[openssl/openssl] e30aad: rand: add set0 calls for the private and public DRBGs
Pauli
noreply at github.com
Tue Nov 1 21:42:55 UTC 2022
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: e30aad54159aeef15b6386d67d4724242d828d12
https://github.com/openssl/openssl/commit/e30aad54159aeef15b6386d67d4724242d828d12
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M crypto/evp/evp_rand.c
M crypto/rand/rand_lib.c
M doc/man3/EVP_RAND.pod
M doc/man3/RAND_get0_primary.pod
M include/openssl/evp.h
M include/openssl/rand.h
M util/libcrypto.num
Log Message:
-----------
rand: add set0 calls for the private and public DRBGs
The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked. This permits this.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: 3e218fd7bedaeafdb8ff25d8414aa7d70b09c124
https://github.com/openssl/openssl/commit/3e218fd7bedaeafdb8ff25d8414aa7d70b09c124
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/80-test_cms.t
Log Message:
-----------
Skip DES based tests in FIPS mode
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: 55d9f73a43dc5c8036d87b9042beb505af1f1ad6
https://github.com/openssl/openssl/commit/55d9f73a43dc5c8036d87b9042beb505af1f1ad6
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/30-test_evp.t
Log Message:
-----------
Move DES based test cases out of FIPS territory
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b
https://github.com/openssl/openssl/commit/bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/evp_libctx_test.c
Log Message:
-----------
Remove conditional FIPS dependence for 3DES
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: f66c14a0cc151e1fee78088cdeee1b320f160f7c
https://github.com/openssl/openssl/commit/f66c14a0cc151e1fee78088cdeee1b320f160f7c
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/03-test_fipsinstall.t
Log Message:
-----------
Update fipsinstall tests
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf
https://github.com/openssl/openssl/commit/dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M providers/fips/fipsprov.c
Log Message:
-----------
Remove DES cipher from the FIPS provider
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: df8f8432eb10b2ed56e48b692f930991f9624453
https://github.com/openssl/openssl/commit/df8f8432eb10b2ed56e48b692f930991f9624453
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M crypto/dsa/dsa_key.c
M crypto/ec/ec_key.c
Log Message:
-----------
dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1
This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: 18477977496bbb183e0ccb71b71b1a8a87321729
https://github.com/openssl/openssl/commit/18477977496bbb183e0ccb71b71b1a8a87321729
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M include/openssl/self_test.h
M providers/fips/self_test.c
M providers/fips/self_test_data.inc
M providers/fips/self_test_kats.c
Log Message:
-----------
Update FIPS KATs for 140-3
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863
https://github.com/openssl/openssl/commit/dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M apps/fipsinstall.c
M doc/man1/openssl-fipsinstall.pod.in
M test/recipes/03-test_fipsinstall.t
Log Message:
-----------
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Commit: 7f6bf5cdac7db6e3c0bb03acfaa8ddbeb9b97518
https://github.com/openssl/openssl/commit/7f6bf5cdac7db6e3c0bb03acfaa8ddbeb9b97518
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M providers/fips/self_test.c
Log Message:
-----------
fips: verify that the RNG was restored after the self tests
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Compare: https://github.com/openssl/openssl/compare/5e244a93778a...7f6bf5cdac7d
More information about the openssl-commits
mailing list