Dr. Stephen Henson
b7de76b74d
Add support for memory leak checking in fips_algvs.
...
Fix many memory leaks in algorithm test utilities.
2011-11-02 19:16:43 +00:00
Dr. Stephen Henson
8b8096d082
Add support for multicall fips_algvs utility combining functionality
...
of all fips test utilities in a single binary and some minimal script
parsing for platforms lacking a suitable shell.
In order to keep changes to the build system to a minimum it #includes all
the utilities C source files (yuck).
2011-11-01 13:45:30 +00:00
Dr. Stephen Henson
a2b6dc97f6
Handle partial test where H is absent: needed to check g generation.
2011-10-12 17:03:15 +00:00
Dr. Stephen Henson
a854818ea9
Handle broken test on verify too.
2011-10-12 15:32:57 +00:00
Dr. Stephen Henson
4cc2bbab67
Make fips algorithm test utilities use RESP_EOL for end of line character(s).
...
This should be CRLF even under *nix.
2011-10-01 20:42:52 +00:00
Dr. Stephen Henson
10465aca60
Never echo Num lines for PQGGen DSA2 test.
2011-09-30 11:58:59 +00:00
Dr. Stephen Henson
3f1ebb8f42
make depend
2011-09-29 23:17:59 +00:00
Dr. Stephen Henson
54bb3f68e1
Fix output format for DSA2 parameter generation.
2011-09-28 22:35:30 +00:00
Dr. Stephen Henson
bac3db9cc1
Handle provable prime parameters for canonical g generation which are
...
sometimes erroneously included.
2011-09-25 22:04:43 +00:00
Dr. Stephen Henson
456d883a25
Don't print out errors in cases where errors are expected: testing
...
DSA parameter validity and EC public key validity.
2011-09-21 18:42:12 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Dr. Stephen Henson
2abaa9caaf
Add support for DSA2 PQG generation of g parameter.
2011-08-27 12:30:47 +00:00
Dr. Stephen Henson
f55f5f775e
Add support for canonical generation of DSA parameter g.
...
Modify fips_dssvs to support appropriate file format.
2011-08-26 14:51:49 +00:00
Dr. Stephen Henson
8d7fbd021b
Fix DSA to skip EOL test when parsing mod line.
2011-08-08 14:47:51 +00:00
Dr. Stephen Henson
a678580bb8
Fix warnings.
2011-07-25 21:58:11 +00:00
Dr. Stephen Henson
ad4784953d
Return error codes for selftest failure instead of hard assertion errors.
2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
4bd1e895fa
Update fips_pkey_signature_test: use fixed string if supplies tbs is
...
NULL. Always allocate signature buffer.
Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903
Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key
...
and SHA384. Use fips_pkey_signature_test().
2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
cd22dfbf01
Have all algorithm test programs call fips_algtest_init() at startup:
...
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
12b77cbec3
Remove need for redirection on RNG and DSS algorithm test programs: some
...
platforms don't support it.
2011-03-08 13:27:29 +00:00
Dr. Stephen Henson
949c6f8ccf
Stop warnings.
2011-02-23 16:06:33 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
37eae9909a
Remove unnecessary dependencies.
2011-02-21 17:35:53 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
e990b4f838
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
...
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8
Change FIPS source and utilities to use the "FIPS_" names directly
...
instead of using regular OpenSSL API names.
2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
ee9884654b
Cope with new DSA2 file format where some p/q only tests are made.
2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
a5b196a22c
Add sign/verify digest API to handle an explicit digest instead of finalising
...
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8
Remove DSA parameter generation from DSA selftest. It is unnecessary and
...
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b
Don't try to set pmd if it is NULL.
2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d
Add DSA2 support to final algorithm tests: keypair and keyver.
2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8
Support more DSA2 tests.
2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
7f64c26588
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4
Provisional, experimental support for DSA2 parameter generation algorithm.
...
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
e36d6b8f79
add fips_dsatest.c file
2011-01-27 16:52:49 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
2b4b28dc32
And so it begins... again.
...
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00