Andy Polyakov
4ec93a10bd
Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.
2011-09-25 15:31:51 +00:00
Dr. Stephen Henson
d18a0df0a6
make sure eivlen is initialised
2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1579e65604
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:34 +00:00
Dr. Stephen Henson
c2035bffe7
PR: 2606
...
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
2011-09-23 13:39:23 +00:00
Dr. Stephen Henson
1d7392f219
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Dr. Stephen Henson
07dda896cb
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:12:25 +00:00
Dr. Stephen Henson
af70f1a35d
Run PQGVer test before DSA2 tests.
2011-09-23 01:03:37 +00:00
Dr. Stephen Henson
ddf00ffab8
Typo.
2011-09-22 14:15:07 +00:00
Dr. Stephen Henson
cb71870dfa
Use function name FIPS_drbg_health_check() for health check function.
...
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
456d883a25
Don't print out errors in cases where errors are expected: testing
...
DSA parameter validity and EC public key validity.
2011-09-21 18:42:12 +00:00
Dr. Stephen Henson
d57cc97f24
Remove unused variable.
2011-09-21 18:36:53 +00:00
Dr. Stephen Henson
05272d4c51
Perform health check on all reseed operations not associated with
...
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
2011-09-21 18:24:12 +00:00
Dr. Stephen Henson
4420b3b17a
Revise DRBG to split between internal and external flags.
...
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
e74ac3f830
Update error codes.
2011-09-21 16:17:18 +00:00
Dr. Stephen Henson
a5799bdc48
Allow reseed interval to be set.
2011-09-18 19:36:27 +00:00
Andy Polyakov
2b1f17f83f
Make latest assembler additions (vpaes and e_padlock) work in Windows build.
2011-09-18 15:40:11 +00:00
Andy Polyakov
7470276a25
sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
2011-09-17 12:57:33 +00:00
Andy Polyakov
d2fd65f6f6
sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
...
Other Intel processors +5%, Opteron -2%.
2011-09-17 11:30:28 +00:00
Dr. Stephen Henson
819cf4b886
Sync error codes with 1.0.1-stable.
2011-09-17 00:17:46 +00:00
Dr. Stephen Henson
45fcfcb99f
clarify comment
2011-09-16 17:40:16 +00:00
Dr. Stephen Henson
e248740d67
Minor code tidy and bug fix: need to set t = s after first pass and
...
t and s do not need to have independent values after the first pass
so set t = s.
2011-09-16 17:35:40 +00:00
Dr. Stephen Henson
b63698b70d
Don't use vpaes in fips builds and exclude from restricted tarball.
2011-09-15 21:06:37 +00:00
Andy Polyakov
8ca28da0a7
Integrate Vector Permutation AES into build system.
2011-09-15 20:22:59 +00:00
Dr. Stephen Henson
b889a6046b
Make HMAC kat symbols static.
2011-09-15 14:28:46 +00:00
Dr. Stephen Henson
00b0f2cb3e
Fix warning.
2011-09-15 14:08:24 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
93256bf5d1
Update CMAC/HMAC sefltests to use NIDs instead of function pointers.
...
Simplify HMAC selftest as each test currently uses the same key and
hash data.
2011-09-14 15:49:50 +00:00
Dr. Stephen Henson
d47d0d2b0d
Remove fipsdso target: it isn't supported in the 2.0 module.
2011-09-14 15:20:59 +00:00
Dr. Stephen Henson
15094852de
new function to lookup FIPS supported ciphers by NID
2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc
More extensive DRBG health check. New function to call health check
...
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
361d18a208
Check length of additional input in DRBG generate function.
2011-09-12 18:45:05 +00:00
Dr. Stephen Henson
de2132de93
Delete strength parameter from FIPS_drbg_generate. It isn't very useful
...
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
2011-09-12 13:20:57 +00:00
Dr. Stephen Henson
9e56c99e1a
Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
...
don't set type in FIPS_drbg_new().
2011-09-12 12:56:20 +00:00
Andy Polyakov
543dfa9f0e
vpaes-x86[_64]*.pl: fix typo.
2011-09-12 12:50:00 +00:00
Andy Polyakov
a87ff751b7
Add so called Vector Permutation AES x86[_64] assembler, see
...
http://crypto.stanford.edu/vpaes/ for background information.
It's not integrated into build system yet.
2011-09-12 08:25:14 +00:00
Dr. Stephen Henson
288fe07a6e
Fix 3DES Monte Carlo test file output which previously outputted
...
extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
2011-09-11 18:05:40 +00:00
Dr. Stephen Henson
7fdcb45745
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
...
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
e4588dc486
Add /fixed option to linker with fips builds.
2011-09-08 13:55:47 +00:00
Dr. Stephen Henson
d98360392a
Put quick DRBG selftest return after first generate operation.
2011-09-07 10:26:38 +00:00
Andy Polyakov
33987f2f45
engines/asm/e_padlock-x86_64.pl: name it right and fix small bug.
2011-09-06 22:53:34 +00:00
Dr. Stephen Henson
bbb19418e6
Add error codes for DRBG KAT failures.
...
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
2011-09-06 20:46:27 +00:00
Andy Polyakov
ed28aef8b4
Padlock engine: make it independent of inline assembler.
2011-09-06 20:45:36 +00:00
Dr. Stephen Henson
0486cce653
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
...
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Dr. Stephen Henson
0f8d4d49dc
Update FAQ.
2011-09-06 13:55:22 +00:00
Andy Polyakov
f952716745
config: don't add -Wa options with no-asm.
2011-09-05 16:31:51 +00:00
Andy Polyakov
dd83d0f4a7
crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
2011-09-05 16:14:43 +00:00
Dr. Stephen Henson
ea17b0feec
Check reseed interval before generating output.
2011-09-05 15:45:13 +00:00
Dr. Stephen Henson
7634137b8a
Place DRBG in error state if health check fails.
2011-09-05 15:32:32 +00:00
Bodo Möller
2c472780c0
oops
2011-09-05 13:43:56 +00:00
Bodo Möller
c519e89f5c
Fix session handling.
2011-09-05 13:36:23 +00:00