wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11189 commits 20 branches 302 tags 153 MiB
Commit graph

96 commits

Author SHA1 Message Date
Dr. Stephen Henson
4fa35e7336 Updates from fips2 branch: close streams in test utilities, use cofactor ECDH 
add new key and signature generation tests to fips_test_suite.
 2011-12-10 13:38:34 +00:00
Dr. Stephen Henson
85a1a836a2 check for unset entropy and nonce callbacks 2011-11-06 13:08:41 +00:00
Dr. Stephen Henson
f45c90bb1c make post failure simulation reversible in all cases 2011-11-05 18:14:42 +00:00
Dr. Stephen Henson
12cc43782c Remove duplicate test from health check. 
Fix memory leaks by uninstantiating DRBG before reinitialising it.
 2011-11-02 16:58:17 +00:00
Dr. Stephen Henson
3ec9dceb15 Add fips_algvs utility (from FIPS 2.0 stable branch). 2011-11-02 00:57:22 +00:00
Dr. Stephen Henson
5fd722600b Check for selftest failure in various places. 2011-10-22 17:24:27 +00:00
Dr. Stephen Henson
af4bfa151c Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX. 2011-10-21 00:12:53 +00:00
Dr. Stephen Henson
43760a2cf0 Fix error codes. 2011-10-20 13:56:01 +00:00
Dr. Stephen Henson
cf61940534 Fix warnings. 2011-10-12 13:06:45 +00:00
Dr. Stephen Henson
3f1ebb8f42 make depend 2011-09-29 23:17:59 +00:00
Dr. Stephen Henson
55831cd6ee Remove s = s * P deferral. 2011-09-29 18:22:37 +00:00
Dr. Stephen Henson
884c33b5c4 Check return codes properly. 2011-09-29 16:24:00 +00:00
Dr. Stephen Henson
ddf00ffab8 Typo. 2011-09-22 14:15:07 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function. 
Add explanatory comments to health check code.
 2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
d57cc97f24 Remove unused variable. 2011-09-21 18:36:53 +00:00
Dr. Stephen Henson
05272d4c51 Perform health check on all reseed operations not associated with 
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
 2011-09-21 18:24:12 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags. 
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
 2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
a5799bdc48 Allow reseed interval to be set. 2011-09-18 19:36:27 +00:00
Dr. Stephen Henson
45fcfcb99f clarify comment 2011-09-16 17:40:16 +00:00
Dr. Stephen Henson
e248740d67 Minor code tidy and bug fix: need to set t = s after first pass and 
t and s do not need to have independent values after the first pass
so set t = s.
 2011-09-16 17:35:40 +00:00
Dr. Stephen Henson
00b0f2cb3e Fix warning. 2011-09-15 14:08:24 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check 
for all DRBG combinations.
 2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
361d18a208 Check length of additional input in DRBG generate function. 2011-09-12 18:45:05 +00:00
Dr. Stephen Henson
de2132de93 Delete strength parameter from FIPS_drbg_generate. It isn't very useful 
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
 2011-09-12 13:20:57 +00:00
Dr. Stephen Henson
9e56c99e1a Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we 
don't set type in FIPS_drbg_new().
 2011-09-12 12:56:20 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm 
tests and POST code.
 2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
d98360392a Put quick DRBG selftest return after first generate operation. 2011-09-07 10:26:38 +00:00
Dr. Stephen Henson
bbb19418e6 Add error codes for DRBG KAT failures. 
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
 2011-09-06 20:46:27 +00:00
Dr. Stephen Henson
ea17b0feec Check reseed interval before generating output. 2011-09-05 15:45:13 +00:00
Dr. Stephen Henson
7634137b8a Place DRBG in error state if health check fails. 2011-09-05 15:32:32 +00:00
Dr. Stephen Henson
74c40744ca Don't perform full DRBG health check on all DRBG types on power up, just 
one shorter KAT per mechanism.
 2011-09-04 22:48:06 +00:00
Dr. Stephen Henson
1567b3904c Update dependencies. 2011-09-04 18:44:28 +00:00
Dr. Stephen Henson
06e771b580 Add header to Makefile. 2011-09-04 18:36:20 +00:00
Dr. Stephen Henson
eb9e63df61 Extension of DRBG selftests using new data. 
Test PR and no PR and test initial generate before the reseed too.

Move selftest data to separate fips_drbg_selftest.h header file.
 2011-09-04 18:35:33 +00:00
Dr. Stephen Henson
46883b67de Correct maximum request length. SP800-90 quotes maximum bits, not bytes. 2011-08-19 23:25:10 +00:00
Dr. Stephen Henson
7f06921eca Remove redundant assignment. 2011-08-11 13:22:04 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
a678580bb8 Fix warnings. 2011-07-25 21:58:11 +00:00
Dr. Stephen Henson
fc30530402 Fix CPRNG test for Hash DRBG. 2011-06-26 12:29:26 +00:00
Dr. Stephen Henson
a96b90b66b typo 2011-06-24 15:30:21 +00:00
Dr. Stephen Henson
d1a70cc9eb Add stub for HMAC DRBG. 2011-06-24 14:28:34 +00:00
Dr. Stephen Henson
fdb65c836c Don't include des.h any more: it is not needed. 2011-06-16 14:12:42 +00:00
Dr. Stephen Henson
1d55dd86dd Allow applications to specify alternative FIPS RAND methods if they 
are sure they are OK.

API to retrieve FIPS rand method.
 2011-06-13 20:28:45 +00:00
Dr. Stephen Henson
0cabe4e172 Move FIPS RSA function definitions to fips.h 
New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
 2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
73ab341130 PR: 2522 
Submitted by: Henrik Grindal Bakken <henribak@cisco.com>

Don't compare past end of buffer.
 2011-05-23 12:27:43 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
ad4784953d Return error codes for selftest failure instead of hard assertion errors. 2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
6313d628da Remove superfluous PRNG self tests. 
Print timer resolution.
 2011-05-04 23:17:29 +00:00
Dr. Stephen Henson
2f6efd6acb Some changes to support VxWorks in the validted module. 2011-05-01 15:36:54 +00:00