openssl

Author SHA1 Message Date

Author	SHA1	Message	Date
Richard Levitte	b646179229	Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit `0ce7d1f355`) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)	2024-04-09 13:43:26 +02:00
pohsingwu	fbce6ebf70	Implement PCT for EDDSA According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be performed consistent with the intended use of the keys. This commit implements PCT for EDDSA via performing sign and verify operations after key generated. Also use the same pairwise test logic in EVP_PKEY_keygen and EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE. Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23408)	2024-03-01 11:06:03 +01:00
slontis	dcd20cc139	Add tests for FIPS keygen self test failures. During key generation RSA, EC and DSA have extra tests that run in FIPS mode All 3 algorithms have a pairwise test, EC & DSA also run a KAT test. This test uses the self test callback to force an error during each of the extra pairwise and KAT tests. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20183)	2023-02-08 17:00:55 +01:00

Richard Levitte

b646179229

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

2024-04-09 13:43:26 +02:00

pohsingwu

fbce6ebf70

Implement PCT for EDDSA

According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be
performed consistent with the intended use of the keys.

This commit implements PCT for EDDSA via performing sign and verify
operations after key generated.

Also use the same pairwise test logic in EVP_PKEY_keygen and
EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE.

Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23408)

2024-03-01 11:06:03 +01:00

slontis

dcd20cc139

Add tests for FIPS keygen self test failures.

During key generation RSA, EC and DSA have extra tests that run in FIPS mode
All 3 algorithms have a pairwise test, EC & DSA also run a KAT test.

This test uses the self test callback to force an error
during each of the extra pairwise and KAT tests.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20183)

2023-02-08 17:00:55 +01:00

3 Commits