generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,690 Commits 16 Branches 258 Tags
Commit Graph

52 Commits

Author SHA1 Message Date
Andy Polyakov
0ae1672287 Add support for Android 5, both 32- and 64-bit cases. 
Special note about additional -pie flag in android-armv7. The initial
reason for adding it is that Android 5 refuses to execute non-PIE
binaries. But what about older systems and previously validated
platforms? It should be noted that flag is not used when compiling
object code, fipscanister.o in this context, only when linking
applications, *supplementary* fips_algvs used during validation
procedure.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82)

Resolved conflicts:
	test/fips_algvs.c
 2015-05-13 18:04:56 +02:00
Andy Polyakov
f447329da7 Configure: add ios-cross target with ARM assembly support. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8)

Resolved conflicts:
	Configure
	config
 2015-05-13 18:02:21 +02:00
Dr. Stephen Henson
6fb0806b01 Add verbose option to fips_test_suite to give additional details of 
all operations.

Add ecdsa test.

Test crypto operations are inhibited on test failures.

Test on demand POST.
 2013-01-23 02:57:36 +00:00
Dr. Stephen Henson
b1adc971b4 Make DES3 and ECDSA self tests continue with remaining cases on 
failure.

Make fips_test_suite induced failure work on every possible subtest instead
of just categories of subtest.
 2012-12-28 20:19:10 +00:00
Dr. Stephen Henson
476e7e4972 Add tests to ensure ECDSA key gen and DSA signing fails if DRBG 
entropy source fails.
 2011-12-03 19:41:28 +00:00
Dr. Stephen Henson
8a794abd9d Update fips_test_suite to take multiple command line options and 
an induced error checking function.
 2011-11-06 12:52:27 +00:00
Dr. Stephen Henson
df64f34e84 make post failure simulation reversible in all cases 2011-11-05 18:15:01 +00:00
Dr. Stephen Henson
485ef852ac Add single call public key sign and verify functions. 2011-11-05 01:32:52 +00:00
Dr. Stephen Henson
b7de76b74d Add support for memory leak checking in fips_algvs. 
Fix many memory leaks in algorithm test utilities.
 2011-11-02 19:16:43 +00:00
Dr. Stephen Henson
d5939062d7 Replace exit calls with return in fips_test_suite 2011-11-02 00:07:15 +00:00
Dr. Stephen Henson
8b8096d082 Add support for multicall fips_algvs utility combining functionality 
of all fips test utilities in a single binary and some minimal script
parsing for platforms lacking a suitable shell.

In order to keep changes to the build system to a minimum it #includes all
the utilities C source files (yuck).
 2011-11-01 13:45:30 +00:00
Dr. Stephen Henson
4ff2999e88 Add "nopass" for empty password too. 2011-10-19 23:23:35 +00:00
Dr. Stephen Henson
5e4eb9954b add authentication parameter to FIPS_module_mode_set 2011-10-19 22:34:53 +00:00
Dr. Stephen Henson
5936521495 Print curve type for signature tests. 2011-10-12 22:41:33 +00:00
Dr. Stephen Henson
c1f63b5cb3 ECDH POST selftest failure inducing support. 2011-10-12 13:17:19 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags. 
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
 2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check 
for all DRBG combinations.
 2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm 
tests and POST code.
 2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
6313d628da Remove superfluous PRNG self tests. 
Print timer resolution.
 2011-05-04 23:17:29 +00:00
Dr. Stephen Henson
e350458a63 Remove useless setting. 2011-05-04 01:09:52 +00:00
Dr. Stephen Henson
fc98a4377d Use more portable clock_gettime() for fips_test_suite timing. 
Output times of each subtest.
 2011-05-02 11:09:38 +00:00
Dr. Stephen Henson
a32ad6891b Quick hack to time POST. 2011-05-01 20:54:42 +00:00
Dr. Stephen Henson
b8b6a13a56 Add continuous RNG test to entropy source. Entropy callbacks now need 
to specify a "block length".
 2011-04-21 14:17:15 +00:00
Dr. Stephen Henson
7608978861 Update DRBG to use new POST scheme. 2011-04-20 18:05:05 +00:00
Dr. Stephen Henson
cb1b3aa151 Add AES CCM selftest. 2011-04-19 18:57:58 +00:00
Dr. Stephen Henson
75707a324f Add "post" option to fips_test_suite to run the POST only and exit. 2011-04-15 20:09:34 +00:00
Dr. Stephen Henson
bf8131f79f Add XTS selftest, include in fips_test_suite. 2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
706735aea3 Add new POST support to X9.31 PRNG. 2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5 Report each cipher used with CMAC tests. 
Only add one error to error queue if a specific test type fails.
 2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1 Revise fips_test_suite to use table of IDs for human readable strings. 
Modify HMAC selftest callbacks to notify each digest type used.
 2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system. 
Fix crash if callback not set.
 2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls 
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
 2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option 
to test a "stuck" DRBG.
 2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
011c865640 Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for 
test applications.
 2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
bb61a6c80d fix warnings 2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
8e5dbc23df Remove unused function. 2011-03-25 14:24:23 +00:00
Richard Levitte
37942b93af Implement FIPS CMAC. 
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
  test cases and build test program.
 2011-03-24 22:57:52 +00:00
Dr. Stephen Henson
fbbabb646c Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. 2011-03-16 15:52:12 +00:00
Dr. Stephen Henson
947ff113d2 add ECDSA POST 2011-02-18 17:25:00 +00:00
Dr. Stephen Henson
acf254f86e AES GCM selftests. 2011-02-18 17:09:33 +00:00
Dr. Stephen Henson
c81f8f59be Use SHA-256 in fips_test_suite. 2011-02-15 16:58:06 +00:00
Dr. Stephen Henson
e990b4f838 Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new 
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
 2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8 Change FIPS source and utilities to use the "FIPS_" names directly 
instead of using regular OpenSSL API names.
 2011-02-12 18:25:18 +00:00