Dr. Stephen Henson
b5dd178740
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
98279c1629
Typo.
2011-04-18 21:01:24 +00:00
Andy Polyakov
a0cc46f8e4
ccm128.c: fix Win32 compiler warning.
2011-04-18 20:19:23 +00:00
Andy Polyakov
70d01a7f82
perlasm/x86[nm]asm.pl: make OPENSSL_instrument_bus[2] compile.
2011-04-18 20:18:03 +00:00
Andy Polyakov
5f1b10ed2e
ccm128.c: fix STRICT_ALIGNMENT another bug in CRYPTO_ccm128_decrypt.
2011-04-18 19:17:28 +00:00
Dr. Stephen Henson
62dc7ed67c
Override flag for XTS length limit.
2011-04-18 17:31:28 +00:00
Dr. Stephen Henson
2391681082
Initial untested CCM support via EVP.
2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
6386b1b34d
Compile ccm128.c, move some structures to modes_lcl.h add prototypes.
2011-04-18 13:15:37 +00:00
Dr. Stephen Henson
3b4a855778
Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf
...
field which is not unused for custom ciphers.
2011-04-18 11:28:41 +00:00
Andy Polyakov
5fabb88a78
Multiple assembler packs: add experimental memory bus instrumentation.
2011-04-17 12:46:00 +00:00
Andy Polyakov
7e5b4d6779
ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt.
2011-04-16 22:57:58 +00:00
Dr. Stephen Henson
45321c41e2
Add length limitation from SP800-38E.
2011-04-15 12:01:53 +00:00
Dr. Stephen Henson
bf8131f79f
Add XTS selftest, include in fips_test_suite.
2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
06b7e5a0e4
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f
Remove duplicate flag.
2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
49cb5e0b40
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
...
when performing ECDSA selftest.
2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
364ce53cef
No need to disable leak checking for FIPS builds now we use internal
...
memory callbacks.
2011-04-12 13:01:40 +00:00
Dr. Stephen Henson
48da9b8f2a
Fix warning.
2011-04-11 14:52:59 +00:00
Dr. Stephen Henson
1f91af5e56
remove ENGINE dependency from ecdh
2011-04-10 01:14:25 +00:00
Dr. Stephen Henson
55e328f580
Add error for health check failure.
...
Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
31360957fb
DH keys have an (until now) unused 'q' parameter. When creating
...
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357
Only use fake rand once per operation. This stops the EC
...
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975
Add missing error code strings.
2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
acd410dc15
check buffer is larger enough before overwriting
2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
ab1415d2f5
Updated error codes for FIPS library.
2011-04-04 17:05:09 +00:00
Andy Polyakov
7af0400297
gcm128.c: fix shadow warnings.
2011-04-04 15:24:09 +00:00
Dr. Stephen Henson
1d59fe5267
Disable test fprintf.
2011-04-04 14:52:20 +00:00
Dr. Stephen Henson
ded1999702
Change RNG test to block oriented instead of request oriented, add option
...
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
a255e5bc98
check RAND_pseudo_bytes return value
2011-04-04 14:43:20 +00:00
Andy Polyakov
e512375186
ARM assembler pack: add missing arm_arch.h.
2011-04-01 21:09:09 +00:00
Andy Polyakov
1e86318091
ARM assembler pack: profiler-assisted optimizations and NEON support.
2011-04-01 20:58:34 +00:00
Andy Polyakov
d8d958323b
gcm128.c: tidy up, minor optimization, rearrange gcm128_context.
2011-04-01 20:52:35 +00:00
Dr. Stephen Henson
30b26b551f
restore .cvsignore
2011-04-01 18:49:24 +00:00
Dr. Stephen Henson
02eb92abad
temporarily update .cvsignore
2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
8cf88778ea
Allow FIPS malloc callback setting. Automatically set some callbacks
...
in OPENSSL_init().
2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
c4acfb1fd0
Add additional OPENSSL_init() handling add dummy call to (hopefully)
...
ensure OPENSSL_init() is always linked into an application.
2011-04-01 15:46:03 +00:00
Dr. Stephen Henson
3f7468318d
Provisional support for auto called OPENSSL_init() function. This can be
...
used to set up any appropriate functions such as FIPS callbacks without
requiring an explicit application call.
2011-04-01 14:49:30 +00:00
Dr. Stephen Henson
e06de4dd35
Remove redundant definitions. Give error code if DRBG sefltest fails.
2011-03-31 17:23:12 +00:00
Richard Levitte
3a660e7364
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:20:35 +00:00
Dr. Stephen Henson
97057a1a7d
Make some Unix builds work again.
2011-03-25 12:09:29 +00:00
Richard Levitte
4ec3e8ca51
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:40:48 +00:00
Richard Levitte
5d0137aa14
make update
2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3
* Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
...
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
disabled by default. If we don't do it this way, it screws up
libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
399aa6b5ff
Implement FIPS CMAC.
...
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00