Libacvp v2.1.0
abkarcher
released this
05 Apr 18:37
·
23 commits
to libacvp_2_1_0-throttle
since this release
IMPORTANT: This release is required to test any modules affected by FIPS 186-5. This includes ECDSA,, RSA, EDDSA, Deterministic ECDSA, and more. Since no current versions of OpenSSL have been validated with FIPS 186-5, acvp_app support for 186-5 is not enabled by default.
- Support for RSA revision FIPS186-5
- Support for ECDSA revision FIPS186-5
- Support for Deterministic ECDSA
- Support for EDDSA
- Support for Revision 2.0 of RSA Signature primitive
- Support for revision SP800-56Br2 of RSA Decryption Primitive
- Added support for testing DRBG both with and without prediction resistance at the same time
- Added XOF output length to test case structure for SHAKE tests
- Improved readability of log output in several cases
- Library version information now accessible via public headers at compile time
- Previous revisions of aforementioned updates are still supported by the library if the correct registration flags are set (see app/app_main.c for examples)
- Improved registration and support for OpenSSL 3.0 and 3.1
- Various misc. improvements and fixes
- NOTES:
- Some API changes were required that are not backwards compatible with previous versions of the API. Please see the bottom of the migration guide for more information.
- OpenSSL 1.1.1 build support has been removed, as it is EoL and there are no official FIPS modules for it. If you need OpenSSL 1.1.1 support, it should be possible to use previous versions of the app with the minimal API changes described in the migration guide.
Thank you for your patience as we worked through the 186-5 changes and various other updates. If you experience any problems related to this update, please open an issue on GitHub.