Releases: cisco/libacvp
Libacvp v2.1.1
Libacvp v2.1.0
IMPORTANT: This release is required to test any modules affected by FIPS 186-5. This includes ECDSA,, RSA, EDDSA, Deterministic ECDSA, and more. Since no current versions of OpenSSL have been validated with FIPS 186-5, acvp_app support for 186-5 is not enabled by default.
- Support for RSA revision FIPS186-5
- Support for ECDSA revision FIPS186-5
- Support for Deterministic ECDSA
- Support for EDDSA
- Support for Revision 2.0 of RSA Signature primitive
- Support for revision SP800-56Br2 of RSA Decryption Primitive
- Added support for testing DRBG both with and without prediction resistance at the same time
- Added XOF output length to test case structure for SHAKE tests
- Improved readability of log output in several cases
- Library version information now accessible via public headers at compile time
- Previous revisions of aforementioned updates are still supported by the library if the correct registration flags are set (see app/app_main.c for examples)
- Improved registration and support for OpenSSL 3.0 and 3.1
- Various misc. improvements and fixes
- NOTES:
- Some API changes were required that are not backwards compatible with previous versions of the API. Please see the bottom of the migration guide for more information.
- OpenSSL 1.1.1 build support has been removed, as it is EoL and there are no official FIPS modules for it. If you need OpenSSL 1.1.1 support, it should be possible to use previous versions of the app with the minimal API changes described in the migration guide.
Thank you for your patience as we worked through the 186-5 changes and various other updates. If you experience any problems related to this update, please open an issue on GitHub.
Libacvp v2.0.1
Resolved an issue with RSA Signature Primitive testing 1.0 due to changes on the NIST server
Libacvp v2.0.0
- Libacvp 2.0.0 adds support for new crypto modules and algorithms while removing support for older
versions:- OpenSSL 3.0 is now supported (All-new application code)
- OpenSSL 1.0.2/FOM is no longer supported
- Various API and test case structure changes are included that are NOT backwards compatible and
will require alterations for test harnesses for other crypto modules (not included with libacvp)- For more details, look at the migration guide (Questions on the issues board are always welcomed)
- Many of these changes (with one or two exceptions) will require very little work to accommodate
- Library support for new algorithms:
- KMAC
- KDA Twostep
- KDF ANS X9.42
- LMS (Leighton-Micali signatures)
- Various new features for existing algorithms:
- ECDSA component testing
- CRT key support for RSA/IFC
- SP800-108 KDF KMAC mode (not tested by default yet)
- Large data testing (multiple GiB) support for SHA (disabled by default)
- KAS2 support for KAS-IFC
- Better application control over logging
- Cleaner log output by default
- New APIs and application arguments for:
- Getting library-generated algorithm registration JSON
- Getting the number of vector sets a given registration would generate
- Many internal improvements, fixes, cleanups
- This list is not exhaustive
- Review the README for more details about various changes to building, running, etc.
- Undiscovered issues are always possible with new major releases; please open an issue if you run into any. Thanks!
Libacvp v1.5.4
- Added option to disable ssp at configure time (--disable-ssp, disables fstack-protector cflag)
- Not recommended unless absolutely required
- Removed obsolete python scripts for metadata handling and unit tests
- Improved handling and log messaging of combining sample session flag with manual registration
- Misc. improvements and fixes
Be on the lookout for libacvp v2.0.0 in the coming days!
Libacvp v1.5.3
-Fixed KDA revision SP800-56Cr2 in accordance with changes to the NIST demo server
-NOTE: This does not affect any clients tested by default in acvp_app
-This update is not required to continue testing with current versions of acvp_app
-This DOES affect openSSL 3.X testing (unreleased in TBD branch) and fixes have been applied there too
Libacvp v1.5.2
Fixes an issue with KDA testing (salt len check).
Note this fix has been in the libacvp_1_5_0-throttle branch since August; just failed to push a release tag.
Libacvp v1.5.0
IMPORTANT: This will be the final minor release to support OpenSSL 1.0.2 and its FOM. Support is
guaranteed until the end of July 2022. We hope for initial 3.0.X support to be included in the next minor release.
Support has been added for revision 2 of SP800-56C (KDA HKDF and onestep). Revision 1 is still
tested by default, although this can be changed in app_main.c.
Support for no hashing has been added to SP800-56A/B algorithms (KAS-ECC, KAS-FFC, KAS-IFC).
The default hashing behavior has not been changed.
Various misc. updates and improvements to the library.
Libacvp v1.4.3
This release renames KAS-KDF to KDA in line with changes made to the NIST ACV server and spec.
It also removes support for KD135_tls testing that NIST had initially intended to be removed on Jan. 3 in favor of TLS 1.2 KDF testing. If you have an absolute requirement to continue testing with the old TLS cipher, please open an issue.
Libacvp v1.4.1
IMPORTANT: Algorithm revision updates by NIST will be in effect on Jan. 3, 2022.
These will REQUIRE libacvp 1.4.1 at a minimum for testing these algorithms:
- TLS 1.2 KDF (replacing kdf-components TLS)
- SHA3 (now revision 2.0)
- AES-XTS (now revision 2.0)
If you are testing any of these, please update to libacvp 1.4.1 by Jan. 3, 2022.
kdf-components TLS testing has been left in for now, but disabled by default.
More changes:
- App version command (--version, -v) now shows info about:
- Linked FOM version if not in runtime mode
- Linked SSL version
- Compiled-against SSL version
- Fixed crash related to help command
- Library will now save validation request URLs in testSession file where applicable
- Bugfixes for Windows build process
- Fix for building on arm64 Mac (Apple Silicon)
- Added various misc. unit tests
- Improvements to HKDF testing
- Improvements to TDES testing and registration
- Various misc. improvements and fixes