Dr. Stephen Henson
49cb5e0b40
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
...
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
ac319dd82b
Typo: fix duplicate call.
2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
55e328f580
Add error for health check failure.
...
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf
Before initalising a live DRBG (i.e. not in test mode) run a complete health
...
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1
New function to return security strength of PRNG.
2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
42bd0a6b3c
Update fipssyms.h to keep all symbols in FIPS,fips namespace.
...
Rename drbg_cprng_test to fips_drbg_cprng_test.
Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
f4bd65dae3
Set error code is additional data callback fails.
2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ded1999702
Change RNG test to block oriented instead of request oriented, add option
...
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
e5cadaf8db
Only zeroise sensitive parts of DRBG context, so the type and flags
...
are undisturbed.
Allow setting of "rand" callbacks for DRBG.
2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
011c865640
Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for
...
test applications.
2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c
Unused, untested, provisional RAND interface for DRBG.
2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35
Remove redundant definitions. Give error code if DRBG sefltest fails.
2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245
Reorganise DRBG API so the entropy and nonce callbacks can return a
...
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
cd22dfbf01
Have all algorithm test programs call fips_algtest_init() at startup:
...
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
dad7851485
Allow setting of get_entropy and get_nonce callbacks outside test mode.
...
Test mode is now set when a DRBG context is initialised.
2011-03-25 14:38:37 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Dr. Stephen Henson
beb895083c
Free DRBG context in self tests.
2011-03-21 14:40:57 +00:00
Dr. Stephen Henson
5904882eaa
Typo.
2011-03-18 18:17:55 +00:00
Dr. Stephen Henson
1e803100de
Implement continuous RNG test for SP800-90 DRBGs.
2011-03-17 18:53:33 +00:00
Dr. Stephen Henson
96ec46f7c0
Implement health checks needed by SP800-90.
...
Fix warnings.
Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Dr. Stephen Henson
fbbabb646c
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.
2011-03-16 15:52:12 +00:00
Dr. Stephen Henson
1b76fac5ae
Check requested security strength in DRBG. Add function to retrieve the
...
security strength.
2011-03-11 17:42:11 +00:00
Dr. Stephen Henson
a1e7883edb
Add meaningful error codes to DRBG.
2011-03-08 14:16:30 +00:00
Dr. Stephen Henson
dd0d2df562
Add file I/O to fips_drbgvs program.
2011-03-08 13:51:34 +00:00
Dr. Stephen Henson
12b77cbec3
Remove need for redirection on RNG and DSS algorithm test programs: some
...
platforms don't support it.
2011-03-08 13:27:29 +00:00
Dr. Stephen Henson
e45c6c4e25
Uninstantiate and free functions for DRBG.
2011-03-07 16:51:17 +00:00
Dr. Stephen Henson
ff4a19a471
Fix couple of bugs in CTR DRBG implementation.
2011-03-06 13:10:37 +00:00
Dr. Stephen Henson
868f12988c
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
...
algorithm test generator.
2011-03-06 12:35:09 +00:00
Dr. Stephen Henson
591cbfae3c
Initial, provisional, subject to wholesale change, untested, probably
...
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
Did I say this was untested?
2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
3deb010dc0
x509v3.h header file not needed in fips algorithm test utilities.
2011-02-21 16:36:47 +00:00
Dr. Stephen Henson
017bc57bf9
Experimental FIPS symbol renaming.
...
Fixups under fips/ to make symbol renaming work.
2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
6ff9c48811
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
...
on OpenSSL locking code. Use API in some internal FIPS files.
Remove redundant ENGINE defines from fips.h
2011-01-27 14:29:48 +00:00
Dr. Stephen Henson
2b4b28dc32
And so it begins... again.
...
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00