wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10661 commits 20 branches 302 tags 153 MiB
Commit graph

74 commits

Author SHA1 Message Date
Dr. Stephen Henson
df64f34e84 make post failure simulation reversible in all cases 2011-11-05 18:15:01 +00:00
Dr. Stephen Henson
485ef852ac Add single call public key sign and verify functions. 2011-11-05 01:32:52 +00:00
Dr. Stephen Henson
5fd722600b Check for selftest failure in various places. 2011-10-22 17:24:27 +00:00
Dr. Stephen Henson
8d742dd561 Update error codes. 2011-10-21 11:46:16 +00:00
Dr. Stephen Henson
43760a2cf0 Fix error codes. 2011-10-20 13:56:01 +00:00
Dr. Stephen Henson
5e4eb9954b add authentication parameter to FIPS_module_mode_set 2011-10-19 22:34:53 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check 
for all DRBG combinations.
 2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
bbb19418e6 Add error codes for DRBG KAT failures. 
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
 2011-09-06 20:46:27 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Dr. Stephen Henson
ce02589259 Now the FIPS capable OpenSSL is available simplify the various FIPS test 
build options.

All fispcanisterbuild builds only build fipscanister.o and include symbol
renaming.

Move all renamed symbols to fipssyms.h

Update README.FIPS
 2011-06-22 12:30:18 +00:00
Dr. Stephen Henson
279a0001b6 Add prototype for null cipher. 2011-06-21 16:14:01 +00:00
Dr. Stephen Henson
b08e372bf6 Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL. 2011-06-12 15:37:51 +00:00
Dr. Stephen Henson
0435dc1902 HMAC fips prototypes 2011-06-12 15:02:53 +00:00
Dr. Stephen Henson
e6e7b4e825 CMAC FIPS prototypes. 2011-06-12 14:11:57 +00:00
Dr. Stephen Henson
603bc9395c more prototypes in fips.h 2011-06-09 15:18:55 +00:00
Dr. Stephen Henson
da9234130a Add more prototypes. 2011-06-09 13:50:53 +00:00
Dr. Stephen Henson
4960411e1f Add flags for DH FIPS method. 
Update/fix prototypes in fips.h
 2011-06-08 15:53:08 +00:00
Dr. Stephen Henson
7f0d1be3a6 Add prototypes for some FIPS EC functions. 2011-06-06 15:24:02 +00:00
Dr. Stephen Henson
644ce07ecd Move function prototype to fips.h 2011-06-06 11:56:58 +00:00
Dr. Stephen Henson
549c4ad35b Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is 
FIPS capable: i.e. FIPS module is supplied externally.
 2011-06-03 16:26:58 +00:00
Dr. Stephen Henson
267229b141 Constify RSA signature buffer. 2011-06-03 12:38:18 +00:00
Dr. Stephen Henson
0cabe4e172 Move FIPS RSA function definitions to fips.h 
New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
 2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
e7ee10d3dc Clone digest prototypes. 2011-06-01 14:18:28 +00:00
Dr. Stephen Henson
3e2e231852 Add more cipher prototypes. 2011-05-29 16:16:55 +00:00
Dr. Stephen Henson
87829ac926 Prototypes for more FIPS functions for use in FIPS capable OpenSSL. 2011-05-29 15:56:23 +00:00
Dr. Stephen Henson
c33066900c Add FIPS_digestinit prototype for FIPS capable OpenSSL. 2011-05-28 23:02:23 +00:00
Dr. Stephen Henson
f87ff24bc4 Add prototypes for FIPS EVP implementations: for use in FIPS capable 
OpenSSL.
 2011-05-28 21:03:31 +00:00
Dr. Stephen Henson
f76b1baf86 Fix error discrepancy. 2011-05-12 14:28:09 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
ad4784953d Return error codes for selftest failure instead of hard assertion errors. 2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
74fac927b0 Return errors instead of aborting when selftest fails. 2011-04-22 11:12:56 +00:00
Dr. Stephen Henson
b8b6a13a56 Add continuous RNG test to entropy source. Entropy callbacks now need 
to specify a "block length".
 2011-04-21 14:17:15 +00:00
Dr. Stephen Henson
14264b19de Add periodic DRBG health checks as required by SP800-90. 2011-04-20 17:06:38 +00:00
Dr. Stephen Henson
cb1b3aa151 Add AES CCM selftest. 2011-04-19 18:57:58 +00:00
Dr. Stephen Henson
bf8131f79f Add XTS selftest, include in fips_test_suite. 2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
706735aea3 Add new POST support to X9.31 PRNG. 2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system. 
Fix crash if callback not set.
 2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is 
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
 2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx 
when performing ECDSA selftest.
 2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure. 
Rebuild all FIPS error codes to clean out old obsolete codes.
 2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data. 
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
 2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls 
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
 2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option 
to test a "stuck" DRBG.
 2011-04-04 14:47:31 +00:00