[openssl/openssl] 7c8187: rand: add set0 calls for the private and public DRBGs
Pauli
noreply at github.com
Tue Nov 1 21:44:57 UTC 2022
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 7c8187d43d043c6a66559ed341ff1e01b8711093
https://github.com/openssl/openssl/commit/7c8187d43d043c6a66559ed341ff1e01b8711093
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M crypto/evp/evp_rand.c
M crypto/rand/rand_lib.c
M doc/man3/EVP_RAND.pod
M doc/man3/RAND_get0_primary.pod
M include/openssl/evp.h
M include/openssl/rand.h
M util/libcrypto.num
Log Message:
-----------
rand: add set0 calls for the private and public DRBGs
The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked. This permits this.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 5db2b4a292b4576185287a9e01e4ba4098b4aa66
https://github.com/openssl/openssl/commit/5db2b4a292b4576185287a9e01e4ba4098b4aa66
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/80-test_cms.t
Log Message:
-----------
Skip DES based tests in FIPS mode
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: c511953a0828e126b80a9ea8cee12d001d685ba8
https://github.com/openssl/openssl/commit/c511953a0828e126b80a9ea8cee12d001d685ba8
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/30-test_evp.t
Log Message:
-----------
Move DES based test cases out of FIPS territory
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 464c1011b02936850fc779739013dba52650840a
https://github.com/openssl/openssl/commit/464c1011b02936850fc779739013dba52650840a
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/evp_libctx_test.c
Log Message:
-----------
Remove conditional FIPS dependence for 3DES
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 6e38ac39bbf2bc899485c5f710a2ced6238b1ea1
https://github.com/openssl/openssl/commit/6e38ac39bbf2bc899485c5f710a2ced6238b1ea1
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M test/recipes/03-test_fipsinstall.t
Log Message:
-----------
Update fipsinstall tests
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: fc0bb3411bd0c6ca264f610303933d0bf4f4682c
https://github.com/openssl/openssl/commit/fc0bb3411bd0c6ca264f610303933d0bf4f4682c
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M providers/fips/fipsprov.c
Log Message:
-----------
Remove DES cipher from the FIPS provider
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 5b234be4c44f5b178bc69da3d610ae1b70441873
https://github.com/openssl/openssl/commit/5b234be4c44f5b178bc69da3d610ae1b70441873
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M crypto/dsa/dsa_key.c
M crypto/ec/ec_key.c
Log Message:
-----------
dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1
This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: a11064c83b58f9e1b3741704a11cfec2d91aac0e
https://github.com/openssl/openssl/commit/a11064c83b58f9e1b3741704a11cfec2d91aac0e
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M include/openssl/self_test.h
M providers/fips/self_test.c
M providers/fips/self_test_data.inc
M providers/fips/self_test_kats.c
Log Message:
-----------
Update FIPS KATs for 140-3
Co-authored-by: Randall Steck <rsteck at thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark at keypair.us>
Co-authored-by: Steve Weymann <steve at keypair.us>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 7057dddbcb5e053470121adeff0b6595fa6da0d8
https://github.com/openssl/openssl/commit/7057dddbcb5e053470121adeff0b6595fa6da0d8
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M apps/fipsinstall.c
M doc/man1/openssl-fipsinstall.pod.in
M test/recipes/03-test_fipsinstall.t
Log Message:
-----------
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Commit: 33290c534750f031cbf384f0ad8c05555a16f726
https://github.com/openssl/openssl/commit/33290c534750f031cbf384f0ad8c05555a16f726
Author: Pauli <pauli at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M providers/fips/self_test.c
Log Message:
-----------
fips: verify that the RNG was restored after the self tests
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Compare: https://github.com/openssl/openssl/compare/950968982a0c...33290c534750
More information about the openssl-commits
mailing list