Commit Graph

10459 Commits

Author SHA1 Message Date
Andy Polyakov
4ec93a10bd Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet. 2011-09-25 15:31:51 +00:00
Dr. Stephen Henson
d18a0df0a6 make sure eivlen is initialised 2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1579e65604 use keyformat for -x509toreq, don't hard code PEM 2011-09-23 21:48:34 +00:00
Dr. Stephen Henson
c2035bffe7 PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
2011-09-23 13:39:23 +00:00
Dr. Stephen Henson
1d7392f219 PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Dr. Stephen Henson
07dda896cb PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.
2011-09-23 13:12:25 +00:00
Dr. Stephen Henson
af70f1a35d Run PQGVer test before DSA2 tests. 2011-09-23 01:03:37 +00:00
Dr. Stephen Henson
ddf00ffab8 Typo. 2011-09-22 14:15:07 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function.
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
456d883a25 Don't print out errors in cases where errors are expected: testing
DSA parameter validity and EC public key validity.
2011-09-21 18:42:12 +00:00
Dr. Stephen Henson
d57cc97f24 Remove unused variable. 2011-09-21 18:36:53 +00:00
Dr. Stephen Henson
05272d4c51 Perform health check on all reseed operations not associated with
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
2011-09-21 18:24:12 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags.
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
e74ac3f830 Update error codes. 2011-09-21 16:17:18 +00:00
Dr. Stephen Henson
a5799bdc48 Allow reseed interval to be set. 2011-09-18 19:36:27 +00:00
Andy Polyakov
2b1f17f83f Make latest assembler additions (vpaes and e_padlock) work in Windows build. 2011-09-18 15:40:11 +00:00
Andy Polyakov
7470276a25 sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere. 2011-09-17 12:57:33 +00:00
Andy Polyakov
d2fd65f6f6 sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Other Intel processors +5%, Opteron -2%.
2011-09-17 11:30:28 +00:00
Dr. Stephen Henson
819cf4b886 Sync error codes with 1.0.1-stable. 2011-09-17 00:17:46 +00:00
Dr. Stephen Henson
45fcfcb99f clarify comment 2011-09-16 17:40:16 +00:00
Dr. Stephen Henson
e248740d67 Minor code tidy and bug fix: need to set t = s after first pass and
t and s do not need to have independent values after the first pass
so set t = s.
2011-09-16 17:35:40 +00:00
Dr. Stephen Henson
b63698b70d Don't use vpaes in fips builds and exclude from restricted tarball. 2011-09-15 21:06:37 +00:00
Andy Polyakov
8ca28da0a7 Integrate Vector Permutation AES into build system. 2011-09-15 20:22:59 +00:00
Dr. Stephen Henson
b889a6046b Make HMAC kat symbols static. 2011-09-15 14:28:46 +00:00
Dr. Stephen Henson
00b0f2cb3e Fix warning. 2011-09-15 14:08:24 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
93256bf5d1 Update CMAC/HMAC sefltests to use NIDs instead of function pointers.
Simplify HMAC selftest as each test currently uses the same key and
hash data.
2011-09-14 15:49:50 +00:00
Dr. Stephen Henson
d47d0d2b0d Remove fipsdso target: it isn't supported in the 2.0 module. 2011-09-14 15:20:59 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
361d18a208 Check length of additional input in DRBG generate function. 2011-09-12 18:45:05 +00:00
Dr. Stephen Henson
de2132de93 Delete strength parameter from FIPS_drbg_generate. It isn't very useful
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
2011-09-12 13:20:57 +00:00
Dr. Stephen Henson
9e56c99e1a Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
don't set type in FIPS_drbg_new().
2011-09-12 12:56:20 +00:00
Andy Polyakov
543dfa9f0e vpaes-x86[_64]*.pl: fix typo. 2011-09-12 12:50:00 +00:00
Andy Polyakov
a87ff751b7 Add so called Vector Permutation AES x86[_64] assembler, see
http://crypto.stanford.edu/vpaes/ for background information.
It's not integrated into build system yet.
2011-09-12 08:25:14 +00:00
Dr. Stephen Henson
288fe07a6e Fix 3DES Monte Carlo test file output which previously outputted
extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
2011-09-11 18:05:40 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
e4588dc486 Add /fixed option to linker with fips builds. 2011-09-08 13:55:47 +00:00
Dr. Stephen Henson
d98360392a Put quick DRBG selftest return after first generate operation. 2011-09-07 10:26:38 +00:00
Andy Polyakov
33987f2f45 engines/asm/e_padlock-x86_64.pl: name it right and fix small bug. 2011-09-06 22:53:34 +00:00
Dr. Stephen Henson
bbb19418e6 Add error codes for DRBG KAT failures.
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
2011-09-06 20:46:27 +00:00
Andy Polyakov
ed28aef8b4 Padlock engine: make it independent of inline assembler. 2011-09-06 20:45:36 +00:00
Dr. Stephen Henson
0486cce653 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Dr. Stephen Henson
0f8d4d49dc Update FAQ. 2011-09-06 13:55:22 +00:00
Andy Polyakov
f952716745 config: don't add -Wa options with no-asm. 2011-09-05 16:31:51 +00:00
Andy Polyakov
dd83d0f4a7 crypto/bn/bn_gf2m.c: make it work with BN_DEBUG. 2011-09-05 16:14:43 +00:00
Dr. Stephen Henson
ea17b0feec Check reseed interval before generating output. 2011-09-05 15:45:13 +00:00
Dr. Stephen Henson
7634137b8a Place DRBG in error state if health check fails. 2011-09-05 15:32:32 +00:00
Bodo Möller
2c472780c0 oops 2011-09-05 13:43:56 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00