openssl.git
8 years agobn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to
Andy Polyakov [Mon, 17 Oct 2011 17:20:48 +0000 (17:20 +0000)]
bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to
be shifted in specific cases.

8 years agoEngage bsaes-x86_64.pl, bit-sliced AES.
Andy Polyakov [Mon, 17 Oct 2011 17:10:54 +0000 (17:10 +0000)]
Engage bsaes-x86_64.pl, bit-sliced AES.

8 years agoL=3072, N=256 provides 128 bits of security not 112.
Dr. Stephen Henson [Sun, 16 Oct 2011 12:31:49 +0000 (12:31 +0000)]
L=3072, N=256 provides 128 bits of security not 112.

8 years agoAdd android-x86.
Andy Polyakov [Sat, 15 Oct 2011 08:32:16 +0000 (08:32 +0000)]
Add android-x86.

8 years agoClarify usage message.
Dr. Stephen Henson [Fri, 14 Oct 2011 23:51:58 +0000 (23:51 +0000)]
Clarify usage message.

8 years agomore vxworks patches
Dr. Stephen Henson [Fri, 14 Oct 2011 22:04:14 +0000 (22:04 +0000)]
more vxworks patches

8 years agoAllow override of GCCVER and noexecstack checking from environment.
Dr. Stephen Henson [Fri, 14 Oct 2011 17:28:10 +0000 (17:28 +0000)]
Allow override of GCCVER and noexecstack checking from environment.

Vxworks support.

8 years agoDon't use TPREFIX shell variable for minimal script.
Dr. Stephen Henson [Fri, 14 Oct 2011 15:15:20 +0000 (15:15 +0000)]
Don't use TPREFIX shell variable for minimal script.

8 years agoAdd usage messages.
Dr. Stephen Henson [Fri, 14 Oct 2011 13:00:08 +0000 (13:00 +0000)]
Add usage messages.

8 years agoe_aes.c: fix bug in aesni_gcm_tls_cipher.
Andy Polyakov [Fri, 14 Oct 2011 09:32:06 +0000 (09:32 +0000)]
e_aes.c: fix bug in aesni_gcm_tls_cipher.

8 years agoaesni-x86[_64].pl: fix bug in CCM code.
Andy Polyakov [Fri, 14 Oct 2011 09:15:19 +0000 (09:15 +0000)]
aesni-x86[_64].pl: fix bug in CCM code.

8 years agoRemove eng_aesni.c as AES-NI support is integrated directly at EVP.
Andy Polyakov [Thu, 13 Oct 2011 19:46:44 +0000 (19:46 +0000)]
Remove eng_aesni.c as AES-NI support is integrated directly at EVP.

8 years agouse -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 15:07:08 +0000 (15:07 +0000)]
use -no_ecdhe when using -no_dhe

8 years agoOops - ectest.c finds further problems beyond those exposed by bntext.c
Bodo Möller [Thu, 13 Oct 2011 14:29:59 +0000 (14:29 +0000)]
Oops - ectest.c finds further problems beyond those exposed by bntext.c

8 years agoAvoid failed assertion in BN_DEBUG builds
Bodo Möller [Thu, 13 Oct 2011 14:21:39 +0000 (14:21 +0000)]
Avoid failed assertion in BN_DEBUG builds

8 years agoMake CTR mode behaviour consistent with other modes:
Bodo Möller [Thu, 13 Oct 2011 13:41:34 +0000 (13:41 +0000)]
Make CTR mode behaviour consistent with other modes:
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
  for eng_aesni.c

Submitted by: Emilia Kasper

8 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:27:09 +0000 (13:27 +0000)]
Clarify warning

8 years agotypo
Bodo Möller [Thu, 13 Oct 2011 13:20:33 +0000 (13:20 +0000)]
typo

8 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:05:58 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

8 years agoFix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.
Bodo Möller [Thu, 13 Oct 2011 12:35:10 +0000 (12:35 +0000)]
Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.

Submitted by: Emilia Kasper

8 years agoPrint curve type for signature tests.
Dr. Stephen Henson [Wed, 12 Oct 2011 22:41:33 +0000 (22:41 +0000)]
Print curve type for signature tests.

8 years agoincrease test RSA key size to 1024 bits
Dr. Stephen Henson [Wed, 12 Oct 2011 21:55:03 +0000 (21:55 +0000)]
increase test RSA key size to 1024 bits

8 years agoUpdate README.FIPS for new FIPS 2.0 testvectors.
Dr. Stephen Henson [Wed, 12 Oct 2011 18:48:01 +0000 (18:48 +0000)]
Update README.FIPS for new FIPS 2.0 testvectors.

8 years agoRemove o_init.o special case from Makefile: this doesn't work.
Dr. Stephen Henson [Wed, 12 Oct 2011 17:27:08 +0000 (17:27 +0000)]
Remove o_init.o special case from Makefile: this doesn't work.

8 years agoSkip ECDH sanity check. Add --compare-all to run comparison tests on
Dr. Stephen Henson [Wed, 12 Oct 2011 17:18:38 +0000 (17:18 +0000)]
Skip ECDH sanity check. Add --compare-all to run comparison tests on
all files instead of sanity checks.

8 years agoHandle partial test where H is absent: needed to check g generation.
Dr. Stephen Henson [Wed, 12 Oct 2011 17:03:15 +0000 (17:03 +0000)]
Handle partial test where H is absent: needed to check g generation.

8 years agoUpdate instructions.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:35:34 +0000 (15:35 +0000)]
Update instructions.

8 years agoUpdates to handle some verification of v2 tests.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:33:54 +0000 (15:33 +0000)]
Updates to handle some verification of v2 tests.

Now enable v2 by default and require a --disable-v2 option to run the
old v1 tests.

8 years agoHandle broken test on verify too.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:32:57 +0000 (15:32 +0000)]
Handle broken test on verify too.

8 years agoECDH POST selftest failure inducing support.
Dr. Stephen Henson [Wed, 12 Oct 2011 13:17:19 +0000 (13:17 +0000)]
ECDH POST selftest failure inducing support.

8 years agoFix warnings.
Dr. Stephen Henson [Wed, 12 Oct 2011 13:06:45 +0000 (13:06 +0000)]
Fix warnings.

8 years agoOnly include one ECDH selftest.
Dr. Stephen Henson [Wed, 12 Oct 2011 12:55:58 +0000 (12:55 +0000)]
Only include one ECDH selftest.

8 years agoe_padlock-x86[_64].pl: protection against prefetch errata.
Andy Polyakov [Tue, 11 Oct 2011 21:07:53 +0000 (21:07 +0000)]
e_padlock-x86[_64].pl: protection against prefetch errata.

8 years agoupdate pkey method initialisation and copy
Dr. Stephen Henson [Tue, 11 Oct 2011 18:15:31 +0000 (18:15 +0000)]
update pkey method initialisation and copy

8 years agoprint out subgroup order if present
Dr. Stephen Henson [Tue, 11 Oct 2011 17:44:26 +0000 (17:44 +0000)]
print out subgroup order if present

8 years agodef_rsa_finish not used any more.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:35:09 +0000 (20:35 +0000)]
def_rsa_finish not used any more.

8 years agoremove some debugging code
Dr. Stephen Henson [Mon, 10 Oct 2011 19:09:01 +0000 (19:09 +0000)]
remove some debugging code

8 years agofix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 14:08:55 +0000 (14:08 +0000)]
fix leak properly this time...

8 years agoadd GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:18 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init

8 years agodisable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 12:41:11 +0000 (12:41 +0000)]
disable GCM if not available

8 years agoDon't disable TLS v1.2 by default now.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:26:39 +0000 (23:26 +0000)]
Don't disable TLS v1.2 by default now.

8 years agoSynv ordinals with 1.0.1-stable.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:16:20 +0000 (23:16 +0000)]
Synv ordinals with 1.0.1-stable.

8 years agofix CHANGES entry
Dr. Stephen Henson [Sun, 9 Oct 2011 23:11:55 +0000 (23:11 +0000)]
fix CHANGES entry

8 years agofix memory leaks
Dr. Stephen Henson [Sun, 9 Oct 2011 23:08:15 +0000 (23:08 +0000)]
fix memory leaks

8 years agoe_padlock-x86_64.pl: brown-bag bug in stack pointer handling.
Andy Polyakov [Sun, 9 Oct 2011 21:53:53 +0000 (21:53 +0000)]
e_padlock-x86_64.pl: brown-bag bug in stack pointer handling.

8 years agoSync ordinals with 1.0.1-stable.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:29:43 +0000 (15:29 +0000)]
Sync ordinals with 1.0.1-stable.

8 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:52 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

8 years agoe_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.
Andy Polyakov [Sat, 8 Oct 2011 21:37:44 +0000 (21:37 +0000)]
e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.

8 years agoAdd fips/ecdh directory.
Dr. Stephen Henson [Fri, 7 Oct 2011 18:18:50 +0000 (18:18 +0000)]
Add fips/ecdh directory.

8 years agoNew -force_pubkey option to x509 utility to supply a different public
Dr. Stephen Henson [Fri, 7 Oct 2011 15:18:09 +0000 (15:18 +0000)]
New -force_pubkey option to x509 utility to supply a different public
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.

8 years agouse client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:19 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello

8 years ago? crypto/aes/aes-armv4.S
Dr. Stephen Henson [Thu, 6 Oct 2011 20:44:02 +0000 (20:44 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
  if (rv == NULL)
  return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
  return 1;
  }

@@ -144,7 +146,8 @@
 #endif
  if (rv == NULL)
  return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
  return 1;
  }

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
  break;
  }

- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
  {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
  }

  if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

8 years agoe_padlock: add CTR mode.
Andy Polyakov [Wed, 5 Oct 2011 17:03:44 +0000 (17:03 +0000)]
e_padlock: add CTR mode.

8 years agoe_padlock-x86_64.pl: fix typo.
Andy Polyakov [Tue, 4 Oct 2011 11:21:33 +0000 (11:21 +0000)]
e_padlock-x86_64.pl: fix typo.

8 years agoe_padlock-x86*.pl: Nano-related update.
Andy Polyakov [Tue, 4 Oct 2011 11:05:16 +0000 (11:05 +0000)]
e_padlock-x86*.pl: Nano-related update.

8 years agoMake fips algorithm test utilities use RESP_EOL for end of line character(s).
Dr. Stephen Henson [Sat, 1 Oct 2011 20:42:52 +0000 (20:42 +0000)]
Make fips algorithm test utilities use RESP_EOL for end of line character(s).
This should be CRLF even under *nix.

8 years agoe_padlock-x86.pl: previous C3-specific fix was incomplete.
Andy Polyakov [Sat, 1 Oct 2011 10:44:51 +0000 (10:44 +0000)]
e_padlock-x86.pl: previous C3-specific fix was incomplete.

8 years agoe_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).
Andy Polyakov [Sat, 1 Oct 2011 10:16:13 +0000 (10:16 +0000)]
e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).

8 years agoNever echo Num lines for PQGGen DSA2 test.
Dr. Stephen Henson [Fri, 30 Sep 2011 11:58:59 +0000 (11:58 +0000)]
Never echo Num lines for PQGGen DSA2 test.

8 years agomake depend
Dr. Stephen Henson [Thu, 29 Sep 2011 23:17:59 +0000 (23:17 +0000)]
make depend

8 years agoAdd FIPS selftests for ECDH algorithm.
Dr. Stephen Henson [Thu, 29 Sep 2011 23:08:23 +0000 (23:08 +0000)]
Add FIPS selftests for ECDH algorithm.

8 years agoRemove s = s * P deferral.
Dr. Stephen Henson [Thu, 29 Sep 2011 18:22:37 +0000 (18:22 +0000)]
Remove s = s * P deferral.

8 years agoCheck return codes properly.
Dr. Stephen Henson [Thu, 29 Sep 2011 16:24:00 +0000 (16:24 +0000)]
Check return codes properly.

8 years agoFix output format for DSA2 parameter generation.
Dr. Stephen Henson [Wed, 28 Sep 2011 22:35:30 +0000 (22:35 +0000)]
Fix output format for DSA2 parameter generation.

8 years agobsaes-x86_64.pl: add due credit.
Andy Polyakov [Tue, 27 Sep 2011 19:34:40 +0000 (19:34 +0000)]
bsaes-x86_64.pl: add due credit.

8 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:32 +0000 (17:04 +0000)]
fix signed/unsigned warning

8 years agoAdd a --disable-all option to disable all tests.
Dr. Stephen Henson [Sun, 25 Sep 2011 22:12:39 +0000 (22:12 +0000)]
Add a --disable-all option to disable all tests.

8 years agoHandle provable prime parameters for canonical g generation which are
Dr. Stephen Henson [Sun, 25 Sep 2011 22:04:43 +0000 (22:04 +0000)]
Handle provable prime parameters for canonical g generation which are
sometimes erroneously included.

8 years agoAdd bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/...
Andy Polyakov [Sun, 25 Sep 2011 15:31:51 +0000 (15:31 +0000)]
Add bit-sliced AES x86_64 assembler, see homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.

8 years agomake sure eivlen is initialised
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:20 +0000 (23:06 +0000)]
make sure eivlen is initialised

8 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:34 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM

8 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:23 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.

8 years agoPR: 2602
Dr. Stephen Henson [Fri, 23 Sep 2011 13:34:48 +0000 (13:34 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

8 years agoPR: 2347
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:25 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.

8 years agoRun PQGVer test before DSA2 tests.
Dr. Stephen Henson [Fri, 23 Sep 2011 01:03:37 +0000 (01:03 +0000)]
Run PQGVer test before DSA2 tests.

8 years agoTypo.
Dr. Stephen Henson [Thu, 22 Sep 2011 14:15:07 +0000 (14:15 +0000)]
Typo.

8 years agoUse function name FIPS_drbg_health_check() for health check function.
Dr. Stephen Henson [Thu, 22 Sep 2011 14:01:25 +0000 (14:01 +0000)]
Use function name FIPS_drbg_health_check() for health check function.

Add explanatory comments to health check code.

8 years agoDon't print out errors in cases where errors are expected: testing
Dr. Stephen Henson [Wed, 21 Sep 2011 18:42:12 +0000 (18:42 +0000)]
Don't print out errors in cases where errors are expected: testing
DSA parameter validity and EC public key validity.

8 years agoRemove unused variable.
Dr. Stephen Henson [Wed, 21 Sep 2011 18:36:53 +0000 (18:36 +0000)]
Remove unused variable.

8 years agoPerform health check on all reseed operations not associated with
Dr. Stephen Henson [Wed, 21 Sep 2011 18:24:12 +0000 (18:24 +0000)]
Perform health check on all reseed operations not associated with
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).

8 years agoRevise DRBG to split between internal and external flags.
Dr. Stephen Henson [Wed, 21 Sep 2011 17:04:56 +0000 (17:04 +0000)]
Revise DRBG to split between internal and external flags.

One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.

8 years agoUpdate error codes.
Dr. Stephen Henson [Wed, 21 Sep 2011 16:17:18 +0000 (16:17 +0000)]
Update error codes.

8 years agoAllow reseed interval to be set.
Dr. Stephen Henson [Sun, 18 Sep 2011 19:36:27 +0000 (19:36 +0000)]
Allow reseed interval to be set.

8 years agoMake latest assembler additions (vpaes and e_padlock) work in Windows build.
Andy Polyakov [Sun, 18 Sep 2011 15:40:11 +0000 (15:40 +0000)]
Make latest assembler additions (vpaes and e_padlock) work in Windows build.

8 years agosha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
Andy Polyakov [Sat, 17 Sep 2011 12:57:33 +0000 (12:57 +0000)]
sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.

8 years agosha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Andy Polyakov [Sat, 17 Sep 2011 11:30:28 +0000 (11:30 +0000)]
sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Other Intel processors +5%, Opteron -2%.

8 years agoSync error codes with 1.0.1-stable.
Dr. Stephen Henson [Sat, 17 Sep 2011 00:17:46 +0000 (00:17 +0000)]
Sync error codes with 1.0.1-stable.

8 years agoclarify comment
Dr. Stephen Henson [Fri, 16 Sep 2011 17:40:16 +0000 (17:40 +0000)]
clarify comment

8 years agoMinor code tidy and bug fix: need to set t = s after first pass and
Dr. Stephen Henson [Fri, 16 Sep 2011 17:35:40 +0000 (17:35 +0000)]
Minor code tidy and bug fix: need to set t = s after first pass and
t and s do not need to have independent values after the first pass
so set t = s.

8 years agoDon't use vpaes in fips builds and exclude from restricted tarball.
Dr. Stephen Henson [Thu, 15 Sep 2011 21:06:37 +0000 (21:06 +0000)]
Don't use vpaes in fips builds and exclude from restricted tarball.

8 years agoIntegrate Vector Permutation AES into build system.
Andy Polyakov [Thu, 15 Sep 2011 20:22:59 +0000 (20:22 +0000)]
Integrate Vector Permutation AES into build system.

8 years agoMake HMAC kat symbols static.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:28:46 +0000 (14:28 +0000)]
Make HMAC kat symbols static.

8 years agoFix warning.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:08:24 +0000 (14:08 +0000)]
Fix warning.

8 years agoAllow for dynamic base in Win64 FIPS module.
Andy Polyakov [Wed, 14 Sep 2011 20:48:49 +0000 (20:48 +0000)]
Allow for dynamic base in Win64 FIPS module.

8 years agoUpdate CMAC/HMAC sefltests to use NIDs instead of function pointers.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:49:50 +0000 (15:49 +0000)]
Update CMAC/HMAC sefltests to use NIDs instead of function pointers.

Simplify HMAC selftest as each test currently uses the same key and
hash data.

8 years agoRemove fipsdso target: it isn't supported in the 2.0 module.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:20:59 +0000 (15:20 +0000)]
Remove fipsdso target: it isn't supported in the 2.0 module.

8 years agonew function to lookup FIPS supported ciphers by NID
Dr. Stephen Henson [Wed, 14 Sep 2011 13:25:48 +0000 (13:25 +0000)]
new function to lookup FIPS supported ciphers by NID

8 years agoMore extensive DRBG health check. New function to call health check
Dr. Stephen Henson [Mon, 12 Sep 2011 18:47:39 +0000 (18:47 +0000)]
More extensive DRBG health check. New function to call health check
for all DRBG combinations.

8 years agoCheck length of additional input in DRBG generate function.
Dr. Stephen Henson [Mon, 12 Sep 2011 18:45:05 +0000 (18:45 +0000)]
Check length of additional input in DRBG generate function.

8 years agoDelete strength parameter from FIPS_drbg_generate. It isn't very useful
Dr. Stephen Henson [Mon, 12 Sep 2011 13:20:57 +0000 (13:20 +0000)]
Delete strength parameter from FIPS_drbg_generate. It isn't very useful
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).