Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-05-23 | PR: 2522 | Dr. Stephen Henson | |
Submitted by: Henrik Grindal Bakken <henribak@cisco.com> Don't compare past end of buffer. | |||
2011-05-11 | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | |
the FIPS capable OpenSSL. | |||
2011-05-06 | Return error codes for selftest failure instead of hard assertion errors. | Dr. Stephen Henson | |
2011-05-04 | Remove superfluous PRNG self tests. | Dr. Stephen Henson | |
Print timer resolution. | |||
2011-05-01 | Some changes to support VxWorks in the validted module. | Dr. Stephen Henson | |
2011-04-23 | Always return multiple of block length bytes from default DRBG seed | Dr. Stephen Henson | |
callback. Handle case where no multiple of the block size is in the interval [min_len, max_len]. | |||
2011-04-21 | Add continuous RNG test to entropy source. Entropy callbacks now need | Dr. Stephen Henson | |
to specify a "block length". | |||
2011-04-20 | Update DRBG to use new POST scheme. | Dr. Stephen Henson | |
2011-04-20 | Add periodic DRBG health checks as required by SP800-90. | Dr. Stephen Henson | |
2011-04-14 | Add new POST support to X9.31 PRNG. | Dr. Stephen Henson | |
2011-04-12 | Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx | Dr. Stephen Henson | |
when performing ECDSA selftest. | |||
2011-04-10 | Typo: fix duplicate call. | Dr. Stephen Henson | |
2011-04-09 | Add error for health check failure. | Dr. Stephen Henson | |
Rebuild all FIPS error codes to clean out old obsolete codes. | |||
2011-04-09 | Before initalising a live DRBG (i.e. not in test mode) run a complete health | Dr. Stephen Henson | |
check on a DRBG of the same type. | |||
2011-04-09 | New function to return security strength of PRNG. | Dr. Stephen Henson | |
2011-04-06 | Update OpenSSL DRBG support code. Use date time vector as additional data. | Dr. Stephen Henson | |
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD. | |||
2011-04-05 | Update fipssyms.h to keep all symbols in FIPS,fips namespace. | Dr. Stephen Henson | |
Rename drbg_cprng_test to fips_drbg_cprng_test. Remove rand files from Makefile.fips. | |||
2011-04-05 | Extensive reorganisation of PRNG handling in FIPS module: all calls | Dr. Stephen Henson | |
now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL". | |||
2011-04-05 | Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be | Dr. Stephen Henson | |
used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway. | |||
2011-04-04 | Set error code is additional data callback fails. | Dr. Stephen Henson | |
2011-04-04 | Change RNG test to block oriented instead of request oriented, add option | Dr. Stephen Henson | |
to test a "stuck" DRBG. | |||
2011-04-01 | Only zeroise sensitive parts of DRBG context, so the type and flags | Dr. Stephen Henson | |
are undisturbed. Allow setting of "rand" callbacks for DRBG. | |||
2011-04-01 | Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for | Dr. Stephen Henson | |
test applications. | |||
2011-03-31 | Unused, untested, provisional RAND interface for DRBG. | Dr. Stephen Henson | |
2011-03-31 | Remove redundant definitions. Give error code if DRBG sefltest fails. | Dr. Stephen Henson | |
2011-03-31 | Reorganise DRBG API so the entropy and nonce callbacks can return a | Dr. Stephen Henson | |
pointer to a buffer instead of copying to a fixed length buffer. This removes the entropy and nonce length restrictions. | |||
2011-03-25 | Have all algorithm test programs call fips_algtest_init() at startup: | Dr. Stephen Henson | |
this will perform all standalone operations such as setting error callbacks, entering FIPS mode etc. | |||
2011-03-25 | Allow setting of get_entropy and get_nonce callbacks outside test mode. | Dr. Stephen Henson | |
Test mode is now set when a DRBG context is initialised. | |||
2011-03-24 | make update | Richard Levitte | |
2011-03-21 | Free DRBG context in self tests. | Dr. Stephen Henson | |
2011-03-18 | Typo. | Dr. Stephen Henson | |
2011-03-17 | Implement continuous RNG test for SP800-90 DRBGs. | Dr. Stephen Henson | |
2011-03-17 | Implement health checks needed by SP800-90. | Dr. Stephen Henson | |
Fix warnings. Instantiate DRBGs at maximum strength. | |||
2011-03-16 | Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. | Dr. Stephen Henson | |
2011-03-11 | Check requested security strength in DRBG. Add function to retrieve the | Dr. Stephen Henson | |
security strength. | |||
2011-03-08 | Add meaningful error codes to DRBG. | Dr. Stephen Henson | |
2011-03-08 | Add file I/O to fips_drbgvs program. | Dr. Stephen Henson | |
2011-03-08 | Remove need for redirection on RNG and DSS algorithm test programs: some | Dr. Stephen Henson | |
platforms don't support it. | |||
2011-03-07 | Uninstantiate and free functions for DRBG. | Dr. Stephen Henson | |
2011-03-06 | Fix couple of bugs in CTR DRBG implementation. | Dr. Stephen Henson | |
2011-03-06 | Updates to DRBG: fix bugs in infrastructure. Add initial experimental | Dr. Stephen Henson | |
algorithm test generator. | |||
2011-03-04 | Initial, provisional, subject to wholesale change, untested, probably | Dr. Stephen Henson | |
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes. Did I say this was untested? | |||
2011-02-21 | Update dependencies. | Dr. Stephen Henson | |
2011-02-21 | x509v3.h header file not needed in fips algorithm test utilities. | Dr. Stephen Henson | |
2011-02-16 | Experimental FIPS symbol renaming. | Dr. Stephen Henson | |
Fixups under fips/ to make symbol renaming work. | |||
2011-02-03 | Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files | Dr. Stephen Henson | |
that use it. | |||
2011-01-27 | Move all FIPSAPI renames into fips.h header file, include early in | Dr. Stephen Henson | |
crypto.h if needed. Modify source tree to handle change. | |||
2011-01-27 | Redirect FIPS memory allocation to FIPS_malloc() routine, remove | Dr. Stephen Henson | |
OpenSSL malloc dependencies. | |||
2011-01-27 | Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer | Dr. Stephen Henson | |
to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks. | |||
2011-01-27 | New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies | Dr. Stephen Henson | |
on OpenSSL locking code. Use API in some internal FIPS files. Remove redundant ENGINE defines from fips.h |