generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,053 Commits 16 Branches 258 Tags
Commit Graph

141 Commits

Author SHA1 Message Date
Dr. Stephen Henson
cb1b3aa151 Add AES CCM selftest. 2011-04-19 18:57:58 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
b3a45e7db5 CCM encrypt algorithm test support. 2011-04-18 16:31:11 +00:00
Dr. Stephen Henson
ca8630ba81 Remove shlib_wrap.sh as it is not needed (all algorithm tests are 
staticly linked to fipscanister.o). Add option to generate a shell
script to run all tests: this is useful for platforms that don't have
perl.
 2011-04-17 15:39:47 +00:00
Dr. Stephen Henson
764ef43962 Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp 
search of the file to determine its type. This will be needed for other tests
later...
 2011-04-16 23:54:19 +00:00
Dr. Stephen Henson
75707a324f Add "post" option to fips_test_suite to run the POST only and exit. 2011-04-15 20:09:34 +00:00
Dr. Stephen Henson
bf8131f79f Add XTS selftest, include in fips_test_suite. 2011-04-15 11:30:19 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
706735aea3 Add new POST support to X9.31 PRNG. 2011-04-14 18:29:49 +00:00
Dr. Stephen Henson
8f331999f5 Report each cipher used with CMAC tests. 
Only add one error to error queue if a specific test type fails.
 2011-04-14 16:38:20 +00:00
Dr. Stephen Henson
9338f290d1 Revise fips_test_suite to use table of IDs for human readable strings. 
Modify HMAC selftest callbacks to notify each digest type used.
 2011-04-14 16:14:41 +00:00
Dr. Stephen Henson
8038511c27 Update CMAC, HMAC, GCM to use new POST system. 
Fix crash if callback not set.
 2011-04-14 13:10:00 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
114c8e220b Use consistent FIPS tarball name. 
Add XTS to FIPS build.

Hide XTS symbol names.
 2011-04-12 23:59:05 +00:00
Dr. Stephen Henson
4bd1e895fa Update fips_pkey_signature_test: use fixed string if supplies tbs is 
NULL. Always allocate signature buffer.

Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice
to file.
 2011-04-12 17:41:53 +00:00
Dr. Stephen Henson
9b08dbe903 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key 
and SHA384. Use fips_pkey_signature_test().
 2011-04-12 16:26:52 +00:00
Dr. Stephen Henson
3d607309e6 Update RSA selftest code to use a 2048 bit RSA and only a single KAT 
for PSS+SHA256
 2011-04-12 15:38:34 +00:00
Dr. Stephen Henson
49cb5e0b40 Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx 
when performing ECDSA selftest.
 2011-04-12 14:28:06 +00:00
Dr. Stephen Henson
e2abfd58cc Stop warning and fix memory leaks. 2011-04-12 13:02:56 +00:00
Dr. Stephen Henson
6223352683 Update ECDSA selftest to use hard coded private keys. Include tests for 
prime and binary fields.
 2011-04-12 11:49:35 +00:00
Dr. Stephen Henson
1a4d93bfb5 Update fips_premain.c fingerprint. 2011-04-12 11:48:00 +00:00
Dr. Stephen Henson
63c82f8abb Update copyright year. 
Zero ciphertext and plaintext temporary buffers.

Check FIPS_cipher() return value.
 2011-04-11 21:32:51 +00:00
Dr. Stephen Henson
6909dccc32 Set length to 41 (40 hex characters + null). 2011-04-11 14:50:11 +00:00
Dr. Stephen Henson
ac319dd82b Typo: fix duplicate call. 2011-04-10 23:32:19 +00:00
Dr. Stephen Henson
55e328f580 Add error for health check failure. 
Rebuild all FIPS error codes to clean out old obsolete codes.
 2011-04-09 17:46:31 +00:00
Dr. Stephen Henson
f3823ddfcf Before initalising a live DRBG (i.e. not in test mode) run a complete health 
check on a DRBG of the same type.
 2011-04-09 17:27:07 +00:00
Dr. Stephen Henson
68ea88b8d1 New function to return security strength of PRNG. 2011-04-09 16:49:59 +00:00
Dr. Stephen Henson
6653c6f2e8 Update OpenSSL DRBG support code. Use date time vector as additional data. 
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
 2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
42bd0a6b3c Update fipssyms.h to keep all symbols in FIPS,fips namespace. 
Rename drbg_cprng_test to fips_drbg_cprng_test.

Remove rand files from Makefile.fips.
 2011-04-05 15:48:05 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls 
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
 2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
8776ef63c1 Change FIPS locking functions to macros so we get useful line information. 
Set fips_thread_set properly.
 2011-04-04 15:38:21 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option 
to test a "stuck" DRBG.
 2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
7d48743b95 restore .cvsignore 2011-04-01 18:40:30 +00:00
Dr. Stephen Henson
b26f324824 delete lib file 2011-04-01 18:40:05 +00:00
Dr. Stephen Henson
02eb92abad temporarily update .cvsignore 2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
e5cadaf8db Only zeroise sensitive parts of DRBG context, so the type and flags 
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
 2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
8cf88778ea Allow FIPS malloc callback setting. Automatically set some callbacks 
in OPENSSL_init().
 2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
011c865640 Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for 
test applications.
 2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c Unused, untested, provisional RAND interface for DRBG. 2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35 Remove redundant definitions. Give error code if DRBG sefltest fails. 2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245 Reorganise DRBG API so the entropy and nonce callbacks can return a 
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
 2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
bb61a6c80d fix warnings 2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
5198009885 Add .cvsignore 2011-03-25 16:37:30 +00:00
Dr. Stephen Henson
cd22dfbf01 Have all algorithm test programs call fips_algtest_init() at startup: 
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
 2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
d4178c8fb1 Disable cmac tests by default so the old algorithm test vectors work. 2011-03-25 16:34:20 +00:00
Dr. Stephen Henson
dad7851485 Allow setting of get_entropy and get_nonce callbacks outside test mode. 
Test mode is now set when a DRBG context is initialised.
 2011-03-25 14:38:37 +00:00
Dr. Stephen Henson
9db6974f77 Add .cvsignore 2011-03-25 14:26:23 +00:00