Commit Graph

10031 Commits

Author SHA1 Message Date
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
706735aea3 Add new POST support to X9.31 PRNG. 2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5 Report each cipher used with CMAC tests.
Only add one error to error queue if a specific test type fails.
2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1 Revise fips_test_suite to use table of IDs for human readable strings.
Modify HMAC selftest callbacks to notify each digest type used.
2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system.
Fix crash if callback not set.
2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f Remove duplicate flag. 2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
114c8e220b Use consistent FIPS tarball name.
Add XTS to FIPS build.

Hide XTS symbol names.
2011-04-12 23:59:05 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key
and SHA384. Use fips_pkey_signature_test().
2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6 Update RSA selftest code to use a 2048 bit RSA and only a single KAT
for PSS+SHA256
2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc Stop warning and fix memory leaks. 2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
364ce53cef No need to disable leak checking for FIPS builds now we use internal
memory callbacks.
2011-04-12 13:01:40 +00:00
Dr. Stephen Henson
6223352683 Update ECDSA selftest to use hard coded private keys. Include tests for
prime and binary fields.
2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5 Update fips_premain.c fingerprint. 2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb Update copyright year.
Zero ciphertext and plaintext temporary buffers.

Check FIPS_cipher() return value.
2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
4fd7256b77 Use correct version number. 2011-04-11 14:55:19 +00:00
Dr. Stephen Henson
1ccc003b82 Add mem_clr.c explicity for no-asm builds. 2011-04-11 14:53:40 +00:00
Dr. Stephen Henson
48da9b8f2a Fix warning. 2011-04-11 14:52:59 +00:00
Dr. Stephen Henson
6909dccc32 Set length to 41 (40 hex characters + null). 2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
b93e331ba4 Reorder headers to get definitions before they are used. 2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
f9bf6314ea Don't give dependency warning for fips builds.
Give error for "make depend" in restricted tarball builds.

Document how restricted tarballs work.
2011-04-11 00:22:42 +00:00
Dr. Stephen Henson
ac319dd82b Typo: fix duplicate call. 2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
284e2d2b37 fix fipscanisteronly autodetect 2011-04-10 23:28:24 +00:00
Dr. Stephen Henson
4582626544 Auto detect no-ec2m add option to make no-ec2m tarball. 2011-04-10 18:30:13 +00:00
Dr. Stephen Henson
ccc5784e37 set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m 2011-04-10 17:31:03 +00:00
Dr. Stephen Henson
8742ae6e19 Clarify README.FIPS. 2011-04-10 16:23:31 +00:00
Dr. Stephen Henson
c105c96bac Auto configure for fips is from restricted tarball.
Remove more unnecessary files form fips tarball.
2011-04-10 16:18:19 +00:00
Dr. Stephen Henson
6ceb1e8efb Remove unused build targets from Makefile.fips, add cmac to dist list. 2011-04-10 01:14:58 +00:00
Dr. Stephen Henson
1f91af5e56 remove ENGINE dependency from ecdh 2011-04-10 01:14:25 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure.
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf Before initalising a live DRBG (i.e. not in test mode) run a complete health
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1 New function to return security strength of PRNG. 2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
31360957fb DH keys have an (until now) unused 'q' parameter. When creating
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357 Only use fake rand once per operation. This stops the EC
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
d7a3ce989c Update CHANGES. 2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
1ee49722dc Add fips hmac key to dgst utility. 2011-04-06 23:40:46 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data.
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975 Add missing error code strings. 2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
e71bbd26e7 Remove rand files from fipscanister.o 2011-04-06 18:16:44 +00:00
Dr. Stephen Henson
acd410dc15 check buffer is larger enough before overwriting 2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
161cc82df1 updated FIPS status 2011-04-06 13:40:36 +00:00
Dr. Stephen Henson
42bd0a6b3c Update fipssyms.h to keep all symbols in FIPS,fips namespace.
Rename drbg_cprng_test to fips_drbg_cprng_test.

Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0 FIPS mode support for openssl utility: doesn't work properly yet due
to missing DRBG support in libcrypto.
2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5 Updated error codes for FIPS library. 2011-04-04 17:05:09 +00:00