Andy Polyakov
9f0d2e1464
fips_enc.c: assign minimal block size to bad_cipher [to avoid arithmetic
...
exceptions in TLS layer].
2011-10-18 18:52:05 +00:00
Dr. Stephen Henson
15094852de
new function to lookup FIPS supported ciphers by NID
2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
0cabe4e172
Move FIPS RSA function definitions to fips.h
...
New function to lookup digests by NID in module.
Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
06843f826f
Fake CPU caps so fips_standalone_sha1 compiles.
...
Initialise update function for bad digest inits.
2011-05-31 16:22:21 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
ad4784953d
Return error codes for selftest failure instead of hard assertion errors.
2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
8cf88778ea
Allow FIPS malloc callback setting. Automatically set some callbacks
...
in OPENSSL_init().
2011-04-01 16:23:16 +00:00
Richard Levitte
399aa6b5ff
Implement FIPS CMAC.
...
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
c876a4b7b1
Include support for an add_lock callback to tiny FIPS locking API.
2011-02-14 17:05:42 +00:00
Dr. Stephen Henson
e47af46cd8
Change FIPS source and utilities to use the "FIPS_" names directly
...
instead of using regular OpenSSL API names.
2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
7e95116064
Remove unneeded functions, make some functions and variables static.
2011-02-04 17:56:57 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
d8ad2e6112
add .cvsignore
2011-01-27 18:11:36 +00:00
Dr. Stephen Henson
1097bde192
add FIPS API malloc/free
2011-01-27 18:09:05 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
6ff9c48811
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
...
on OpenSSL locking code. Use API in some internal FIPS files.
Remove redundant ENGINE defines from fips.h
2011-01-27 14:29:48 +00:00
Dr. Stephen Henson
2b4b28dc32
And so it begins... again.
...
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00