Dr. Stephen Henson
49cb5e0b40
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
...
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc
Stop warning and fix memory leaks.
2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
364ce53cef
No need to disable leak checking for FIPS builds now we use internal
...
memory callbacks.
2011-04-12 13:01:40 +00:00
Dr. Stephen Henson
6223352683
Update ECDSA selftest to use hard coded private keys. Include tests for
...
prime and binary fields.
2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5
Update fips_premain.c fingerprint.
2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb
Update copyright year.
...
Zero ciphertext and plaintext temporary buffers.
Check FIPS_cipher() return value.
2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
4fd7256b77
Use correct version number.
2011-04-11 14:55:19 +00:00
Dr. Stephen Henson
1ccc003b82
Add mem_clr.c explicity for no-asm builds.
2011-04-11 14:53:40 +00:00
Dr. Stephen Henson
48da9b8f2a
Fix warning.
2011-04-11 14:52:59 +00:00
Dr. Stephen Henson
6909dccc32
Set length to 41 (40 hex characters + null).
2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
b93e331ba4
Reorder headers to get definitions before they are used.
2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
f9bf6314ea
Don't give dependency warning for fips builds.
...
Give error for "make depend" in restricted tarball builds.
Document how restricted tarballs work.
2011-04-11 00:22:42 +00:00
Dr. Stephen Henson
ac319dd82b
Typo: fix duplicate call.
2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
284e2d2b37
fix fipscanisteronly autodetect
2011-04-10 23:28:24 +00:00
Dr. Stephen Henson
4582626544
Auto detect no-ec2m add option to make no-ec2m tarball.
2011-04-10 18:30:13 +00:00
Dr. Stephen Henson
ccc5784e37
set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m
2011-04-10 17:31:03 +00:00
Dr. Stephen Henson
8742ae6e19
Clarify README.FIPS.
2011-04-10 16:23:31 +00:00
Dr. Stephen Henson
c105c96bac
Auto configure for fips is from restricted tarball.
...
Remove more unnecessary files form fips tarball.
2011-04-10 16:18:19 +00:00
Dr. Stephen Henson
6ceb1e8efb
Remove unused build targets from Makefile.fips, add cmac to dist list.
2011-04-10 01:14:58 +00:00
Dr. Stephen Henson
1f91af5e56
remove ENGINE dependency from ecdh
2011-04-10 01:14:25 +00:00
Dr. Stephen Henson
55e328f580
Add error for health check failure.
...
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf
Before initalising a live DRBG (i.e. not in test mode) run a complete health
...
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1
New function to return security strength of PRNG.
2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
31360957fb
DH keys have an (until now) unused 'q' parameter. When creating
...
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357
Only use fake rand once per operation. This stops the EC
...
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
d7a3ce989c
Update CHANGES.
2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
1ee49722dc
Add fips hmac key to dgst utility.
2011-04-06 23:40:46 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975
Add missing error code strings.
2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
e71bbd26e7
Remove rand files from fipscanister.o
2011-04-06 18:16:44 +00:00
Dr. Stephen Henson
acd410dc15
check buffer is larger enough before overwriting
2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
161cc82df1
updated FIPS status
2011-04-06 13:40:36 +00:00
Dr. Stephen Henson
42bd0a6b3c
Update fipssyms.h to keep all symbols in FIPS,fips namespace.
...
Rename drbg_cprng_test to fips_drbg_cprng_test.
Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0
FIPS mode support for openssl utility: doesn't work properly yet due
...
to missing DRBG support in libcrypto.
2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5
Updated error codes for FIPS library.
2011-04-04 17:05:09 +00:00
Dr. Stephen Henson
f4bd65dae3
Set error code is additional data callback fails.
2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ac1ee8e877
Use environment when builds libcrypto shared library so CC value is picked up
...
in FIPS builds.
2011-04-04 17:01:58 +00:00
Dr. Stephen Henson
8776ef63c1
Change FIPS locking functions to macros so we get useful line information.
...
Set fips_thread_set properly.
2011-04-04 15:38:21 +00:00
Andy Polyakov
7af0400297
gcm128.c: fix shadow warnings.
2011-04-04 15:24:09 +00:00
Dr. Stephen Henson
1d59fe5267
Disable test fprintf.
2011-04-04 14:52:20 +00:00
Dr. Stephen Henson
ded1999702
Change RNG test to block oriented instead of request oriented, add option
...
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
a255e5bc98
check RAND_pseudo_bytes return value
2011-04-04 14:43:20 +00:00
Dr. Stephen Henson
4058861f69
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93
PR: 2458
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5
PR: 2457
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
2011-04-03 15:47:58 +00:00
Dr. Stephen Henson
3b5c1dc565
Make WIN32 static builds work again.
2011-04-02 16:51:04 +00:00
Andy Polyakov
e512375186
ARM assembler pack: add missing arm_arch.h.
2011-04-01 21:09:09 +00:00
Andy Polyakov
1e86318091
ARM assembler pack: profiler-assisted optimizations and NEON support.
2011-04-01 20:58:34 +00:00