wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8454 commits 20 branches 302 tags 153 MiB
Commit graph

8454 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nils Larsch
0dfe532ea9 clear error queue on success and return NULL if cert could be read 
PR: 1088
 2005-06-01 08:36:38 +00:00
Nils Larsch
5c567ffd4c fix assertion 2005-05-31 20:39:54 +00:00
Richard Levitte
3bc1781994 Synchronise with the Unix build... 2005-05-31 20:29:23 +00:00
Dr. Stephen Henson
485bcc9cab Preliminary support for X9.31 RSA key generation for FIPS. 
Included prime derivation, random prime generation, test program and
new option to genrsa.
 2005-05-31 12:38:03 +00:00
Richard Levitte
bb1bbb3274 Synchronise with Unixly build 2005-05-30 22:26:22 +00:00
Dr. Stephen Henson
4bd7bc97e8 make update 2005-05-29 12:30:21 +00:00
Dr. Stephen Henson
4d4339922c Stop warnings. 2005-05-29 12:22:05 +00:00
Richard Levitte
c3d03b70af We have some source with \r\n as line ends. DEC C informs about that, 
and I really can't be bothered...
 2005-05-29 12:13:05 +00:00
Dr. Stephen Henson
e4c2c550b9 Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and 
include options to use X9.31 in tests.
 2005-05-28 20:15:48 +00:00
Dr. Stephen Henson
570357b7a8 Add PSS support to tests. 2005-05-28 11:18:44 +00:00
Dr. Stephen Henson
7044d328a2 Add PSS support. Minimal at this stage for FIPS140. 2005-05-27 21:59:52 +00:00
Dr. Stephen Henson
35d7cc8166 Error checking. 2005-05-27 21:22:48 +00:00
Bodo Möller
80790d89ec Use BN_with_flags() in a cleaner way. 
Complete previous change:
Constant time DSA [sync with mainstream].
 2005-05-27 15:39:15 +00:00
Andy Polyakov
7bad200b49 Constant-time RSA [sync with mainstream]. 
Submitted by: bodo
 2005-05-27 08:12:44 +00:00
Andy Polyakov
6b6f64da2d Constant time DH [sync with mainstream]. 
Submitted by: bodo
 2005-05-27 08:11:16 +00:00
Andy Polyakov
31def5ae59 Constant-time DSA signing [sync with mainstream]. 
Submitted by: bodo
 2005-05-27 06:42:11 +00:00
Andy Polyakov
713407a5c7 fips/sha1 -> fips/sha remains. 2005-05-26 23:09:02 +00:00
Andy Polyakov
db73333585 Remove fips/sha1/*. 2005-05-26 23:01:20 +00:00
Andy Polyakov
84c9b6edb1 Throw in SHAmix test vectors. 2005-05-26 22:17:55 +00:00
Andy Polyakov
e609c04994 Rename fips/sha1 to fips/sha. 2005-05-26 21:29:10 +00:00
Dr. Stephen Henson
53cfa36d37 Allow zero length messages and make format look more like samples. 2005-05-26 18:48:24 +00:00
Dr. Stephen Henson
b10bd63df3 FIPS SHA* test for new format. 2005-05-26 18:31:53 +00:00
Bodo Möller
44a287747f make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:42 +00:00
Richard Levitte
20a413620c Synchronise with Unix build. 2005-05-24 03:50:47 +00:00
Richard Levitte
e99b588f1b Typo correction 2005-05-24 03:27:18 +00:00
Richard Levitte
48a3f2818e When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in 
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
 2005-05-21 17:39:48 +00:00
Andy Polyakov
fc0e014ca3 fips_check_rsa update. 2005-05-19 22:29:55 +00:00
Dr. Stephen Henson
8baaeba881 Place #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl 
knows about it.
 2005-05-17 19:48:42 +00:00
Andy Polyakov
150ebacd8a SHA-XXX are available in FIPS context only in 0.9.7. 2005-05-17 06:57:14 +00:00
Bodo Möller
bedcd5c0bb fix memory leak (BIO_free_all needs pointer to first BIO) 
PR: 1070
 2005-05-17 05:52:18 +00:00
Bodo Möller
fd86c390eb Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:38 +00:00
Dr. Stephen Henson
63453c025f Remove redundant test. Add new SHAXXX algorithms to mkdef.pl, update 
symbol info.
 2005-05-16 17:52:32 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:26:08 +00:00
Richard Levitte
64c32bf9eb Synchronise with the Unixly build. 2005-05-15 09:20:15 +00:00
Dr. Stephen Henson
775e82c58d Fix from HEAD. 2005-05-14 12:59:05 +00:00
Dr. Stephen Henson
db5cbd8954 Fixes from HEAD. 2005-05-13 00:23:02 +00:00
Dr. Stephen Henson
c6012b252d Fix from HEAD. 2005-05-12 23:13:40 +00:00
Dr. Stephen Henson
e1ff593dcb Typo. 2005-05-12 17:27:48 +00:00
Bodo Möller
c4d9c13a31 fix msg_callback() arguments for SSL 2.0 compatible client hello 
(previous revision got this wrong)
 2005-05-12 06:24:26 +00:00
Bodo Möller
00c1c6cb28 PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:26:08 +00:00
Bodo Möller
973fbfe3a3 make update 2005-05-11 17:49:50 +00:00
Dr. Stephen Henson
9fc1d3f4c4 Allow AES CFB1 ciphers in FIPS mode. 2005-05-11 16:28:33 +00:00
Dr. Stephen Henson
765863f0bf Stop warnings. 2005-05-11 00:35:55 +00:00
Andy Polyakov
cbd72088ec Tidy up an error code. 2005-05-10 22:57:21 +00:00
Andy Polyakov
8aabdf3505 Fix fips_hmactest.c. 2005-05-10 22:54:44 +00:00
Nils Larsch
fcec494072 use 'p' as conversion specifier for printf to avoid truncation of 
pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz
via Mike Frysinger <vapier@gentoo.org>.

PR: 1064
 2005-05-10 11:57:19 +00:00
Nils Larsch
88f62fb98a improve command line argument checking 
PR: 1061
 2005-05-10 09:52:39 +00:00
Andy Polyakov
69488fa929 Add algorithm selection command-line option to fips_hmactest 
[and fix typo in fips.h].
 2005-05-09 22:35:35 +00:00
Andy Polyakov
b0367dde56 Comply with optimization manual (no data should share cache-line with code). 2005-05-09 21:41:47 +00:00
Andy Polyakov
ad93095f16 Missing declaration. 2005-05-09 20:47:42 +00:00