Commit graph

9824 commits

Author SHA1 Message Date
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db Fix error codes. 2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
ee9884654b Cope with new DSA2 file format where some p/q only tests are made. 2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
5f885f1ea4 Fix target config errors. 2011-02-02 15:11:40 +00:00
Dr. Stephen Henson
7a4ec19a5f Make no-asm work in fips mode. Add android platform. 2011-02-02 15:07:13 +00:00
Dr. Stephen Henson
a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8 Remove DSA parameter generation from DSA selftest. It is unnecessary and
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b Don't try to set pmd if it is NULL. 2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d Add DSA2 support to final algorithm tests: keypair and keyver. 2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8 Support more DSA2 tests. 2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
2ecc150530 Tolerate mixed case and leading zeroes when comparing. 2011-02-01 17:15:53 +00:00
Dr. Stephen Henson
3c2c4cc5f2 fixes for DSA2 parameter generation 2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
5eedacc904 update README.FIPS 2011-02-01 17:14:07 +00:00
Dr. Stephen Henson
7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm.
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Dr. Stephen Henson
225c272193 Fix shared build for fips 2011-01-30 01:14:34 +00:00
Dr. Stephen Henson
9fdb2cc592 Add fips option into Configure, disable endian code for no-asm and FIPS.
Make shared library default for fips.
2011-01-30 00:01:09 +00:00
Dr. Stephen Henson
cc8bd54569 add fiplibdir and basedir options to Configure 2011-01-29 23:45:02 +00:00
Dr. Stephen Henson
0c02a37548 use different default fips install directory 2011-01-29 23:05:15 +00:00
Dr. Stephen Henson
166c9cb0b8 update version to 2.0 2011-01-29 21:51:59 +00:00
Dr. Stephen Henson
5084af288d typo 2011-01-29 21:45:04 +00:00
Dr. Stephen Henson
7e23e857f6 don't descend fips directory if not in fips mode 2011-01-29 21:39:33 +00:00
Dr. Stephen Henson
44f54a130b Add preliminary FIPS information. 2011-01-29 17:05:25 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.

Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
d8ad2e6112 add .cvsignore 2011-01-27 18:11:36 +00:00
Dr. Stephen Henson
1097bde192 add FIPS API malloc/free 2011-01-27 18:09:05 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
e36d6b8f79 add fips_dsatest.c file 2011-01-27 16:52:49 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock()
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
d5df1b3f0d Include thread ID code in fips module. 2011-01-27 14:50:41 +00:00
Dr. Stephen Henson
6ff9c48811 New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
on OpenSSL locking code. Use API in some internal FIPS files.

Remove redundant ENGINE defines from fips.h
2011-01-27 14:29:48 +00:00
Dr. Stephen Henson
ad6019d6c0 Move locking and thread ID functions into new files lock.c and thr_id.c,
redirect locking to minimal FIPS_lock() function where required.
2011-01-27 14:27:24 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
54e02a234c update .cvsignore 2011-01-27 13:33:47 +00:00
Dr. Stephen Henson
879bd6e38c Internal version of BN_mod_inverse allowing checking of no-inverse without
need to inspect error queue.
2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
6f1a3a310c FIPS changes to test/Makefile: rules to build FIPS test applications. 2011-01-26 16:47:51 +00:00
Dr. Stephen Henson
6f4b3e7c09 Use ARX in crypto/Makefile 2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858 FIPS HMAC changes:
Use EVP macros.

Use tiny EVP in FIPS mode.
2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
library dependencies.
2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94 FIPS DH changes: selftest checks and key range checks. 2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd FIPS mode DSA changes:
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.
2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b FIPS mode RSA changes:
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.
2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7 add new RAND errors 2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes:
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241 FIPS mode changes to make RNG compile (this will need updating later as we
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:52:04 +00:00
Dr. Stephen Henson
1ab2f7f1cb Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet 2011-01-26 12:31:30 +00:00
Dr. Stephen Henson
9bafd8f7b3 FIPS_allow_md5() no longer exists and is no longer required 2011-01-26 12:23:58 +00:00