Dr. Stephen Henson
06b7e5a0e4
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
706735aea3
Add new POST support to X9.31 PRNG.
2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5
Report each cipher used with CMAC tests.
...
Only add one error to error queue if a specific test type fails.
2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1
Revise fips_test_suite to use table of IDs for human readable strings.
...
Modify HMAC selftest callbacks to notify each digest type used.
2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27
Update CMAC, HMAC, GCM to use new POST system.
...
Fix crash if callback not set.
2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f
Remove duplicate flag.
2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
114c8e220b
Use consistent FIPS tarball name.
...
Add XTS to FIPS build.
Hide XTS symbol names.
2011-04-12 23:59:05 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
4bd1e895fa
Update fips_pkey_signature_test: use fixed string if supplies tbs is
...
NULL. Always allocate signature buffer.
Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903
Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key
...
and SHA384. Use fips_pkey_signature_test().
2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6
Update RSA selftest code to use a 2048 bit RSA and only a single KAT
...
for PSS+SHA256
2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
...
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc
Stop warning and fix memory leaks.
2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
364ce53cef
No need to disable leak checking for FIPS builds now we use internal
...
memory callbacks.
2011-04-12 13:01:40 +00:00
Dr. Stephen Henson
6223352683
Update ECDSA selftest to use hard coded private keys. Include tests for
...
prime and binary fields.
2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5
Update fips_premain.c fingerprint.
2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb
Update copyright year.
...
Zero ciphertext and plaintext temporary buffers.
Check FIPS_cipher() return value.
2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
4fd7256b77
Use correct version number.
2011-04-11 14:55:19 +00:00
Dr. Stephen Henson
1ccc003b82
Add mem_clr.c explicity for no-asm builds.
2011-04-11 14:53:40 +00:00
Dr. Stephen Henson
48da9b8f2a
Fix warning.
2011-04-11 14:52:59 +00:00
Dr. Stephen Henson
6909dccc32
Set length to 41 (40 hex characters + null).
2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
b93e331ba4
Reorder headers to get definitions before they are used.
2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
f9bf6314ea
Don't give dependency warning for fips builds.
...
Give error for "make depend" in restricted tarball builds.
Document how restricted tarballs work.
2011-04-11 00:22:42 +00:00
Dr. Stephen Henson
ac319dd82b
Typo: fix duplicate call.
2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
284e2d2b37
fix fipscanisteronly autodetect
2011-04-10 23:28:24 +00:00
Dr. Stephen Henson
4582626544
Auto detect no-ec2m add option to make no-ec2m tarball.
2011-04-10 18:30:13 +00:00
Dr. Stephen Henson
ccc5784e37
set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m
2011-04-10 17:31:03 +00:00
Dr. Stephen Henson
8742ae6e19
Clarify README.FIPS.
2011-04-10 16:23:31 +00:00
Dr. Stephen Henson
c105c96bac
Auto configure for fips is from restricted tarball.
...
Remove more unnecessary files form fips tarball.
2011-04-10 16:18:19 +00:00
Dr. Stephen Henson
6ceb1e8efb
Remove unused build targets from Makefile.fips, add cmac to dist list.
2011-04-10 01:14:58 +00:00
Dr. Stephen Henson
1f91af5e56
remove ENGINE dependency from ecdh
2011-04-10 01:14:25 +00:00
Dr. Stephen Henson
55e328f580
Add error for health check failure.
...
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf
Before initalising a live DRBG (i.e. not in test mode) run a complete health
...
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1
New function to return security strength of PRNG.
2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
31360957fb
DH keys have an (until now) unused 'q' parameter. When creating
...
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357
Only use fake rand once per operation. This stops the EC
...
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
d7a3ce989c
Update CHANGES.
2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
1ee49722dc
Add fips hmac key to dgst utility.
2011-04-06 23:40:46 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975
Add missing error code strings.
2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
e71bbd26e7
Remove rand files from fipscanister.o
2011-04-06 18:16:44 +00:00
Dr. Stephen Henson
acd410dc15
check buffer is larger enough before overwriting
2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
161cc82df1
updated FIPS status
2011-04-06 13:40:36 +00:00
Dr. Stephen Henson
42bd0a6b3c
Update fipssyms.h to keep all symbols in FIPS,fips namespace.
...
Rename drbg_cprng_test to fips_drbg_cprng_test.
Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0
FIPS mode support for openssl utility: doesn't work properly yet due
...
to missing DRBG support in libcrypto.
2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5
Updated error codes for FIPS library.
2011-04-04 17:05:09 +00:00