[openssl/openssl] 495f5f: Add Configurable "lms" option
0 views
Skip to first unread message
Shane
Jul 10, 2025, 5:09:36 AM7/10/25
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 495f5fa0ba67c03659dd5288f3f7aa6913771426
https://github.com/openssl/openssl/commit/495f5fa0ba67c03659dd5288f3f7aa6913771426
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M Configure
M INSTALL.md
Log Message:
-----------
Add Configurable "lms" option
This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 2a6a2adc8d9ec7476613f035f91877e5a65ab6f5
https://github.com/openssl/openssl/commit/2a6a2adc8d9ec7476613f035f91877e5a65ab6f5
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/build.info
A crypto/lms/build.info
A crypto/lms/lm_ots_params.c
A crypto/lms/lms_key.c
A crypto/lms/lms_params.c
A crypto/lms/lms_pubkey_decode.c
M doc/build.info
A doc/man7/EVP_PKEY-LMS.pod
A include/crypto/lms.h
A include/crypto/lms_util.h
M include/crypto/types.h
M providers/defltprov.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/include/prov/names.h
M providers/implementations/keymgmt/build.info
A providers/implementations/keymgmt/lms_kmgmt.c
M test/build.info
A test/lms.inc
A test/lms_common.inc
A test/lms_test.c
A test/recipes/30-test_lms.t
Log Message:
-----------
Add base code to load a LMS public key.
This loads a XDR encoded LMS public key.
It adds a simple LMS keymanager to import this key.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: c64558ede85ed296753b42f74478b99bd89e7c34
https://github.com/openssl/openssl/commit/c64558ede85ed296753b42f74478b99bd89e7c34
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lms_pubkey_decode.c
M doc/man7/EVP_PKEY-LMS.pod
M include/crypto/lms.h
M providers/decoders.inc
M providers/implementations/encode_decode/build.info
A providers/implementations/encode_decode/decode_lmsxdr2key.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/keymgmt/lms_kmgmt.c
M test/lms_test.c
Log Message:
-----------
Add LMS public key decoder.
This uses OSSL_DECODER_CTX_new_for_pkey().
"XDR" can be specified for the input type, and the key type is "LMS"
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 7be3137fb5dd44c97def5d1d6279ffa7218dc643
https://github.com/openssl/openssl/commit/7be3137fb5dd44c97def5d1d6279ffa7218dc643
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
M crypto/lms/lm_ots_params.c
A crypto/lms/lm_ots_verify.c
M crypto/lms/lms_key.c
A crypto/lms/lms_sig.c
A crypto/lms/lms_sig_decoder.c
A crypto/lms/lms_verify.c
M include/crypto/lms.h
A include/crypto/lms_sig.h
M include/crypto/lms_util.h
M providers/defltprov.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/signature/build.info
A providers/implementations/signature/lms_sig.c
M test/lms_test.c
Log Message:
-----------
Add LMS Signature verification.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 1c2fc7c3e04cc1334fa7a88454e5614e3b13dd6d
https://github.com/openssl/openssl/commit/1c2fc7c3e04cc1334fa7a88454e5614e3b13dd6d
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
M providers/fips/fipsprov.c
M providers/implementations/digests/sha2_prov.c
Log Message:
-----------
Allow SHA256-192 to be used internally in the FIPS provider.
Created an internal digest table that contains sha256_192.
Also moved the KECCAK_KMAC_128/256 entries to this internal table
since it is only used by KMAC.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 48af66aef72d482d41beafaf919b71e1dcb491b8
https://github.com/openssl/openssl/commit/48af66aef72d482d41beafaf919b71e1dcb491b8
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
M providers/fips/fipsprov.c
M providers/implementations/keymgmt/build.info
M providers/implementations/keymgmt/lms_kmgmt.c
M providers/implementations/signature/build.info
R providers/implementations/signature/lms_sig.c
A providers/implementations/signature/lms_signature.c
M test/lms_test.c
M test/recipes/30-test_lms.t
Log Message:
-----------
Add LMS to the fips provider.
This required the LMS keymanager to have an export function.
The self test will be provided by HSS, which covers the LMS case.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: a3b9edcb7906ebc8132b313a9223a6bf0527ee94
https://github.com/openssl/openssl/commit/a3b9edcb7906ebc8132b313a9223a6bf0527ee94
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/build.info
M doc/man3/EVP_PKEY_CTX_set_params.pod
M doc/man3/EVP_PKEY_fromdata.pod
M doc/man3/EVP_PKEY_todata.pod
M doc/man7/EVP_PKEY-LMS.pod
A doc/man7/EVP_SIGNATURE-LMS.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M doc/man7/OSSL_PROVIDER-default.pod
M doc/man7/provider-keymgmt.pod
Log Message:
-----------
Add LMS documentation
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: bd9dc16fc2d8d52dab63561c4aa5038b4561d7e3
https://github.com/openssl/openssl/commit/bd9dc16fc2d8d52dab63561c4aa5038b4561d7e3
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
Log Message:
-----------
Fix indentation
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 0c534426236e55bfe2222d742ff5f8cf32b4322e
https://github.com/openssl/openssl/commit/0c534426236e55bfe2222d742ff5f8cf32b4322e
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M include/openssl/self_test.h
Log Message:
-----------
fips: add LMS description
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: d3a29ad1354aa446c09fac615beee7da36ead853
https://github.com/openssl/openssl/commit/d3a29ad1354aa446c09fac615beee7da36ead853
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M providers/fips/self_test_data.inc
M providers/fips/self_test_kats.c
Log Message:
-----------
fips: add self test CAST for LMS verify
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 3f0d4ffd33bf446c97771849eaf64872ba641981
https://github.com/openssl/openssl/commit/3f0d4ffd33bf446c97771849eaf64872ba641981
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
Log Message:
-----------
doc: document the additional LMS self test description
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 25171e08031b63b5eb4dd2e1d79eac4e8deca3d6
https://github.com/openssl/openssl/commit/25171e08031b63b5eb4dd2e1d79eac4e8deca3d6
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add changes entry for LMS verification
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 8b449d01a7d73bd9567dd30be17238ab50249ee1
https://github.com/openssl/openssl/commit/8b449d01a7d73bd9567dd30be17238ab50249ee1
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/recipes/30-test_lms.t
Log Message:
-----------
test: get provider compatibily tests working
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 19126fcf230dc0b7b2d2785ec5e851c97fb15f93
https://github.com/openssl/openssl/commit/19126fcf230dc0b7b2d2785ec5e851c97fb15f93
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M include/internal/packet.h
Log Message:
-----------
packet: add new utility function PACKET_get_4_len()
Get 4 bytes in network order from |pkt| and store the value in |*data|
Similar to PACKET_get_net_4() except the data is uint32_t
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: dff36957a42593f51a1af2be8be4fcb5126c7060
https://github.com/openssl/openssl/commit/dff36957a42593f51a1af2be8be4fcb5126c7060
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms: add signing negative test
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 57267e2bcf67cec937ca3c5dbb08c7d9ea944dd4
https://github.com/openssl/openssl/commit/57267e2bcf67cec937ca3c5dbb08c7d9ea944dd4
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms: add negative tests
For EVP_PKEY_sign_message_init and EVP_PKEY_paramgen_init.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 34520fd5452c2c5180aba86496a13d1cc515a449
https://github.com/openssl/openssl/commit/34520fd5452c2c5180aba86496a13d1cc515a449
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms_test: add key gen negative test
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 17a1637a3f002d7f8276947cc151440c64984451
https://github.com/openssl/openssl/commit/17a1637a3f002d7f8276947cc151440c64984451
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M Configure
M INSTALL.md
Log Message:
-----------
Make LMS disabled by default
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 2bcfff8509b9a054ce84d768c96f6fd4ca7b9d6f
https://github.com/openssl/openssl/commit/2bcfff8509b9a054ce84d768c96f6fd4ca7b9d6f
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/coveralls.yml
M .github/workflows/cross-compiles.yml
M .github/workflows/fuzz-checker.yml
M .github/workflows/provider-compatibility.yml
M .github/workflows/run-checker-daily.yml
M .github/workflows/static-analysis-on-prem.yml
M .github/workflows/static-analysis.yml
M .github/workflows/windows.yml
Log Message:
-----------
ci: enable LMS in a number of different builds
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: d3081a52e87bd86bb584d66b883c1f1f23af2446
https://github.com/openssl/openssl/commit/d3081a52e87bd86bb584d66b883c1f1f23af2446
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/recipes/30-test_lms.t
Log Message:
-----------
test: get the LMS test recipe run non-FIPS tests
This places the FIPS specific tests in a skippable block.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: e6c8110483490de9fcc2ad20411a1a6e224685b6
https://github.com/openssl/openssl/commit/e6c8110483490de9fcc2ad20411a1a6e224685b6
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lm_ots_params.c
M crypto/lms/lms_pubkey_decode.c
M doc/man7/EVP_PKEY-LMS.pod
M include/crypto/lms.h
M providers/fips/self_test_kats.c
M providers/implementations/keymgmt/lms_kmgmt.c
M test/evp_test.c
A test/lms_parse.py
M test/lms_test.c
M test/recipes/30-test_evp.t
A test/recipes/30-test_evp_data/evppkey_lms_sigver.txt
Log Message:
-----------
Add LMS evp_test using NIST ACVP test data.
This covers all LMS algorithm parameter sets.
The following changes were done to handle the tests:
(1) Changed LMS to use OSSL_PKEY_PARAM_PUB_KEY instead of
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for import/export.
(There is no reason to have the encoded form for verify operations).
(2) Fixed a bug for W=1 with truncated digests. The checksum was using
a value of 8-w, which was off by 1 for this case. A value was added to
the ots parameters that represents this value.
(3) A check in evp_test for a NID was removed since LMS does not have
OIDS (HSS does).
(4) the unused PROPERTIES param was removed from the LMS keymanager.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 6b5fd48ee4fccb78a21e7dbc039b2d0847609a1a
https://github.com/openssl/openssl/commit/6b5fd48ee4fccb78a21e7dbc039b2d0847609a1a
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lm_ots_params.c
M crypto/lms/lm_ots_verify.c
M crypto/lms/lms_key.c
M crypto/lms/lms_params.c
M crypto/lms/lms_pubkey_decode.c
M crypto/lms/lms_sig_decoder.c
M crypto/lms/lms_verify.c
M doc/man7/EVP_PKEY-LMS.pod
M doc/man7/EVP_SIGNATURE-LMS.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M include/crypto/lms.h
M include/crypto/lms_util.h
M include/crypto/types.h
M providers/defltprov.c
M providers/fips/fipsprov.c
M providers/implementations/digests/sha2_prov.c
M providers/implementations/encode_decode/decode_lmsxdr2key.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/keymgmt/lms_kmgmt.c
M providers/implementations/signature/lms_signature.c
M test/lms_test.c
Log Message:
-----------
LMS code review fixups
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 07675d28de7928b159906a6292edba74010edb21
https://github.com/openssl/openssl/commit/07675d28de7928b159906a6292edba74010edb21
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
Log Message:
-----------
DOC: Fixup FIPS provider documentation.
SHAKE3 was missing from the list.
Also clarified that KECCAK-KMAC is internal.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Compare: https://github.com/openssl/openssl/compare/c6a1d8ea744a...07675d28de79
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 495f5fa0ba67c03659dd5288f3f7aa6913771426
https://github.com/openssl/openssl/commit/495f5fa0ba67c03659dd5288f3f7aa6913771426
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M Configure
M INSTALL.md
Log Message:
-----------
Add Configurable "lms" option
This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 2a6a2adc8d9ec7476613f035f91877e5a65ab6f5
https://github.com/openssl/openssl/commit/2a6a2adc8d9ec7476613f035f91877e5a65ab6f5
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/build.info
A crypto/lms/build.info
A crypto/lms/lm_ots_params.c
A crypto/lms/lms_key.c
A crypto/lms/lms_params.c
A crypto/lms/lms_pubkey_decode.c
M doc/build.info
A doc/man7/EVP_PKEY-LMS.pod
A include/crypto/lms.h
A include/crypto/lms_util.h
M include/crypto/types.h
M providers/defltprov.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/include/prov/names.h
M providers/implementations/keymgmt/build.info
A providers/implementations/keymgmt/lms_kmgmt.c
M test/build.info
A test/lms.inc
A test/lms_common.inc
A test/lms_test.c
A test/recipes/30-test_lms.t
Log Message:
-----------
Add base code to load a LMS public key.
This loads a XDR encoded LMS public key.
It adds a simple LMS keymanager to import this key.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: c64558ede85ed296753b42f74478b99bd89e7c34
https://github.com/openssl/openssl/commit/c64558ede85ed296753b42f74478b99bd89e7c34
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lms_pubkey_decode.c
M doc/man7/EVP_PKEY-LMS.pod
M include/crypto/lms.h
M providers/decoders.inc
M providers/implementations/encode_decode/build.info
A providers/implementations/encode_decode/decode_lmsxdr2key.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/keymgmt/lms_kmgmt.c
M test/lms_test.c
Log Message:
-----------
Add LMS public key decoder.
This uses OSSL_DECODER_CTX_new_for_pkey().
"XDR" can be specified for the input type, and the key type is "LMS"
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 7be3137fb5dd44c97def5d1d6279ffa7218dc643
https://github.com/openssl/openssl/commit/7be3137fb5dd44c97def5d1d6279ffa7218dc643
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
M crypto/lms/lm_ots_params.c
A crypto/lms/lm_ots_verify.c
M crypto/lms/lms_key.c
A crypto/lms/lms_sig.c
A crypto/lms/lms_sig_decoder.c
A crypto/lms/lms_verify.c
M include/crypto/lms.h
A include/crypto/lms_sig.h
M include/crypto/lms_util.h
M providers/defltprov.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/signature/build.info
A providers/implementations/signature/lms_sig.c
M test/lms_test.c
Log Message:
-----------
Add LMS Signature verification.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 1c2fc7c3e04cc1334fa7a88454e5614e3b13dd6d
https://github.com/openssl/openssl/commit/1c2fc7c3e04cc1334fa7a88454e5614e3b13dd6d
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
M providers/fips/fipsprov.c
M providers/implementations/digests/sha2_prov.c
Log Message:
-----------
Allow SHA256-192 to be used internally in the FIPS provider.
Created an internal digest table that contains sha256_192.
Also moved the KECCAK_KMAC_128/256 entries to this internal table
since it is only used by KMAC.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 48af66aef72d482d41beafaf919b71e1dcb491b8
https://github.com/openssl/openssl/commit/48af66aef72d482d41beafaf919b71e1dcb491b8
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
M providers/fips/fipsprov.c
M providers/implementations/keymgmt/build.info
M providers/implementations/keymgmt/lms_kmgmt.c
M providers/implementations/signature/build.info
R providers/implementations/signature/lms_sig.c
A providers/implementations/signature/lms_signature.c
M test/lms_test.c
M test/recipes/30-test_lms.t
Log Message:
-----------
Add LMS to the fips provider.
This required the LMS keymanager to have an export function.
The self test will be provided by HSS, which covers the LMS case.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: a3b9edcb7906ebc8132b313a9223a6bf0527ee94
https://github.com/openssl/openssl/commit/a3b9edcb7906ebc8132b313a9223a6bf0527ee94
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/build.info
M doc/man3/EVP_PKEY_CTX_set_params.pod
M doc/man3/EVP_PKEY_fromdata.pod
M doc/man3/EVP_PKEY_todata.pod
M doc/man7/EVP_PKEY-LMS.pod
A doc/man7/EVP_SIGNATURE-LMS.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M doc/man7/OSSL_PROVIDER-default.pod
M doc/man7/provider-keymgmt.pod
Log Message:
-----------
Add LMS documentation
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: bd9dc16fc2d8d52dab63561c4aa5038b4561d7e3
https://github.com/openssl/openssl/commit/bd9dc16fc2d8d52dab63561c4aa5038b4561d7e3
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/build.info
Log Message:
-----------
Fix indentation
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 0c534426236e55bfe2222d742ff5f8cf32b4322e
https://github.com/openssl/openssl/commit/0c534426236e55bfe2222d742ff5f8cf32b4322e
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M include/openssl/self_test.h
Log Message:
-----------
fips: add LMS description
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: d3a29ad1354aa446c09fac615beee7da36ead853
https://github.com/openssl/openssl/commit/d3a29ad1354aa446c09fac615beee7da36ead853
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M providers/fips/self_test_data.inc
M providers/fips/self_test_kats.c
Log Message:
-----------
fips: add self test CAST for LMS verify
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 3f0d4ffd33bf446c97771849eaf64872ba641981
https://github.com/openssl/openssl/commit/3f0d4ffd33bf446c97771849eaf64872ba641981
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
Log Message:
-----------
doc: document the additional LMS self test description
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 25171e08031b63b5eb4dd2e1d79eac4e8deca3d6
https://github.com/openssl/openssl/commit/25171e08031b63b5eb4dd2e1d79eac4e8deca3d6
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add changes entry for LMS verification
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 8b449d01a7d73bd9567dd30be17238ab50249ee1
https://github.com/openssl/openssl/commit/8b449d01a7d73bd9567dd30be17238ab50249ee1
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/recipes/30-test_lms.t
Log Message:
-----------
test: get provider compatibily tests working
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 19126fcf230dc0b7b2d2785ec5e851c97fb15f93
https://github.com/openssl/openssl/commit/19126fcf230dc0b7b2d2785ec5e851c97fb15f93
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M include/internal/packet.h
Log Message:
-----------
packet: add new utility function PACKET_get_4_len()
Get 4 bytes in network order from |pkt| and store the value in |*data|
Similar to PACKET_get_net_4() except the data is uint32_t
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: dff36957a42593f51a1af2be8be4fcb5126c7060
https://github.com/openssl/openssl/commit/dff36957a42593f51a1af2be8be4fcb5126c7060
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms: add signing negative test
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 57267e2bcf67cec937ca3c5dbb08c7d9ea944dd4
https://github.com/openssl/openssl/commit/57267e2bcf67cec937ca3c5dbb08c7d9ea944dd4
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms: add negative tests
For EVP_PKEY_sign_message_init and EVP_PKEY_paramgen_init.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 34520fd5452c2c5180aba86496a13d1cc515a449
https://github.com/openssl/openssl/commit/34520fd5452c2c5180aba86496a13d1cc515a449
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/lms_test.c
Log Message:
-----------
lms_test: add key gen negative test
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 17a1637a3f002d7f8276947cc151440c64984451
https://github.com/openssl/openssl/commit/17a1637a3f002d7f8276947cc151440c64984451
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M Configure
M INSTALL.md
Log Message:
-----------
Make LMS disabled by default
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 2bcfff8509b9a054ce84d768c96f6fd4ca7b9d6f
https://github.com/openssl/openssl/commit/2bcfff8509b9a054ce84d768c96f6fd4ca7b9d6f
Author: Pauli <ppz...@gmail.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/coveralls.yml
M .github/workflows/cross-compiles.yml
M .github/workflows/fuzz-checker.yml
M .github/workflows/provider-compatibility.yml
M .github/workflows/run-checker-daily.yml
M .github/workflows/static-analysis-on-prem.yml
M .github/workflows/static-analysis.yml
M .github/workflows/windows.yml
Log Message:
-----------
ci: enable LMS in a number of different builds
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: d3081a52e87bd86bb584d66b883c1f1f23af2446
https://github.com/openssl/openssl/commit/d3081a52e87bd86bb584d66b883c1f1f23af2446
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M test/recipes/30-test_lms.t
Log Message:
-----------
test: get the LMS test recipe run non-FIPS tests
This places the FIPS specific tests in a skippable block.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: e6c8110483490de9fcc2ad20411a1a6e224685b6
https://github.com/openssl/openssl/commit/e6c8110483490de9fcc2ad20411a1a6e224685b6
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lm_ots_params.c
M crypto/lms/lms_pubkey_decode.c
M doc/man7/EVP_PKEY-LMS.pod
M include/crypto/lms.h
M providers/fips/self_test_kats.c
M providers/implementations/keymgmt/lms_kmgmt.c
M test/evp_test.c
A test/lms_parse.py
M test/lms_test.c
M test/recipes/30-test_evp.t
A test/recipes/30-test_evp_data/evppkey_lms_sigver.txt
Log Message:
-----------
Add LMS evp_test using NIST ACVP test data.
This covers all LMS algorithm parameter sets.
The following changes were done to handle the tests:
(1) Changed LMS to use OSSL_PKEY_PARAM_PUB_KEY instead of
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for import/export.
(There is no reason to have the encoded form for verify operations).
(2) Fixed a bug for W=1 with truncated digests. The checksum was using
a value of 8-w, which was off by 1 for this case. A value was added to
the ots parameters that represents this value.
(3) A check in evp_test for a NID was removed since LMS does not have
OIDS (HSS does).
(4) the unused PROPERTIES param was removed from the LMS keymanager.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 6b5fd48ee4fccb78a21e7dbc039b2d0847609a1a
https://github.com/openssl/openssl/commit/6b5fd48ee4fccb78a21e7dbc039b2d0847609a1a
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M crypto/lms/lm_ots_params.c
M crypto/lms/lm_ots_verify.c
M crypto/lms/lms_key.c
M crypto/lms/lms_params.c
M crypto/lms/lms_pubkey_decode.c
M crypto/lms/lms_sig_decoder.c
M crypto/lms/lms_verify.c
M doc/man7/EVP_PKEY-LMS.pod
M doc/man7/EVP_SIGNATURE-LMS.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M include/crypto/lms.h
M include/crypto/lms_util.h
M include/crypto/types.h
M providers/defltprov.c
M providers/fips/fipsprov.c
M providers/implementations/digests/sha2_prov.c
M providers/implementations/encode_decode/decode_lmsxdr2key.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/keymgmt/lms_kmgmt.c
M providers/implementations/signature/lms_signature.c
M test/lms_test.c
Log Message:
-----------
LMS code review fixups
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Commit: 07675d28de7928b159906a6292edba74010edb21
https://github.com/openssl/openssl/commit/07675d28de7928b159906a6292edba74010edb21
Author: slontis <shane....@oracle.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)
Changed paths:
M doc/man7/OSSL_PROVIDER-FIPS.pod
Log Message:
-----------
DOC: Fixup FIPS provider documentation.
SHAKE3 was missing from the list.
Also clarified that KECCAK-KMAC is internal.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)
Compare: https://github.com/openssl/openssl/compare/c6a1d8ea744a...07675d28de79
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages