Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-08 | Remove fipscanister from Configure, delete fips directory | Dr. Stephen Henson | |
Reviewed-by: Tim Hudson <tjh@openssl.org> | |||
2011-10-21 | fips.c: remove preprocessor artefact. | Andy Polyakov | |
2011-10-21 | fix (?) AVX clearing | Dr. Stephen Henson | |
2011-10-20 | fips.c: x86[_64] capability masking. | Andy Polyakov | |
2011-10-19 | add authentication parameter to FIPS_module_mode_set | Dr. Stephen Henson | |
2011-09-14 | Allow for dynamic base in Win64 FIPS module. | Andy Polyakov | |
2011-07-25 | Fix warnings. | Dr. Stephen Henson | |
2011-07-04 | Add functions to return FIPS module version. | Dr. Stephen Henson | |
2011-05-12 | Fix error discrepancy. | Dr. Stephen Henson | |
2011-05-11 | Set FIPS mode for values other than 1. The only current effect | Dr. Stephen Henson | |
is to return a consistent value. So calling FIPS_module_mode_set(n) for n != 0 will result in FIPS_module_mode() returning n. This will support future expansion of more FIPS modes e.g. a Suite B mode. | |||
2011-05-11 | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | |
the FIPS capable OpenSSL. | |||
2011-04-14 | Initial incomplete POST overhaul: add support for POST callback to | Dr. Stephen Henson | |
allow status of POST to be monitored and/or failures induced. | |||
2011-04-12 | Update fips_pkey_signature_test: use fixed string if supplies tbs is | Dr. Stephen Henson | |
NULL. Always allocate signature buffer. Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice to file. | |||
2011-04-12 | Update RSA selftest code to use a 2048 bit RSA and only a single KAT | Dr. Stephen Henson | |
for PSS+SHA256 | |||
2011-04-11 | Update copyright year. | Dr. Stephen Henson | |
Zero ciphertext and plaintext temporary buffers. Check FIPS_cipher() return value. | |||
2011-04-05 | Extensive reorganisation of PRNG handling in FIPS module: all calls | Dr. Stephen Henson | |
now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL". | |||
2011-04-05 | Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be | Dr. Stephen Henson | |
used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway. | |||
2011-04-04 | Change FIPS locking functions to macros so we get useful line information. | Dr. Stephen Henson | |
Set fips_thread_set properly. | |||
2011-04-01 | Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for | Dr. Stephen Henson | |
test applications. | |||
2011-03-24 | Implement FIPS CMAC. | Richard Levitte | |
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as an example. * crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros where possible. * crypto/evp/evp.h: (some of the macros get added with this change) * fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use macros to have cmac.c use these functions. * Makefile.org, fips/Makefile, fips/fips.c: Hook it in. | |||
2011-03-16 | Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. | Dr. Stephen Henson | |
2011-02-18 | add ECDSA POST | Dr. Stephen Henson | |
2011-02-18 | AES GCM selftests. | Dr. Stephen Henson | |
2011-02-16 | Experimental FIPS symbol renaming. | Dr. Stephen Henson | |
Fixups under fips/ to make symbol renaming work. | |||
2011-02-15 | Add pairwise consistency test to EC. | Dr. Stephen Henson | |
2011-02-15 | Update pairwise consistency checks to use SHA-256. | Dr. Stephen Henson | |
2011-02-13 | Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new | Dr. Stephen Henson | |
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library. | |||
2011-02-12 | Change FIPS source and utilities to use the "FIPS_" names directly | Dr. Stephen Henson | |
instead of using regular OpenSSL API names. | |||
2011-02-04 | Remove unneeded functions, make some functions and variables static. | Dr. Stephen Henson | |
2011-01-27 | Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer | Dr. Stephen Henson | |
to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks. | |||
2011-01-26 | And so it begins... again. | Dr. Stephen Henson | |
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have missing files, extraneous files and other nastiness. In other words: it's experimental ATM, OK? |