Dr. Stephen Henson
4ff2999e88
Add "nopass" for empty password too.
2011-10-19 23:23:35 +00:00
Dr. Stephen Henson
5e4eb9954b
add authentication parameter to FIPS_module_mode_set
2011-10-19 22:34:53 +00:00
Dr. Stephen Henson
5936521495
Print curve type for signature tests.
2011-10-12 22:41:33 +00:00
Dr. Stephen Henson
c1f63b5cb3
ECDH POST selftest failure inducing support.
2011-10-12 13:17:19 +00:00
Dr. Stephen Henson
2bfeb7dc83
Add FIPS selftests for ECDH algorithm.
2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
4420b3b17a
Revise DRBG to split between internal and external flags.
...
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
a11f06b2dc
More extensive DRBG health check. New function to call health check
...
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
...
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
20f12e63ff
Add HMAC DRBG from SP800-90
2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
01a9a7592e
Add functions to return FIPS module version.
2011-07-04 23:38:16 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
6313d628da
Remove superfluous PRNG self tests.
...
Print timer resolution.
2011-05-04 23:17:29 +00:00
Dr. Stephen Henson
e350458a63
Remove useless setting.
2011-05-04 01:09:52 +00:00
Dr. Stephen Henson
fc98a4377d
Use more portable clock_gettime() for fips_test_suite timing.
...
Output times of each subtest.
2011-05-02 11:09:38 +00:00
Dr. Stephen Henson
a32ad6891b
Quick hack to time POST.
2011-05-01 20:54:42 +00:00
Dr. Stephen Henson
b8b6a13a56
Add continuous RNG test to entropy source. Entropy callbacks now need
...
to specify a "block length".
2011-04-21 14:17:15 +00:00
Dr. Stephen Henson
7608978861
Update DRBG to use new POST scheme.
2011-04-20 18:05:05 +00:00
Dr. Stephen Henson
cb1b3aa151
Add AES CCM selftest.
2011-04-19 18:57:58 +00:00
Dr. Stephen Henson
75707a324f
Add "post" option to fips_test_suite to run the POST only and exit.
2011-04-15 20:09:34 +00:00
Dr. Stephen Henson
bf8131f79f
Add XTS selftest, include in fips_test_suite.
2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
706735aea3
Add new POST support to X9.31 PRNG.
2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5
Report each cipher used with CMAC tests.
...
Only add one error to error queue if a specific test type fails.
2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1
Revise fips_test_suite to use table of IDs for human readable strings.
...
Modify HMAC selftest callbacks to notify each digest type used.
2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27
Update CMAC, HMAC, GCM to use new POST system.
...
Fix crash if callback not set.
2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
ded1999702
Change RNG test to block oriented instead of request oriented, add option
...
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
011c865640
Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for
...
test applications.
2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
bb61a6c80d
fix warnings
2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
8e5dbc23df
Remove unused function.
2011-03-25 14:24:23 +00:00
Richard Levitte
37942b93af
Implement FIPS CMAC.
...
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
test cases and build test program.
2011-03-24 22:57:52 +00:00
Dr. Stephen Henson
fbbabb646c
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.
2011-03-16 15:52:12 +00:00
Dr. Stephen Henson
947ff113d2
add ECDSA POST
2011-02-18 17:25:00 +00:00
Dr. Stephen Henson
acf254f86e
AES GCM selftests.
2011-02-18 17:09:33 +00:00
Dr. Stephen Henson
c81f8f59be
Use SHA-256 in fips_test_suite.
2011-02-15 16:58:06 +00:00
Dr. Stephen Henson
e990b4f838
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
...
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8
Change FIPS source and utilities to use the "FIPS_" names directly
...
instead of using regular OpenSSL API names.
2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
2b4b28dc32
And so it begins... again.
...
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00