Commit graph

10021 commits

Author SHA1 Message Date
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key
and SHA384. Use fips_pkey_signature_test().
2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6 Update RSA selftest code to use a 2048 bit RSA and only a single KAT
for PSS+SHA256
2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc Stop warning and fix memory leaks. 2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
364ce53cef No need to disable leak checking for FIPS builds now we use internal
memory callbacks.
2011-04-12 13:01:40 +00:00
Dr. Stephen Henson
6223352683 Update ECDSA selftest to use hard coded private keys. Include tests for
prime and binary fields.
2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5 Update fips_premain.c fingerprint. 2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb Update copyright year.
Zero ciphertext and plaintext temporary buffers.

Check FIPS_cipher() return value.
2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
4fd7256b77 Use correct version number. 2011-04-11 14:55:19 +00:00
Dr. Stephen Henson
1ccc003b82 Add mem_clr.c explicity for no-asm builds. 2011-04-11 14:53:40 +00:00
Dr. Stephen Henson
48da9b8f2a Fix warning. 2011-04-11 14:52:59 +00:00
Dr. Stephen Henson
6909dccc32 Set length to 41 (40 hex characters + null). 2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
b93e331ba4 Reorder headers to get definitions before they are used. 2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
f9bf6314ea Don't give dependency warning for fips builds.
Give error for "make depend" in restricted tarball builds.

Document how restricted tarballs work.
2011-04-11 00:22:42 +00:00
Dr. Stephen Henson
ac319dd82b Typo: fix duplicate call. 2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
284e2d2b37 fix fipscanisteronly autodetect 2011-04-10 23:28:24 +00:00
Dr. Stephen Henson
4582626544 Auto detect no-ec2m add option to make no-ec2m tarball. 2011-04-10 18:30:13 +00:00
Dr. Stephen Henson
ccc5784e37 set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m 2011-04-10 17:31:03 +00:00
Dr. Stephen Henson
8742ae6e19 Clarify README.FIPS. 2011-04-10 16:23:31 +00:00
Dr. Stephen Henson
c105c96bac Auto configure for fips is from restricted tarball.
Remove more unnecessary files form fips tarball.
2011-04-10 16:18:19 +00:00
Dr. Stephen Henson
6ceb1e8efb Remove unused build targets from Makefile.fips, add cmac to dist list. 2011-04-10 01:14:58 +00:00
Dr. Stephen Henson
1f91af5e56 remove ENGINE dependency from ecdh 2011-04-10 01:14:25 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure.
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf Before initalising a live DRBG (i.e. not in test mode) run a complete health
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1 New function to return security strength of PRNG. 2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
31360957fb DH keys have an (until now) unused 'q' parameter. When creating
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357 Only use fake rand once per operation. This stops the EC
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
d7a3ce989c Update CHANGES. 2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
1ee49722dc Add fips hmac key to dgst utility. 2011-04-06 23:40:46 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data.
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975 Add missing error code strings. 2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
e71bbd26e7 Remove rand files from fipscanister.o 2011-04-06 18:16:44 +00:00
Dr. Stephen Henson
acd410dc15 check buffer is larger enough before overwriting 2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
161cc82df1 updated FIPS status 2011-04-06 13:40:36 +00:00
Dr. Stephen Henson
42bd0a6b3c Update fipssyms.h to keep all symbols in FIPS,fips namespace.
Rename drbg_cprng_test to fips_drbg_cprng_test.

Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0 FIPS mode support for openssl utility: doesn't work properly yet due
to missing DRBG support in libcrypto.
2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5 Updated error codes for FIPS library. 2011-04-04 17:05:09 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ac1ee8e877 Use environment when builds libcrypto shared library so CC value is picked up
in FIPS builds.
2011-04-04 17:01:58 +00:00
Dr. Stephen Henson
8776ef63c1 Change FIPS locking functions to macros so we get useful line information.
Set fips_thread_set properly.
2011-04-04 15:38:21 +00:00
Andy Polyakov
7af0400297 gcm128.c: fix shadow warnings. 2011-04-04 15:24:09 +00:00
Dr. Stephen Henson
1d59fe5267 Disable test fprintf. 2011-04-04 14:52:20 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
a255e5bc98 check RAND_pseudo_bytes return value 2011-04-04 14:43:20 +00:00
Dr. Stephen Henson
4058861f69 PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93 PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5 PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
2011-04-03 15:47:58 +00:00