Commit graph

334 commits

Author SHA1 Message Date
Dr. Stephen Henson
64f5178d67 Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld.
Use current directory for fips_premain_dso
2011-05-26 21:20:14 +00:00
Dr. Stephen Henson
e558c2aa3f In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative
location for libcrypto.a, support shared library builds in different
source tree.
2011-05-26 21:15:45 +00:00
Dr. Stephen Henson
ed0a35f222 Install fips_standalone_sha1 and make use of it in fipsld script. 2011-05-26 13:59:11 +00:00
Dr. Stephen Henson
ecfe2d1753 More symbol renaming. 2011-05-25 16:01:37 +00:00
Dr. Stephen Henson
73ab341130 PR: 2522
Submitted by: Henrik Grindal Bakken <henribak@cisco.com>

Don't compare past end of buffer.
2011-05-23 12:27:43 +00:00
Dr. Stephen Henson
f76b1baf86 Fix error discrepancy. 2011-05-12 14:28:09 +00:00
Andy Polyakov
f24e95b72c fips_canister.c: pick more neutral macro name. 2011-05-11 20:17:06 +00:00
Dr. Stephen Henson
2f38b38986 Set FIPS mode for values other than 1. The only current effect
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.
2011-05-11 14:49:01 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
7919c07947 Typo. 2011-05-10 10:57:03 +00:00
Andy Polyakov
ab67c517ae fips_canister.c: fix typo. 2011-05-10 10:03:23 +00:00
Andy Polyakov
31b46ebb62 fips_canister.c: initial support for cross-compiling. "Initial" refers
to the two-entry list of verified platforms in #ifndef
FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
2011-05-10 09:53:59 +00:00
Dr. Stephen Henson
dc7995eeb8 Initialise rc. 2011-05-09 21:21:29 +00:00
Dr. Stephen Henson
ad4784953d Return error codes for selftest failure instead of hard assertion errors. 2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
c184711124 Hide more symbols. 2011-05-05 23:10:32 +00:00
Dr. Stephen Henson
6313d628da Remove superfluous PRNG self tests.
Print timer resolution.
2011-05-04 23:17:29 +00:00
Dr. Stephen Henson
d16765919d Fix warning. 2011-05-04 14:34:36 +00:00
Dr. Stephen Henson
a95bbadb57 Include fipssyms.h for ARM builds to translate symbols.
Translate arm symbol to fips_*.
2011-05-04 14:16:03 +00:00
Dr. Stephen Henson
e350458a63 Remove useless setting. 2011-05-04 01:09:52 +00:00
Dr. Stephen Henson
9243a86d75 Use faster curves for ECDSA self test. 2011-05-02 12:13:04 +00:00
Dr. Stephen Henson
fc98a4377d Use more portable clock_gettime() for fips_test_suite timing.
Output times of each subtest.
2011-05-02 11:09:38 +00:00
Dr. Stephen Henson
fd600c0037 Stop warning in VxWorks. 2011-05-01 20:55:05 +00:00
Dr. Stephen Henson
a32ad6891b Quick hack to time POST. 2011-05-01 20:54:42 +00:00
Dr. Stephen Henson
2325315ba3 Two more symbol renames. 2011-05-01 19:07:16 +00:00
Dr. Stephen Henson
8a2024ea59 Handle multiple CPUID_OBJ correctly. 2011-05-01 19:06:39 +00:00
Dr. Stephen Henson
42c7c6764e Rename some more symbols. 2011-05-01 17:51:40 +00:00
Dr. Stephen Henson
bd4b0137fc For FIPS algorithm test utilities use our own version of strcasecmp and
strncasecmp to cover cases where platforms don't support them.
2011-05-01 16:18:52 +00:00
Dr. Stephen Henson
2f6efd6acb Some changes to support VxWorks in the validted module. 2011-05-01 15:36:54 +00:00
Dr. Stephen Henson
ee872e99f7 Update symbol translation table. 2011-05-01 14:33:59 +00:00
Dr. Stephen Henson
c4d162873f Don't assume version of rm supports -rf: use RM instead. 2011-04-28 20:52:21 +00:00
Dr. Stephen Henson
1eb8939695 Stop warnings about undefined _exit on Android.
Additional script output options to fipsalgtest.pl
2011-04-28 12:20:12 +00:00
Dr. Stephen Henson
7979626995 Recognise invalid enable/disable options.
Option to shut up bogus warnings.
2011-04-24 12:13:32 +00:00
Dr. Stephen Henson
e0d1a2f80a Always return multiple of block length bytes from default DRBG seed
callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].
2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
74fac927b0 Return errors instead of aborting when selftest fails. 2011-04-22 11:12:56 +00:00
Dr. Stephen Henson
da9ead8db2 Add XTS test vector support to fipsalgtest.pl 2011-04-22 01:05:53 +00:00
Dr. Stephen Henson
bef5013961 Rewrite OutputValue to avoid use of buffer when printing out hex values.
Delete unused functions from fips_utl.h.

Increase xts line buffer.
2011-04-22 00:41:35 +00:00
Dr. Stephen Henson
b8b6a13a56 Add continuous RNG test to entropy source. Entropy callbacks now need
to specify a "block length".
2011-04-21 14:17:15 +00:00
Dr. Stephen Henson
7608978861 Update DRBG to use new POST scheme. 2011-04-20 18:05:05 +00:00
Dr. Stephen Henson
14264b19de Add periodic DRBG health checks as required by SP800-90. 2011-04-20 17:06:38 +00:00
Dr. Stephen Henson
8da18ea1a5 Add partial GCM tests to fipsalgtest.pl 2011-04-20 15:06:44 +00:00
Dr. Stephen Henson
7aaa88e55c Add partial DH and ECDH primitives only testing to fipsalgtest.pl 2011-04-20 14:33:39 +00:00
Dr. Stephen Henson
84c7a8f7dc Warn if lines are truncated in algorithm test utilities.
Support for new test files: DRBG and CCM.
2011-04-20 13:20:31 +00:00
Dr. Stephen Henson
cb1b3aa151 Add AES CCM selftest. 2011-04-19 18:57:58 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
b3a45e7db5 CCM encrypt algorithm test support. 2011-04-18 16:31:11 +00:00
Dr. Stephen Henson
ca8630ba81 Remove shlib_wrap.sh as it is not needed (all algorithm tests are
staticly linked to fipscanister.o). Add option to generate a shell
script to run all tests: this is useful for platforms that don't have
perl.
2011-04-17 15:39:47 +00:00
Dr. Stephen Henson
764ef43962 Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp
search of the file to determine its type. This will be needed for other tests
later...
2011-04-16 23:54:19 +00:00
Dr. Stephen Henson
75707a324f Add "post" option to fips_test_suite to run the POST only and exit. 2011-04-15 20:09:34 +00:00
Dr. Stephen Henson
bf8131f79f Add XTS selftest, include in fips_test_suite. 2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
706735aea3 Add new POST support to X9.31 PRNG. 2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5 Report each cipher used with CMAC tests.
Only add one error to error queue if a specific test type fails.
2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1 Revise fips_test_suite to use table of IDs for human readable strings.
Modify HMAC selftest callbacks to notify each digest type used.
2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system.
Fix crash if callback not set.
2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
114c8e220b Use consistent FIPS tarball name.
Add XTS to FIPS build.

Hide XTS symbol names.
2011-04-12 23:59:05 +00:00
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key
and SHA384. Use fips_pkey_signature_test().
2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6 Update RSA selftest code to use a 2048 bit RSA and only a single KAT
for PSS+SHA256
2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc Stop warning and fix memory leaks. 2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
6223352683 Update ECDSA selftest to use hard coded private keys. Include tests for
prime and binary fields.
2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5 Update fips_premain.c fingerprint. 2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb Update copyright year.
Zero ciphertext and plaintext temporary buffers.

Check FIPS_cipher() return value.
2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
6909dccc32 Set length to 41 (40 hex characters + null). 2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
ac319dd82b Typo: fix duplicate call. 2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure.
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf Before initalising a live DRBG (i.e. not in test mode) run a complete health
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1 New function to return security strength of PRNG. 2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data.
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
42bd0a6b3c Update fipssyms.h to keep all symbols in FIPS,fips namespace.
Rename drbg_cprng_test to fips_drbg_cprng_test.

Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
8776ef63c1 Change FIPS locking functions to macros so we get useful line information.
Set fips_thread_set properly.
2011-04-04 15:38:21 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
7d48743b95 restore .cvsignore 2011-04-01 18:40:30 +00:00
Dr. Stephen Henson
b26f324824 delete lib file 2011-04-01 18:40:05 +00:00
Dr. Stephen Henson
02eb92abad temporarily update .cvsignore 2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
e5cadaf8db Only zeroise sensitive parts of DRBG context, so the type and flags
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
8cf88778ea Allow FIPS malloc callback setting. Automatically set some callbacks
in OPENSSL_init().
2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
011c865640 Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for
test applications.
2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c Unused, untested, provisional RAND interface for DRBG. 2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35 Remove redundant definitions. Give error code if DRBG sefltest fails. 2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245 Reorganise DRBG API so the entropy and nonce callbacks can return a
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
bb61a6c80d fix warnings 2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
5198009885 Add .cvsignore 2011-03-25 16:37:30 +00:00
Dr. Stephen Henson
cd22dfbf01 Have all algorithm test programs call fips_algtest_init() at startup:
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
d4178c8fb1 Disable cmac tests by default so the old algorithm test vectors work. 2011-03-25 16:34:20 +00:00
Dr. Stephen Henson
dad7851485 Allow setting of get_entropy and get_nonce callbacks outside test mode.
Test mode is now set when a DRBG context is initialised.
2011-03-25 14:38:37 +00:00
Dr. Stephen Henson
9db6974f77 Add .cvsignore 2011-03-25 14:26:23 +00:00
Dr. Stephen Henson
8e5dbc23df Remove unused function. 2011-03-25 14:24:23 +00:00
Dr. Stephen Henson
bd7e6bd44b Fix compiler warnings. 2011-03-25 12:36:02 +00:00
Richard Levitte
e775bbc464 * fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B
aren't trustworthy (see examples 13 and 14, they have the same mac,
  as do examples 17 and 18), use examples from official test vectors
  instead.
2011-03-25 09:24:02 +00:00
Richard Levitte
d8ba2a42e9 * fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers
we support.
2011-03-25 08:48:26 +00:00
Richard Levitte
af267e4315 * fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support
both names.
2011-03-25 08:44:37 +00:00
Richard Levitte
d15467d582 * fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we
support (Two Key TDEA is not supported), to handle really big
  messages (some of the test vectors have messages 65536 bytes long),
  and to handle cases where there are several keys (Three Key TDEA)
2011-03-25 08:40:33 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
37942b93af Implement FIPS CMAC.
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
  test cases and build test program.
2011-03-24 22:57:52 +00:00
Richard Levitte
399aa6b5ff Implement FIPS CMAC.
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00
Dr. Stephen Henson
beb895083c Free DRBG context in self tests. 2011-03-21 14:40:57 +00:00
Dr. Stephen Henson
5904882eaa Typo. 2011-03-18 18:17:55 +00:00
Dr. Stephen Henson
1e803100de Implement continuous RNG test for SP800-90 DRBGs. 2011-03-17 18:53:33 +00:00
Dr. Stephen Henson
96ec46f7c0 Implement health checks needed by SP800-90.
Fix warnings.

Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Dr. Stephen Henson
fbbabb646c Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. 2011-03-16 15:52:12 +00:00
Dr. Stephen Henson
1b76fac5ae Check requested security strength in DRBG. Add function to retrieve the
security strength.
2011-03-11 17:42:11 +00:00
Dr. Stephen Henson
1acc24a8ba Make no-ec2m work again. 2011-03-10 01:00:30 +00:00
Dr. Stephen Henson
f52e552a93 Add a few more symbol renames. 2011-03-09 23:53:41 +00:00
Dr. Stephen Henson
8857b380e2 Add ECDH to validated module. 2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
a6de7133bb Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs. 2011-03-09 14:55:10 +00:00
Dr. Stephen Henson
0fa714a4f0 Update fips_dhvs to handle functional test by generating keys. 2011-03-09 14:39:54 +00:00
Dr. Stephen Henson
0392f94fbc Typo. 2011-03-08 21:29:07 +00:00
Dr. Stephen Henson
11e80de3ee New initial DH algorithm test driver. 2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
a1e7883edb Add meaningful error codes to DRBG. 2011-03-08 14:16:30 +00:00
Dr. Stephen Henson
dd0d2df562 Add file I/O to fips_drbgvs program. 2011-03-08 13:51:34 +00:00
Dr. Stephen Henson
ce57f0d5c2 Support I/O with files in new fips_gcmtest program. 2011-03-08 13:42:21 +00:00
Dr. Stephen Henson
c34a652e1e Remove redirection from fipsalgtest.pl script. 2011-03-08 13:29:46 +00:00
Dr. Stephen Henson
12b77cbec3 Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.
2011-03-08 13:27:29 +00:00
Dr. Stephen Henson
e45c6c4e25 Uninstantiate and free functions for DRBG. 2011-03-07 16:51:17 +00:00
Dr. Stephen Henson
ff4a19a471 Fix couple of bugs in CTR DRBG implementation. 2011-03-06 13:10:37 +00:00
Dr. Stephen Henson
868f12988c Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.
2011-03-06 12:35:09 +00:00
Dr. Stephen Henson
591cbfae3c Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
949c6f8ccf Stop warnings. 2011-02-23 16:06:33 +00:00
Dr. Stephen Henson
30ff3278ae Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL. 2011-02-23 15:16:12 +00:00
Dr. Stephen Henson
071eb6b592 Add new symbols to fipssyms.h 2011-02-23 15:04:06 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
37eae9909a Remove unnecessary dependencies. 2011-02-21 17:35:53 +00:00
Dr. Stephen Henson
3deb010dc0 x509v3.h header file not needed in fips algorithm test utilities. 2011-02-21 16:36:47 +00:00
Dr. Stephen Henson
947ff113d2 add ECDSA POST 2011-02-18 17:25:00 +00:00
Dr. Stephen Henson
acf254f86e AES GCM selftests. 2011-02-18 17:09:33 +00:00
Dr. Stephen Henson
d47691ecfe Correct fipssyms.h for more assembly language symbols. 2011-02-17 17:45:09 +00:00
Dr. Stephen Henson
01ad8195aa Remove debugging command.
Reorder fipssyms.h to include assembly language symbols at the end.
2011-02-17 15:33:32 +00:00
Dr. Stephen Henson
017bc57bf9 Experimental FIPS symbol renaming.
Fixups under fips/ to make symbol renaming work.
2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
0fbf8f447b Add pairwise consistency test to EC. 2011-02-15 16:58:28 +00:00
Dr. Stephen Henson
c81f8f59be Use SHA-256 in fips_test_suite. 2011-02-15 16:58:06 +00:00
Dr. Stephen Henson
225a9e296b Update pairwise consistency checks to use SHA-256. 2011-02-15 16:18:18 +00:00
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
fe082202c0 Ignore final '\n' when checking if hex line length is odd. 2011-02-15 15:56:13 +00:00
Dr. Stephen Henson
fbc164ec2f Add support for SigGen and KeyPair tests. 2011-02-15 14:16:57 +00:00
Dr. Stephen Henson
943a0ceed0 Update ECDSA test program to handle ECDSA2 format files.
Correctly handle hex strings with an odd number of digits.
2011-02-14 19:42:49 +00:00
Dr. Stephen Henson
5d2f1538a0 Add .cvsignore. 2011-02-14 17:28:28 +00:00
Dr. Stephen Henson
fe26d066ff Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.
2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
c876a4b7b1 Include support for an add_lock callback to tiny FIPS locking API. 2011-02-14 17:05:42 +00:00
Dr. Stephen Henson
e990b4f838 Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8 Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.
2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
30b56225cc New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.
2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
a4113c52b2 Disable FIPS restrictions when doing GCM testing. 2011-02-10 01:46:25 +00:00
Dr. Stephen Henson
b3d8022edd Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. 2011-02-09 16:21:43 +00:00
Dr. Stephen Henson
f4bfe97fc9 Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
in the request file need to update it to generate IVs once we have an IV
generator in place.
2011-02-08 19:25:24 +00:00
Dr. Stephen Henson
9afe95099d Set values to NULL after freeing them. 2011-02-08 18:25:57 +00:00
Dr. Stephen Henson
9dd346c90d Experimental incomplete AES GCM algorithm test program. 2011-02-08 18:15:59 +00:00
Dr. Stephen Henson
f4001a0d19 Link GCM into FIPS module. Check return value in EVP gcm. 2011-02-08 15:10:42 +00:00
Dr. Stephen Henson
634b66186a Typo. 2011-02-07 14:36:55 +00:00
Dr. Stephen Henson
7e95116064 Remove unneeded functions, make some functions and variables static. 2011-02-04 17:56:57 +00:00
Dr. Stephen Henson
14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
that use it.
2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
c2a459315a Use single X931 key generation source file for FIPS and non-FIPS builds. 2011-02-03 12:47:56 +00:00
Bodo Möller
2440d8b1db Fix error codes. 2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
ee9884654b Cope with new DSA2 file format where some p/q only tests are made. 2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8 Remove DSA parameter generation from DSA selftest. It is unnecessary and
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b Don't try to set pmd if it is NULL. 2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d Add DSA2 support to final algorithm tests: keypair and keyver. 2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8 Support more DSA2 tests. 2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
2ecc150530 Tolerate mixed case and leading zeroes when comparing. 2011-02-01 17:15:53 +00:00
Dr. Stephen Henson
7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm.
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.

Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
d8ad2e6112 add .cvsignore 2011-01-27 18:11:36 +00:00
Dr. Stephen Henson
1097bde192 add FIPS API malloc/free 2011-01-27 18:09:05 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
e36d6b8f79 add fips_dsatest.c file 2011-01-27 16:52:49 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock()
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
6ff9c48811 New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
on OpenSSL locking code. Use API in some internal FIPS files.

Remove redundant ENGINE defines from fips.h
2011-01-27 14:29:48 +00:00
Dr. Stephen Henson
c11845a4ab add fips_premain.c.sha1 2011-01-26 01:15:54 +00:00
Dr. Stephen Henson
ec3657f81f add fips_sha1_selftest.c 2011-01-26 01:11:12 +00:00
Dr. Stephen Henson
d69c6653ef add fips/sha files 2011-01-26 01:09:52 +00:00
Dr. Stephen Henson
aaff7a0464 add fips/aes/Makefile 2011-01-26 01:05:48 +00:00
Dr. Stephen Henson
1d44454d6d add fips/des/Makefile 2011-01-26 01:04:53 +00:00
Dr. Stephen Henson
5d3bfb9066 add fips/Makefile 2011-01-26 01:03:54 +00:00
Dr. Stephen Henson
aeb8996c38 add some missing fips files 2011-01-26 00:58:09 +00:00
Dr. Stephen Henson
2b4b28dc32 And so it begins... again.
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.

In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00