openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	706735aea3	Add new POST support to X9.31 PRNG.	2011-04-14 18:29:49 +00:00
Dr. Stephen Henson	8038511c27	Update CMAC, HMAC, GCM to use new POST system. Fix crash if callback not set.	2011-04-14 13:10:00 +00:00
Dr. Stephen Henson	a6311f856b	Remove several of the old obsolete FIPS_corrupt_*() functions.	2011-04-14 11:30:51 +00:00
Dr. Stephen Henson	ac892b7aa6	Initial incomplete POST overhaul: add support for POST callback to allow status of POST to be monitored and/or failures induced.	2011-04-14 11:15:10 +00:00
Dr. Stephen Henson	4bd1e895fa	Update fips_pkey_signature_test: use fixed string if supplies tbs is NULL. Always allocate signature buffer. Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice to file.	2011-04-12 17:41:53 +00:00
Dr. Stephen Henson	49cb5e0b40	Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx when performing ECDSA selftest.	2011-04-12 14:28:06 +00:00
Dr. Stephen Henson	55e328f580	Add error for health check failure. Rebuild all FIPS error codes to clean out old obsolete codes.	2011-04-09 17:46:31 +00:00
Dr. Stephen Henson	6653c6f2e8	Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.	2011-04-06 23:40:22 +00:00
Dr. Stephen Henson	05e24c87dd	Extensive reorganisation of PRNG handling in FIPS module: all calls now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".	2011-04-05 15:24:10 +00:00
Dr. Stephen Henson	cab0595c14	Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway.	2011-04-05 12:42:31 +00:00
Dr. Stephen Henson	f4bd65dae3	Set error code is additional data callback fails.	2011-04-04 17:03:35 +00:00
Dr. Stephen Henson	ded1999702	Change RNG test to block oriented instead of request oriented, add option to test a "stuck" DRBG.	2011-04-04 14:47:31 +00:00
Dr. Stephen Henson	8cf88778ea	Allow FIPS malloc callback setting. Automatically set some callbacks in OPENSSL_init().	2011-04-01 16:23:16 +00:00
Dr. Stephen Henson	e06de4dd35	Remove redundant definitions. Give error code if DRBG sefltest fails.	2011-03-31 17:23:12 +00:00
Richard Levitte	399aa6b5ff	Implement FIPS CMAC. * fips/cmac/: Implement the basis for FIPS CMAC, using FIPS HMAC as an example. crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros where possible. * crypto/evp/evp.h: (some of the macros get added with this change) * fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use macros to have cmac.c use these functions. * Makefile.org, fips/Makefile, fips/fips.c: Hook it in.	2011-03-24 22:55:02 +00:00
Dr. Stephen Henson	1e803100de	Implement continuous RNG test for SP800-90 DRBGs.	2011-03-17 18:53:33 +00:00
Dr. Stephen Henson	96ec46f7c0	Implement health checks needed by SP800-90. Fix warnings. Instantiate DRBGs at maximum strength.	2011-03-17 16:55:24 +00:00
Dr. Stephen Henson	fbbabb646c	Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.	2011-03-16 15:52:12 +00:00
Dr. Stephen Henson	1b76fac5ae	Check requested security strength in DRBG. Add function to retrieve the security strength.	2011-03-11 17:42:11 +00:00
Dr. Stephen Henson	8857b380e2	Add ECDH to validated module.	2011-03-09 23:44:06 +00:00
Dr. Stephen Henson	a1e7883edb	Add meaningful error codes to DRBG.	2011-03-08 14:16:30 +00:00
Dr. Stephen Henson	947ff113d2	add ECDSA POST	2011-02-18 17:25:00 +00:00
Dr. Stephen Henson	acf254f86e	AES GCM selftests.	2011-02-18 17:09:33 +00:00
Dr. Stephen Henson	0fbf8f447b	Add pairwise consistency test to EC.	2011-02-15 16:58:28 +00:00
Dr. Stephen Henson	25c6542944	Add non-FIPS algorithm blocking and selftest checking.	2011-02-15 16:03:47 +00:00
Dr. Stephen Henson	fe26d066ff	Add ECDSA functionality to fips module. Initial very incomplete version of algorithm test program.	2011-02-14 17:14:55 +00:00
Dr. Stephen Henson	c876a4b7b1	Include support for an add_lock callback to tiny FIPS locking API.	2011-02-14 17:05:42 +00:00
Dr. Stephen Henson	e990b4f838	Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library.	2011-02-13 18:45:41 +00:00
Dr. Stephen Henson	14ae26f2e4	Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files that use it.	2011-02-03 17:00:24 +00:00
Dr. Stephen Henson	3dd9b31dc4	Provisional, experimental support for DSA2 parameter generation algorithm. Not properly integrated or tested yet.	2011-01-31 19:44:09 +00:00
Dr. Stephen Henson	7edfe67456	Move all FIPSAPI renames into fips.h header file, include early in crypto.h if needed. Modify source tree to handle change.	2011-01-27 19:10:56 +00:00
Dr. Stephen Henson	7cc684f4f7	Redirect FIPS memory allocation to FIPS_malloc() routine, remove OpenSSL malloc dependencies.	2011-01-27 17:23:43 +00:00
Dr. Stephen Henson	aa87945f47	Update source files to handle new FIPS_lock() location. Add FIPS_lock() definition. Remove stale function references from fips.h	2011-01-27 15:57:31 +00:00
Dr. Stephen Henson	7c8ced94c3	Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks.	2011-01-27 15:22:26 +00:00
Dr. Stephen Henson	6ff9c48811	New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies on OpenSSL locking code. Use API in some internal FIPS files. Remove redundant ENGINE defines from fips.h	2011-01-27 14:29:48 +00:00
Dr. Stephen Henson	2b4b28dc32	And so it begins... again. Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have missing files, extraneous files and other nastiness. In other words: it's experimental ATM, OK?	2011-01-26 00:56:19 +00:00

36 commits