git.ipfire.org Git - thirdparty/openssl.git/commit

author	slontis <shane.lontis@oracle.com>
	Fri, 15 Sep 2023 02:40:39 +0000 (12:40 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 14 Aug 2024 14:17:47 +0000 (16:17 +0200)
commit	5f04124aab4a477d4e58149d8f04871ff7e5ea4b
tree	01fb5f0421b741efa244e5a5cae3f8abaefad0dd	tree
parent	12ba471c29c3604d4440545efe2efe832992a8ff	commit \| diff

Add EDDSA FIPS self tests.

See FIPS 140-3 IG Section 10.3.A Part 11
Indicates ECDSA requires a sign and verify test.
Note 11 states that HashEdDSA is not required to be tested if PureEdDSA is tested.
Note 12 indicates that both ED25519 and X448 need to be tested.

Since ED uses the oneshot interface, additional API's needed to be exposed to the
FIPS provider using #ifdef FIPS_MODULE.

Changed ED25518 and ED448 to use fips=true in the FIPS provider.
Updated documentation for provider lists for EDDSA.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22112)

crypto/evp/digest.c		diff \| blob \| blame \| history
crypto/evp/m_sigver.c		diff \| blob \| blame \| history
doc/man7/OSSL_PROVIDER-FIPS.pod		diff \| blob \| blame \| history
include/openssl/self_test.h		diff \| blob \| blame \| history
providers/fips/fipsprov.c		diff \| blob \| blame \| history
providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history