
Add fips self tests for all included kdf Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13480)
|
#
cbb85bda |
| 27-Nov-2020 |
Matt Caswell |
Fix builds that specify both no-dh and no-ec Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has
Fix builds that specify both no-dh and no-ec Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has a key exchange algorithm and TLS-GROUP that we don't know about. Fixes #13536 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13549)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
4343a418 |
| 16-Sep-2020 |
Shane Lontis |
Add self tests for rsa encryption SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption using the RSA primitive (i.e. no padding). This is
Add self tests for rsa encryption SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9 A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt() are now in the fips module. Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops(). Added corruption test Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12835)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
6154f9a7 |
| 20-May-2020 |
Pauli |
fips rand: DRBG KAT self test updates to provider model. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
|
#
11a1b341 |
| 19-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms other than EC. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
a6ed19dc |
| 27-Apr-2020 |
Shourya Shukla |
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend th
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend the occurences. Fixes #11649 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11663)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
ec4d1b8f |
| 03-Apr-2020 |
Shane Lontis |
Add data driven SELF TEST code for signatures and key agreement Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11036)
|