wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11086 commits 20 branches 302 tags 153 MiB
Commit graph

321 commits

Author SHA1 Message Date
Dr. Stephen Henson
884c33b5c4 Check return codes properly. 2011-09-29 16:24:00 +00:00
Dr. Stephen Henson
54bb3f68e1 Fix output format for DSA2 parameter generation. 2011-09-28 22:35:30 +00:00
Dr. Stephen Henson
a846a7ff32 Add a --disable-all option to disable all tests. 2011-09-25 22:12:39 +00:00
Dr. Stephen Henson
bac3db9cc1 Handle provable prime parameters for canonical g generation which are 
sometimes erroneously included.
 2011-09-25 22:04:43 +00:00
Dr. Stephen Henson
af70f1a35d Run PQGVer test before DSA2 tests. 2011-09-23 01:03:37 +00:00
Dr. Stephen Henson
ddf00ffab8 Typo. 2011-09-22 14:15:07 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function. 
Add explanatory comments to health check code.
 2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
456d883a25 Don't print out errors in cases where errors are expected: testing 
DSA parameter validity and EC public key validity.
 2011-09-21 18:42:12 +00:00
Dr. Stephen Henson
d57cc97f24 Remove unused variable. 2011-09-21 18:36:53 +00:00
Dr. Stephen Henson
05272d4c51 Perform health check on all reseed operations not associated with 
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
 2011-09-21 18:24:12 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags. 
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
 2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
a5799bdc48 Allow reseed interval to be set. 2011-09-18 19:36:27 +00:00
Dr. Stephen Henson
45fcfcb99f clarify comment 2011-09-16 17:40:16 +00:00
Dr. Stephen Henson
e248740d67 Minor code tidy and bug fix: need to set t = s after first pass and 
t and s do not need to have independent values after the first pass
so set t = s.
 2011-09-16 17:35:40 +00:00
Dr. Stephen Henson
b889a6046b Make HMAC kat symbols static. 2011-09-15 14:28:46 +00:00
Dr. Stephen Henson
00b0f2cb3e Fix warning. 2011-09-15 14:08:24 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
93256bf5d1 Update CMAC/HMAC sefltests to use NIDs instead of function pointers. 
Simplify HMAC selftest as each test currently uses the same key and
hash data.
 2011-09-14 15:49:50 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check 
for all DRBG combinations.
 2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
361d18a208 Check length of additional input in DRBG generate function. 2011-09-12 18:45:05 +00:00
Dr. Stephen Henson
de2132de93 Delete strength parameter from FIPS_drbg_generate. It isn't very useful 
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
 2011-09-12 13:20:57 +00:00
Dr. Stephen Henson
9e56c99e1a Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we 
don't set type in FIPS_drbg_new().
 2011-09-12 12:56:20 +00:00
Dr. Stephen Henson
288fe07a6e Fix 3DES Monte Carlo test file output which previously outputted 
extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
 2011-09-11 18:05:40 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm 
tests and POST code.
 2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
d98360392a Put quick DRBG selftest return after first generate operation. 2011-09-07 10:26:38 +00:00
Dr. Stephen Henson
bbb19418e6 Add error codes for DRBG KAT failures. 
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
 2011-09-06 20:46:27 +00:00
Dr. Stephen Henson
ea17b0feec Check reseed interval before generating output. 2011-09-05 15:45:13 +00:00
Dr. Stephen Henson
7634137b8a Place DRBG in error state if health check fails. 2011-09-05 15:32:32 +00:00
Dr. Stephen Henson
74c40744ca Don't perform full DRBG health check on all DRBG types on power up, just 
one shorter KAT per mechanism.
 2011-09-04 22:48:06 +00:00
Dr. Stephen Henson
1567b3904c Update dependencies. 2011-09-04 18:44:28 +00:00
Dr. Stephen Henson
06e771b580 Add header to Makefile. 2011-09-04 18:36:20 +00:00
Dr. Stephen Henson
eb9e63df61 Extension of DRBG selftests using new data. 
Test PR and no PR and test initial generate before the reseed too.

Move selftest data to separate fips_drbg_selftest.h header file.
 2011-09-04 18:35:33 +00:00
Dr. Stephen Henson
fa85c1dbf5 Rename some more symbols for fips module. 2011-09-02 15:10:54 +00:00
Dr. Stephen Henson
d35c284b73 Print private key component is -exout parameter is given. 2011-08-29 16:09:07 +00:00
Dr. Stephen Henson
00220f8111 Fix ecdh primitives test command line. 2011-08-29 15:35:35 +00:00
Dr. Stephen Henson
2abaa9caaf Add support for DSA2 PQG generation of g parameter. 2011-08-27 12:30:47 +00:00
Dr. Stephen Henson
f55f5f775e Add support for canonical generation of DSA parameter g. 
Modify fips_dssvs to support appropriate file format.
 2011-08-26 14:51:49 +00:00
Dr. Stephen Henson
e6133727fb Rename sparc symbols. 2011-08-23 21:06:44 +00:00
Dr. Stephen Henson
46883b67de Correct maximum request length. SP800-90 quotes maximum bits, not bytes. 2011-08-19 23:25:10 +00:00
Dr. Stephen Henson
c20de0386a Fix fipsalgtest.pl to still work with old test vectors. 2011-08-18 16:06:24 +00:00
Dr. Stephen Henson
9015ee1826 Enable rsa-pss0 for non-v2 tests. 2011-08-15 14:50:00 +00:00
Dr. Stephen Henson
7f06921eca Remove redundant assignment. 2011-08-11 13:22:04 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
b38fd40db4 Use "resp" for default directory name for .rsp files. 2011-08-08 18:06:40 +00:00
Dr. Stephen Henson
8d7fbd021b Fix DSA to skip EOL test when parsing mod line. 2011-08-08 14:47:51 +00:00
Dr. Stephen Henson
49e9b97885 Initial support for tests for 2.0 module. Not complete and not all working 
yet.

Allow test type to be determined by a regexp on the pathname. So tests like:

DSA/SigVer, DSA2/SigVer, ECDSA/SigVer, ECDSA2/SigVer can all be
distinguished.
 2011-08-08 14:47:04 +00:00
Dr. Stephen Henson
a678580bb8 Fix warnings. 2011-07-25 21:58:11 +00:00
Dr. Stephen Henson
66b86a4fd5 More symbol renaming. 2011-07-22 14:29:27 +00:00
Andy Polyakov
167cb62537 fips_canister.c: add support for embedded ppc linux. 2011-07-22 09:42:11 +00:00
Dr. Stephen Henson
1ad2e14aaa Rename another symbol. 2011-07-21 13:43:19 +00:00
Dr. Stephen Henson
81c2920849 Add support for ECCCDH test format. 2011-07-18 00:45:05 +00:00
Andy Polyakov
b79853c262 fips/Makefile: HP-UX-specific update. 2011-07-13 22:30:33 +00:00
Richard Levitte
b520e4b1d5 Add a tool that (semi)automatically created the API documentation 
required for FIPS.
 2011-07-05 15:40:58 +00:00
Dr. Stephen Henson
449f2517c6 Rename symbol. 2011-07-05 11:12:41 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Dr. Stephen Henson
fc30530402 Fix CPRNG test for Hash DRBG. 2011-06-26 12:29:26 +00:00
Dr. Stephen Henson
a96b90b66b typo 2011-06-24 15:30:21 +00:00
Dr. Stephen Henson
d1a70cc9eb Add stub for HMAC DRBG. 2011-06-24 14:28:34 +00:00
Dr. Stephen Henson
ce02589259 Now the FIPS capable OpenSSL is available simplify the various FIPS test 
build options.

All fispcanisterbuild builds only build fipscanister.o and include symbol
renaming.

Move all renamed symbols to fipssyms.h

Update README.FIPS
 2011-06-22 12:30:18 +00:00
Dr. Stephen Henson
93dd7d3848 add symbol rename 2011-06-22 11:41:31 +00:00
Dr. Stephen Henson
279a0001b6 Add prototype for null cipher. 2011-06-21 16:14:01 +00:00
Dr. Stephen Henson
ee033faa43 typo 2011-06-20 19:58:12 +00:00
Dr. Stephen Henson
9ebc37e667 add null cipher to FIPS module 2011-06-20 19:48:44 +00:00
Dr. Stephen Henson
fdb65c836c Don't include des.h any more: it is not needed. 2011-06-16 14:12:42 +00:00
Dr. Stephen Henson
1d55dd86dd Allow applications to specify alternative FIPS RAND methods if they 
are sure they are OK.

API to retrieve FIPS rand method.
 2011-06-13 20:28:45 +00:00
Dr. Stephen Henson
b08e372bf6 Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL. 2011-06-12 15:37:51 +00:00
Dr. Stephen Henson
0435dc1902 HMAC fips prototypes 2011-06-12 15:02:53 +00:00
Dr. Stephen Henson
e6e7b4e825 CMAC FIPS prototypes. 2011-06-12 14:11:57 +00:00
Dr. Stephen Henson
603bc9395c more prototypes in fips.h 2011-06-09 15:18:55 +00:00
Dr. Stephen Henson
da9234130a Add more prototypes. 2011-06-09 13:50:53 +00:00
Dr. Stephen Henson
4960411e1f Add flags for DH FIPS method. 
Update/fix prototypes in fips.h
 2011-06-08 15:53:08 +00:00
Dr. Stephen Henson
7f0d1be3a6 Add prototypes for some FIPS EC functions. 2011-06-06 15:24:02 +00:00
Dr. Stephen Henson
644ce07ecd Move function prototype to fips.h 2011-06-06 11:56:58 +00:00
Richard Levitte
8d515259e2 No spaces in assignements in a shell script... 2011-06-04 09:00:59 +00:00
Dr. Stephen Henson
549c4ad35b Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is 
FIPS capable: i.e. FIPS module is supplied externally.
 2011-06-03 16:26:58 +00:00
Dr. Stephen Henson
267229b141 Constify RSA signature buffer. 2011-06-03 12:38:18 +00:00
Dr. Stephen Henson
0cabe4e172 Move FIPS RSA function definitions to fips.h 
New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
 2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
e7ee10d3dc Clone digest prototypes. 2011-06-01 14:18:28 +00:00
Dr. Stephen Henson
bce1af7762 Add DSA and ECDSA "clone digests" to module for compatibility with old 
applications.
 2011-06-01 14:07:32 +00:00
Dr. Stephen Henson
06843f826f Fake CPU caps so fips_standalone_sha1 compiles. 
Initialise update function for bad digest inits.
 2011-05-31 16:22:21 +00:00
Dr. Stephen Henson
3e2e231852 Add more cipher prototypes. 2011-05-29 16:16:55 +00:00
Dr. Stephen Henson
87829ac926 Prototypes for more FIPS functions for use in FIPS capable OpenSSL. 2011-05-29 15:56:23 +00:00
Dr. Stephen Henson
c33066900c Add FIPS_digestinit prototype for FIPS capable OpenSSL. 2011-05-28 23:02:23 +00:00
Dr. Stephen Henson
f87ff24bc4 Add prototypes for FIPS EVP implementations: for use in FIPS capable 
OpenSSL.
 2011-05-28 21:03:31 +00:00
Dr. Stephen Henson
9a205e5981 Rename many internal only module functions from FIPS_* to fips_*. 2011-05-27 21:11:54 +00:00
Dr. Stephen Henson
eb62cd807b Typo. 2011-05-26 22:01:49 +00:00
Dr. Stephen Henson
64f5178d67 Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld. 
Use current directory for fips_premain_dso
 2011-05-26 21:20:14 +00:00
Dr. Stephen Henson
e558c2aa3f In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative 
location for libcrypto.a, support shared library builds in different
source tree.
 2011-05-26 21:15:45 +00:00
Dr. Stephen Henson
ed0a35f222 Install fips_standalone_sha1 and make use of it in fipsld script. 2011-05-26 13:59:11 +00:00
Dr. Stephen Henson
ecfe2d1753 More symbol renaming. 2011-05-25 16:01:37 +00:00
Dr. Stephen Henson
73ab341130 PR: 2522 
Submitted by: Henrik Grindal Bakken <henribak@cisco.com>

Don't compare past end of buffer.
 2011-05-23 12:27:43 +00:00
Dr. Stephen Henson
f76b1baf86 Fix error discrepancy. 2011-05-12 14:28:09 +00:00
Andy Polyakov
f24e95b72c fips_canister.c: pick more neutral macro name. 2011-05-11 20:17:06 +00:00
Dr. Stephen Henson
2f38b38986 Set FIPS mode for values other than 1. The only current effect 
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.
 2011-05-11 14:49:01 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
7919c07947 Typo. 2011-05-10 10:57:03 +00:00
Andy Polyakov
ab67c517ae fips_canister.c: fix typo. 2011-05-10 10:03:23 +00:00
Andy Polyakov
31b46ebb62 fips_canister.c: initial support for cross-compiling. "Initial" refers 
to the two-entry list of verified platforms in #ifndef
FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
 2011-05-10 09:53:59 +00:00
Dr. Stephen Henson
dc7995eeb8 Initialise rc. 2011-05-09 21:21:29 +00:00