Remove fipscanister from Configure, delete fips directory Reviewed-by: Tim Hudson <tjh@openssl.org>
check for unset entropy and nonce callbacks
make post failure simulation reversible in all cases
Check for selftest failure in various places.
Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX.
Fix error codes.
Fix warnings.
Use function name FIPS_drbg_health_check() for health check function. Add explanatory comments to health check code.
Perform health check on all reseed operations not associated with prediction resistance requests. Although SP 800-90 is arguably unclear on whether this is necessary adding an additional check has minimal penalty (very few applications will make an explicit reseed request).
Revise DRBG to split between internal and external flags. One demand health check function. Perform generation test in fips_test_suite. Option to skip dh test if fips_test_suite.
Allow reseed interval to be set.
Check length of additional input in DRBG generate function.
Delete strength parameter from FIPS_drbg_generate. It isn't very useful (strength can be queried using FIPS_drbg_get_strength ) and adds a substantial extra overhead to health check (need to check every combination of parameters).
Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we don't set type in FIPS_drbg_new().
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm tests and POST code.
Check reseed interval before generating output.
Place DRBG in error state if health check fails.
Add HMAC DRBG from SP800-90
Add stub for HMAC DRBG.
PR: 2522 Submitted by: Henrik Grindal Bakken <henribak@cisco.com> Don't compare past end of buffer.