wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10028 commits 20 branches 302 tags 153 MiB
Commit graph

131 commits

Author SHA1 Message Date
Dr. Stephen Henson
9338f290d1 Revise fips_test_suite to use table of IDs for human readable strings. 
Modify HMAC selftest callbacks to notify each digest type used.
 2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system. 
Fix crash if callback not set.
 2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
114c8e220b Use consistent FIPS tarball name. 
Add XTS to FIPS build.

Hide XTS symbol names.
 2011-04-12 23:59:05 +00:00
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is 
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
 2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key 
and SHA384. Use fips_pkey_signature_test().
 2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6 Update RSA selftest code to use a 2048 bit RSA and only a single KAT 
for PSS+SHA256
 2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx 
when performing ECDSA selftest.
 2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc Stop warning and fix memory leaks. 2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
6223352683 Update ECDSA selftest to use hard coded private keys. Include tests for 
prime and binary fields.
 2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5 Update fips_premain.c fingerprint. 2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb Update copyright year. 
Zero ciphertext and plaintext temporary buffers.

Check FIPS_cipher() return value.
 2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
6909dccc32 Set length to 41 (40 hex characters + null). 2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
ac319dd82b Typo: fix duplicate call. 2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure. 
Rebuild all FIPS error codes to clean out old obsolete codes.
 2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf Before initalising a live DRBG (i.e. not in test mode) run a complete health 
check on a DRBG of the same type.
 2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1 New function to return security strength of PRNG. 2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data. 
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
 2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
42bd0a6b3c Update fipssyms.h to keep all symbols in FIPS,fips namespace. 
Rename drbg_cprng_test to fips_drbg_cprng_test.

Remove rand files from Makefile.fips.
 2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls 
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
 2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
8776ef63c1 Change FIPS locking functions to macros so we get useful line information. 
Set fips_thread_set properly.
 2011-04-04 15:38:21 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option 
to test a "stuck" DRBG.
 2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
7d48743b95 restore .cvsignore 2011-04-01 18:40:30 +00:00
Dr. Stephen Henson
b26f324824 delete lib file 2011-04-01 18:40:05 +00:00
Dr. Stephen Henson
02eb92abad temporarily update .cvsignore 2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
e5cadaf8db Only zeroise sensitive parts of DRBG context, so the type and flags 
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
 2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
8cf88778ea Allow FIPS malloc callback setting. Automatically set some callbacks 
in OPENSSL_init().
 2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
011c865640 Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for 
test applications.
 2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c Unused, untested, provisional RAND interface for DRBG. 2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35 Remove redundant definitions. Give error code if DRBG sefltest fails. 2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245 Reorganise DRBG API so the entropy and nonce callbacks can return a 
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
 2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
bb61a6c80d fix warnings 2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
5198009885 Add .cvsignore 2011-03-25 16:37:30 +00:00
Dr. Stephen Henson
cd22dfbf01 Have all algorithm test programs call fips_algtest_init() at startup: 
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
 2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
d4178c8fb1 Disable cmac tests by default so the old algorithm test vectors work. 2011-03-25 16:34:20 +00:00
Dr. Stephen Henson
dad7851485 Allow setting of get_entropy and get_nonce callbacks outside test mode. 
Test mode is now set when a DRBG context is initialised.
 2011-03-25 14:38:37 +00:00
Dr. Stephen Henson
9db6974f77 Add .cvsignore 2011-03-25 14:26:23 +00:00
Dr. Stephen Henson
8e5dbc23df Remove unused function. 2011-03-25 14:24:23 +00:00
Dr. Stephen Henson
bd7e6bd44b Fix compiler warnings. 2011-03-25 12:36:02 +00:00
Richard Levitte
e775bbc464 * fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B 
aren't trustworthy (see examples 13 and 14, they have the same mac,
  as do examples 17 and 18), use examples from official test vectors
  instead.
 2011-03-25 09:24:02 +00:00
Richard Levitte
d8ba2a42e9 * fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers 
we support.
 2011-03-25 08:48:26 +00:00
Richard Levitte
af267e4315 * fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support 
both names.
 2011-03-25 08:44:37 +00:00
Richard Levitte
d15467d582 * fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we 
support (Two Key TDEA is not supported), to handle really big
  messages (some of the test vectors have messages 65536 bytes long),
  and to handle cases where there are several keys (Three Key TDEA)
 2011-03-25 08:40:33 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
37942b93af Implement FIPS CMAC. 
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
  test cases and build test program.
 2011-03-24 22:57:52 +00:00
Richard Levitte
399aa6b5ff Implement FIPS CMAC. 
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
 2011-03-24 22:55:02 +00:00
Dr. Stephen Henson
beb895083c Free DRBG context in self tests. 2011-03-21 14:40:57 +00:00