git.openssl.org Git - openssl.git/commit

author	pohsingwu <pohsingwu@synology.com>
	Sun, 28 Jan 2024 10:18:02 +0000 (18:18 +0800)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 1 Mar 2024 10:06:03 +0000 (11:06 +0100)
commit	fbce6ebf706cdd273f2569edfea7ade106426e0b
tree	2d598acb71f57e2fe8af34857e00126020e8cbb6	tree \| snapshot
parent	c18c301deb44deb27f35c199e8bf44ca8b80e579	commit \| diff

Implement PCT for EDDSA

According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be
performed consistent with the intended use of the keys.

This commit implements PCT for EDDSA via performing sign and verify
operations after key generated.

Also use the same pairwise test logic in EVP_PKEY_keygen and
EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE.

Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23408)

doc/man7/OSSL_PROVIDER-FIPS.pod		diff \| blob \| history
include/openssl/self_test.h		diff \| blob \| history
providers/implementations/keymgmt/ecx_kmgmt.c		diff \| blob \| history
test/pairwise_fail_test.c		diff \| blob \| history
test/recipes/30-test_pairwise_fail.t		diff \| blob \| history