Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
ee9884654b
Cope with new DSA2 file format where some p/q only tests are made.
2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
5f885f1ea4
Fix target config errors.
2011-02-02 15:11:40 +00:00
Dr. Stephen Henson
7a4ec19a5f
Make no-asm work in fips mode. Add android platform.
2011-02-02 15:07:13 +00:00
Dr. Stephen Henson
a5b196a22c
Add sign/verify digest API to handle an explicit digest instead of finalising
...
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8
Remove DSA parameter generation from DSA selftest. It is unnecessary and
...
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b
Don't try to set pmd if it is NULL.
2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d
Add DSA2 support to final algorithm tests: keypair and keyver.
2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8
Support more DSA2 tests.
2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
2ecc150530
Tolerate mixed case and leading zeroes when comparing.
2011-02-01 17:15:53 +00:00
Dr. Stephen Henson
3c2c4cc5f2
fixes for DSA2 parameter generation
2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
5eedacc904
update README.FIPS
2011-02-01 17:14:07 +00:00
Dr. Stephen Henson
7f64c26588
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4
Provisional, experimental support for DSA2 parameter generation algorithm.
...
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
eb164d0b12
stop warnings about no previous prototype when compiling shared engines
2011-01-30 01:30:48 +00:00
Dr. Stephen Henson
225c272193
Fix shared build for fips
2011-01-30 01:14:34 +00:00
Dr. Stephen Henson
9fdb2cc592
Add fips option into Configure, disable endian code for no-asm and FIPS.
...
Make shared library default for fips.
2011-01-30 00:01:09 +00:00
Dr. Stephen Henson
cc8bd54569
add fiplibdir and basedir options to Configure
2011-01-29 23:45:02 +00:00
Dr. Stephen Henson
0c02a37548
use different default fips install directory
2011-01-29 23:05:15 +00:00
Dr. Stephen Henson
166c9cb0b8
update version to 2.0
2011-01-29 21:51:59 +00:00
Dr. Stephen Henson
5084af288d
typo
2011-01-29 21:45:04 +00:00
Dr. Stephen Henson
7e23e857f6
don't descend fips directory if not in fips mode
2011-01-29 21:39:33 +00:00
Dr. Stephen Henson
44f54a130b
Add preliminary FIPS information.
2011-01-29 17:05:25 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
d8ad2e6112
add .cvsignore
2011-01-27 18:11:36 +00:00
Dr. Stephen Henson
1097bde192
add FIPS API malloc/free
2011-01-27 18:09:05 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
e36d6b8f79
add fips_dsatest.c file
2011-01-27 16:52:49 +00:00
Dr. Stephen Henson
aa87945f47
Update source files to handle new FIPS_lock() location. Add FIPS_lock()
...
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
d5df1b3f0d
Include thread ID code in fips module.
2011-01-27 14:50:41 +00:00
Dr. Stephen Henson
6ff9c48811
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
...
on OpenSSL locking code. Use API in some internal FIPS files.
Remove redundant ENGINE defines from fips.h
2011-01-27 14:29:48 +00:00
Dr. Stephen Henson
ad6019d6c0
Move locking and thread ID functions into new files lock.c and thr_id.c,
...
redirect locking to minimal FIPS_lock() function where required.
2011-01-27 14:27:24 +00:00
Dr. Stephen Henson
a27de7b7fd
use FIPSEVP in some bn and rsa files
2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
54e02a234c
update .cvsignore
2011-01-27 13:33:47 +00:00
Dr. Stephen Henson
879bd6e38c
Internal version of BN_mod_inverse allowing checking of no-inverse without
...
need to inspect error queue.
2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
6f1a3a310c
FIPS changes to test/Makefile: rules to build FIPS test applications.
2011-01-26 16:47:51 +00:00
Dr. Stephen Henson
6f4b3e7c09
Use ARX in crypto/Makefile
2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858
FIPS HMAC changes:
...
Use EVP macros.
Use tiny EVP in FIPS mode.
2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd
FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
...
library dependencies.
2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94
FIPS DH changes: selftest checks and key range checks.
2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd
FIPS mode DSA changes:
...
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Key size restrictions.
2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b
FIPS mode RSA changes:
...
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7
add new RAND errors
2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f
FIPS mode EVP changes:
...
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241
FIPS mode changes to make RNG compile (this will need updating later as we
...
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:52:04 +00:00
Dr. Stephen Henson
1ab2f7f1cb
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
2011-01-26 12:31:30 +00:00
Dr. Stephen Henson
9bafd8f7b3
FIPS_allow_md5() no longer exists and is no longer required
2011-01-26 12:23:58 +00:00