[openssl/openssl] e30aad: rand: add set0 calls for the private and public DRBGs

Pauli noreply at github.com
Tue Nov 1 21:42:55 UTC 2022


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: e30aad54159aeef15b6386d67d4724242d828d12
      https://github.com/openssl/openssl/commit/e30aad54159aeef15b6386d67d4724242d828d12
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M crypto/evp/evp_rand.c
    M crypto/rand/rand_lib.c
    M doc/man3/EVP_RAND.pod
    M doc/man3/RAND_get0_primary.pod
    M include/openssl/evp.h
    M include/openssl/rand.h
    M util/libcrypto.num

  Log Message:
  -----------
  rand: add set0 calls for the private and public DRBGs

The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked.  This permits this.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: 3e218fd7bedaeafdb8ff25d8414aa7d70b09c124
      https://github.com/openssl/openssl/commit/3e218fd7bedaeafdb8ff25d8414aa7d70b09c124
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M test/recipes/80-test_cms.t

  Log Message:
  -----------
  Skip DES based tests in FIPS mode

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: 55d9f73a43dc5c8036d87b9042beb505af1f1ad6
      https://github.com/openssl/openssl/commit/55d9f73a43dc5c8036d87b9042beb505af1f1ad6
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M test/recipes/30-test_evp.t

  Log Message:
  -----------
  Move DES based test cases out of FIPS territory

Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b
      https://github.com/openssl/openssl/commit/bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M test/evp_libctx_test.c

  Log Message:
  -----------
  Remove conditional FIPS dependence for 3DES

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: f66c14a0cc151e1fee78088cdeee1b320f160f7c
      https://github.com/openssl/openssl/commit/f66c14a0cc151e1fee78088cdeee1b320f160f7c
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M test/recipes/03-test_fipsinstall.t

  Log Message:
  -----------
  Update fipsinstall tests

Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf
      https://github.com/openssl/openssl/commit/dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M providers/fips/fipsprov.c

  Log Message:
  -----------
  Remove DES cipher from the FIPS provider

Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: df8f8432eb10b2ed56e48b692f930991f9624453
      https://github.com/openssl/openssl/commit/df8f8432eb10b2ed56e48b692f930991f9624453
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M crypto/dsa/dsa_key.c
    M crypto/ec/ec_key.c

  Log Message:
  -----------
  dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1

This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.

Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: 18477977496bbb183e0ccb71b71b1a8a87321729
      https://github.com/openssl/openssl/commit/18477977496bbb183e0ccb71b71b1a8a87321729
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M include/openssl/self_test.h
    M providers/fips/self_test.c
    M providers/fips/self_test_data.inc
    M providers/fips/self_test_kats.c

  Log Message:
  -----------
  Update FIPS KATs for 140-3

Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863
      https://github.com/openssl/openssl/commit/dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M apps/fipsinstall.c
    M doc/man1/openssl-fipsinstall.pod.in
    M test/recipes/03-test_fipsinstall.t

  Log Message:
  -----------
  fipsinstall: add -self_test_oninstall option.

This option runs the self tests at installation time.  It fails for the 3.1
module.

Also changed the default behaviour to that set by the -self_test_onload
option.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


  Commit: 7f6bf5cdac7db6e3c0bb03acfaa8ddbeb9b97518
      https://github.com/openssl/openssl/commit/7f6bf5cdac7db6e3c0bb03acfaa8ddbeb9b97518
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-02 (Wed, 02 Nov 2022)

  Changed paths:
    M providers/fips/self_test.c

  Log Message:
  -----------
  fips: verify that the RNG was restored after the self tests

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)


Compare: https://github.com/openssl/openssl/compare/5e244a93778a...7f6bf5cdac7d


More information about the openssl-commits mailing list