Releases: cisco/libacvp
Libacvp v1.4.1
IMPORTANT: Algorithm revision updates by NIST will be in effect on Jan. 3, 2022.
These will REQUIRE libacvp 1.4.1 at a minimum for testing these algorithms:
- TLS 1.2 KDF (replacing kdf-components TLS)
- SHA3 (now revision 2.0)
- AES-XTS (now revision 2.0)
If you are testing any of these, please update to libacvp 1.4.1 by Jan. 3, 2022.
kdf-components TLS testing has been left in for now, but disabled by default.
More changes:
- App version command (--version, -v) now shows info about:
- Linked FOM version if not in runtime mode
- Linked SSL version
- Compiled-against SSL version
- Fixed crash related to help command
- Library will now save validation request URLs in testSession file where applicable
- Bugfixes for Windows build process
- Fix for building on arm64 Mac (Apple Silicon)
- Added various misc. unit tests
- Improvements to HKDF testing
- Improvements to TDES testing and registration
- Various misc. improvements and fixes
Libacvp v1.4.0
-Library support for TLS 1.3 KDF (RFC8446)
-New short command line options for acvp_app:
1.) -r may be used in place of --vector_req
2.) -p may be used in place of --vector_rsp
3.) -u may be used in place of --vector_upload
4.) -a may be used in place of --all_algs
5.) -s may be used in place of --save-to
-Several new configure options to assist with building libacvp for various platforms:
--enable-offline-ldl-check will try to detect static OpenSSL using libdl, for cases when
the static OpenSSL build was not built with the no-dso flag. We recommend using the no-dso
flag for these builds; some versions of SSL may require libdl either way.
--disable-lib-check will disable autoconf's ability to detect library presence before building.
This may help users on some platforms with building if detection is not working; however,
if there are issues with the library the error messages will be more cryptic.
--enable-wrapper-library will build acvp_app into a single API library, libacvp_app. This may
help run ACVP testing on infrequently used platforms or platforms that use more proprietary
developer tools (e.g. xcode). This single API takes in a vector request file and outputs a
vector response file. This is for developer testing use only.
More info about these can be found in the readme and in ./configure --help.
-Large updates to the documentation for libacvp:
-The included doc folder was outdated and has been removed. Instead, using "make doc" will
build the HTML documentation in the "doc" folder. The user must have doxygen installed
and in your PATH. You may also use doxygen to build manually.
-New formatting for the generated HTML documentation that should be easier to navigate
-Massive updates to documentation contents to remove typos/outdated content and add new content
-We will continue to add and expand upon the documentation over time
-Misc.:
-Lots of improvements to error messages
-Performance improvements for KAS-KDF algorithms (SP800-56C)
-More misc. fixes and improvements
Libacvp v1.3.2
This release contains a few misc. fixes and improvements including:
A small fix for looking up dependencies on the server
Unit tests for Safe Primes
Small adjustments for SSL/FOM version compatibility
Libacvp 1.4.0 is currently expected to be our next release with support for several new algorithms among other features.
Libacvp v1.3.1
Fixed an issue testing KAS-IFC introduced by a server update. (This was code-complete March 2 2021, but never tagged/released.)
Libacvp v1.3.0
-New APIs and app code for new algorithms:
-Support for safe primes testing
-Support for AES-CBC-CS1, AES-CBC-CS2, and AES-CBC-CS3, library only
-Support for RFC3686 conformance for AES-CTR, library and app (app if external IV gen is
registered)
-Many length parameters for AES and TDES can now be set as a domain
-KAS-FFC now supports MODP and FFDHE capability registration
-New API allows for ECDSA hash algs to be set for specific curves, instead of all curves
-New APIs for deleting resources or canceling test sessions:
acvp_mark_as_delete_only - provide the URL of the resource to delete
-use with --delete in acvp_app
acvp_cancel_test_session - provide test session file of session to cancel
-use with --cancel_session in acvp_app
-Fixed an issue where criterion test cases would generate undesired profiling data files and
cause strange error messages in Valgrind
-Miscellaneous improvements and fixes
Libacvp v1.2.0
Support for KAS-HKDF and KDF one step (SP800-56Cr1), KAS-ECC-SSC and KAS-FFC-SSC (SP800-56Ar3) kas-ifc (sp800-56Br2), and library support for KTS-IFC and PBKDF.
Ability to reupload vector sets when supported by server (using --vector_upload).
Misc. fixes and improvements.
Libacvp v1.1.1
-Fixed RSA registration via new revision
-Make dist now includes all test files needed
Libacvp v1.0.6
-Fixed RSA registration via new revisions
-Make dist now includes files needed for testing
Version 1.1.0
-New APIs for libacvp:
-acvp_get_expected_results - retrieves the expected vector answers for test sessions marked as
"sample"
-acvp_set_get_save_file - defines a file that the results of a GET command will be saved to
-New runtime options for acvp_app:
-Option --get_expected_results to get the expected results if session was
marked as sample
-option --save-to can be used with --get and --get_expected_results to save
output to a file
-New environment variables, ACV_SESSION_SAVE_PATH and ACV_SESSION_SAVE_PREFIX that can be used to
determine where session info files will be saved to and what they will be named
-New configure options for building the app and library separately, --disable-app and --disable-lib
-Revamped configure script to allow more options to work together properly
-Unit tests now behave properly with more build options
-Some logging improvements in --verbose
-Various improvements and bugfixes to validation metadata processing
-small additions to session save files
Version 1.0.5
Version 1.0.5 contains small improvements and bugfixes over 1.0.4, including new configure options for building app and lib separately. The vast majority of users should opt to update to 1.1.0 if possible.