Commit graph

16 commits

Author SHA1 Message Date
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
e990b4f838 Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8 Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.
2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
ee9884654b Cope with new DSA2 file format where some p/q only tests are made. 2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8 Remove DSA parameter generation from DSA selftest. It is unnecessary and
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b Don't try to set pmd if it is NULL. 2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d Add DSA2 support to final algorithm tests: keypair and keyver. 2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8 Support more DSA2 tests. 2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm.
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.

Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
e36d6b8f79 add fips_dsatest.c file 2011-01-27 16:52:49 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
2b4b28dc32 And so it begins... again.
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.

In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00