Skip to content

Releases: cisco/libacvp

Libacvp v2.1.2

15 Oct 13:53
1244099
Compare
Choose a tag to compare
  • Removed support for ECDSA signature verification component testing
  • Resolved memory issue with generating TOTP for some platforms (Application only)
  • Resolved API issue that would cause unintended registrations for DRBG (Library only)
  • Misc. updates and improvements

Libacvp v2.1.1

23 Jul 14:54
ce3c46f
Compare
Choose a tag to compare
  • Adds option to specify max hash LDT size in GiB, --set_max_hash_size
  • Several misc. fixes and improvements

Libacvp v2.1.0

05 Apr 18:37
0b699e6
Compare
Choose a tag to compare

IMPORTANT: This release is required to test any modules affected by FIPS 186-5. This includes ECDSA,, RSA, EDDSA, Deterministic ECDSA, and more. Since no current versions of OpenSSL have been validated with FIPS 186-5, acvp_app support for 186-5 is not enabled by default.

  • Support for RSA revision FIPS186-5
  • Support for ECDSA revision FIPS186-5
  • Support for Deterministic ECDSA
  • Support for EDDSA
  • Support for Revision 2.0 of RSA Signature primitive
  • Support for revision SP800-56Br2 of RSA Decryption Primitive
  • Added support for testing DRBG both with and without prediction resistance at the same time
  • Added XOF output length to test case structure for SHAKE tests
  • Improved readability of log output in several cases
  • Library version information now accessible via public headers at compile time
  • Previous revisions of aforementioned updates are still supported by the library if the correct registration flags are set (see app/app_main.c for examples)
  • Improved registration and support for OpenSSL 3.0 and 3.1
  • Various misc. improvements and fixes
  • NOTES:
    • Some API changes were required that are not backwards compatible with previous versions of the API. Please see the bottom of the migration guide for more information.
    • OpenSSL 1.1.1 build support has been removed, as it is EoL and there are no official FIPS modules for it. If you need OpenSSL 1.1.1 support, it should be possible to use previous versions of the app with the minimal API changes described in the migration guide.

Thank you for your patience as we worked through the 186-5 changes and various other updates. If you experience any problems related to this update, please open an issue on GitHub.

Libacvp v2.0.1

10 Oct 14:03
cd50a02
Compare
Choose a tag to compare

Resolved an issue with RSA Signature Primitive testing 1.0 due to changes on the NIST server

Libacvp v2.0.0

03 Jul 14:22
4939773
Compare
Choose a tag to compare
  • Libacvp 2.0.0 adds support for new crypto modules and algorithms while removing support for older
    versions:
    • OpenSSL 3.0 is now supported (All-new application code)
    • OpenSSL 1.0.2/FOM is no longer supported
  • Various API and test case structure changes are included that are NOT backwards compatible and
    will require alterations for test harnesses for other crypto modules (not included with libacvp)
    • For more details, look at the migration guide (Questions on the issues board are always welcomed)
    • Many of these changes (with one or two exceptions) will require very little work to accommodate
  • Library support for new algorithms:
    • KMAC
    • KDA Twostep
    • KDF ANS X9.42
    • LMS (Leighton-Micali signatures)
  • Various new features for existing algorithms:
    • ECDSA component testing
    • CRT key support for RSA/IFC
    • SP800-108 KDF KMAC mode (not tested by default yet)
    • Large data testing (multiple GiB) support for SHA (disabled by default)
    • KAS2 support for KAS-IFC
  • Better application control over logging
  • Cleaner log output by default
  • New APIs and application arguments for:
    • Getting library-generated algorithm registration JSON
    • Getting the number of vector sets a given registration would generate
  • Many internal improvements, fixes, cleanups
  • This list is not exhaustive
  • Review the README for more details about various changes to building, running, etc.
  • Undiscovered issues are always possible with new major releases; please open an issue if you run into any. Thanks!

Libacvp v1.5.4

28 Jun 17:06
ae3bbb8
Compare
Choose a tag to compare
  • Added option to disable ssp at configure time (--disable-ssp, disables fstack-protector cflag)
    • Not recommended unless absolutely required
  • Removed obsolete python scripts for metadata handling and unit tests
  • Improved handling and log messaging of combining sample session flag with manual registration
  • Misc. improvements and fixes

Be on the lookout for libacvp v2.0.0 in the coming days!

Libacvp v1.5.3

14 Dec 17:00
db43350
Compare
Choose a tag to compare

-Fixed KDA revision SP800-56Cr2 in accordance with changes to the NIST demo server
-NOTE: This does not affect any clients tested by default in acvp_app
-This update is not required to continue testing with current versions of acvp_app
-This DOES affect openSSL 3.X testing (unreleased in TBD branch) and fixes have been applied there too

Libacvp v1.5.2

19 Oct 20:19
e40e654
Compare
Choose a tag to compare

Fixes an issue with KDA testing (salt len check).
Note this fix has been in the libacvp_1_5_0-throttle branch since August; just failed to push a release tag.

Libacvp v1.5.0

10 Jun 12:23
32215c6
Compare
Choose a tag to compare

IMPORTANT: This will be the final minor release to support OpenSSL 1.0.2 and its FOM. Support is
guaranteed until the end of July 2022. We hope for initial 3.0.X support to be included in the next minor release.

Support has been added for revision 2 of SP800-56C (KDA HKDF and onestep). Revision 1 is still
tested by default, although this can be changed in app_main.c.

Support for no hashing has been added to SP800-56A/B algorithms (KAS-ECC, KAS-FFC, KAS-IFC).
The default hashing behavior has not been changed.

Various misc. updates and improvements to the library.

Libacvp v1.4.3

27 Jan 16:21
78c124f
Compare
Choose a tag to compare

This release renames KAS-KDF to KDA in line with changes made to the NIST ACV server and spec.

It also removes support for KD135_tls testing that NIST had initially intended to be removed on Jan. 3 in favor of TLS 1.2 KDF testing. If you have an absolute requirement to continue testing with the old TLS cipher, please open an issue.