Dr. Stephen Henson
f3823ddfcf
Before initalising a live DRBG (i.e. not in test mode) run a complete health
...
check on a DRBG of the same type.
2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1
New function to return security strength of PRNG.
2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
31360957fb
DH keys have an (until now) unused 'q' parameter. When creating
...
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
d80399a357
Only use fake rand once per operation. This stops the EC
...
pairwise consistency test interfering with the test.
2011-04-06 23:42:55 +00:00
Dr. Stephen Henson
d7a3ce989c
Update CHANGES.
2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
1ee49722dc
Add fips hmac key to dgst utility.
2011-04-06 23:40:46 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
4c8855b975
Add missing error code strings.
2011-04-06 18:17:05 +00:00
Dr. Stephen Henson
e71bbd26e7
Remove rand files from fipscanister.o
2011-04-06 18:16:44 +00:00
Dr. Stephen Henson
acd410dc15
check buffer is larger enough before overwriting
2011-04-06 18:06:41 +00:00
Dr. Stephen Henson
161cc82df1
updated FIPS status
2011-04-06 13:40:36 +00:00
Dr. Stephen Henson
42bd0a6b3c
Update fipssyms.h to keep all symbols in FIPS,fips namespace.
...
Rename drbg_cprng_test to fips_drbg_cprng_test.
Remove rand files from Makefile.fips.
2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0
FIPS mode support for openssl utility: doesn't work properly yet due
...
to missing DRBG support in libcrypto.
2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5
Updated error codes for FIPS library.
2011-04-04 17:05:09 +00:00
Dr. Stephen Henson
f4bd65dae3
Set error code is additional data callback fails.
2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ac1ee8e877
Use environment when builds libcrypto shared library so CC value is picked up
...
in FIPS builds.
2011-04-04 17:01:58 +00:00
Dr. Stephen Henson
8776ef63c1
Change FIPS locking functions to macros so we get useful line information.
...
Set fips_thread_set properly.
2011-04-04 15:38:21 +00:00
Andy Polyakov
7af0400297
gcm128.c: fix shadow warnings.
2011-04-04 15:24:09 +00:00
Dr. Stephen Henson
1d59fe5267
Disable test fprintf.
2011-04-04 14:52:20 +00:00
Dr. Stephen Henson
ded1999702
Change RNG test to block oriented instead of request oriented, add option
...
to test a "stuck" DRBG.
2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
a255e5bc98
check RAND_pseudo_bytes return value
2011-04-04 14:43:20 +00:00
Dr. Stephen Henson
4058861f69
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93
PR: 2458
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5
PR: 2457
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
2011-04-03 15:47:58 +00:00
Dr. Stephen Henson
3b5c1dc565
Make WIN32 static builds work again.
2011-04-02 16:51:04 +00:00
Andy Polyakov
e512375186
ARM assembler pack: add missing arm_arch.h.
2011-04-01 21:09:09 +00:00
Andy Polyakov
1e86318091
ARM assembler pack: profiler-assisted optimizations and NEON support.
2011-04-01 20:58:34 +00:00
Andy Polyakov
d8d958323b
gcm128.c: tidy up, minor optimization, rearrange gcm128_context.
2011-04-01 20:52:35 +00:00
Dr. Stephen Henson
30b26b551f
restore .cvsignore
2011-04-01 18:49:24 +00:00
Dr. Stephen Henson
7d48743b95
restore .cvsignore
2011-04-01 18:40:30 +00:00
Dr. Stephen Henson
b26f324824
delete lib file
2011-04-01 18:40:05 +00:00
Dr. Stephen Henson
02eb92abad
temporarily update .cvsignore
2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
e5cadaf8db
Only zeroise sensitive parts of DRBG context, so the type and flags
...
are undisturbed.
Allow setting of "rand" callbacks for DRBG.
2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
8cf88778ea
Allow FIPS malloc callback setting. Automatically set some callbacks
...
in OPENSSL_init().
2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
c4acfb1fd0
Add additional OPENSSL_init() handling add dummy call to (hopefully)
...
ensure OPENSSL_init() is always linked into an application.
2011-04-01 15:46:03 +00:00
Dr. Stephen Henson
3f7468318d
Provisional support for auto called OPENSSL_init() function. This can be
...
used to set up any appropriate functions such as FIPS callbacks without
requiring an explicit application call.
2011-04-01 14:49:30 +00:00
Dr. Stephen Henson
011c865640
Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for
...
test applications.
2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c
Unused, untested, provisional RAND interface for DRBG.
2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35
Remove redundant definitions. Give error code if DRBG sefltest fails.
2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245
Reorganise DRBG API so the entropy and nonce callbacks can return a
...
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
bb61a6c80d
fix warnings
2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
79837e8c10
Update .cvsignore
2011-03-25 16:41:11 +00:00
Dr. Stephen Henson
5198009885
Add .cvsignore
2011-03-25 16:37:30 +00:00
Dr. Stephen Henson
cd22dfbf01
Have all algorithm test programs call fips_algtest_init() at startup:
...
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
d4178c8fb1
Disable cmac tests by default so the old algorithm test vectors work.
2011-03-25 16:34:20 +00:00
Richard Levitte
3a660e7364
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:20:35 +00:00
Dr. Stephen Henson
dad7851485
Allow setting of get_entropy and get_nonce callbacks outside test mode.
...
Test mode is now set when a DRBG context is initialised.
2011-03-25 14:38:37 +00:00
Dr. Stephen Henson
9db6974f77
Add .cvsignore
2011-03-25 14:26:23 +00:00