Andy Polyakov
c608171d9c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
ab1ec69843
aesni TLS GCM support
2011-08-11 23:06:19 +00:00
Dr. Stephen Henson
28dd49faec
Expand range of ctrls for AES GCM to support retrieval and setting of
...
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Andy Polyakov
a355cf9bf5
evp.h: add flag to distinguish AEAD ciphers and pair of control codes...
2011-07-11 13:54:53 +00:00
Dr. Stephen Henson
9ebc37e667
add null cipher to FIPS module
2011-06-20 19:48:44 +00:00
Dr. Stephen Henson
bd6386f59c
make sure custom cipher flag doesn't use any mode bits
2011-06-13 23:06:43 +00:00
Dr. Stephen Henson
3096d53b46
Update dependencies for m_dss.c too.
2011-06-10 14:00:02 +00:00
Dr. Stephen Henson
068291cd44
Remove x509.h from SHA1 clone digests, update dependencies.
2011-06-10 13:52:44 +00:00
Andy Polyakov
17f121de9d
e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.
2011-06-06 11:40:03 +00:00
Dr. Stephen Henson
bce1af7762
Add DSA and ECDSA "clone digests" to module for compatibility with old
...
applications.
2011-06-01 14:07:32 +00:00
Andy Polyakov
62b6c5c404
e_aes.c: fix typo.
2011-05-30 10:13:42 +00:00
Andy Polyakov
e76cbcf686
e_aes.c: fix aes_cfb1_cipher.
2011-05-30 10:10:05 +00:00
Andy Polyakov
d1fff483d6
e_aes.c: integrate AESNI directly into EVP.
2011-05-30 09:16:01 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
e9093c9832
PR: 2499
...
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>
Typos.
2011-05-02 23:29:57 +00:00
Dr. Stephen Henson
b5dd178740
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
62dc7ed67c
Override flag for XTS length limit.
2011-04-18 17:31:28 +00:00
Dr. Stephen Henson
2391681082
Initial untested CCM support via EVP.
2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
3b4a855778
Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf
...
field which is not unused for custom ciphers.
2011-04-18 11:28:41 +00:00
Dr. Stephen Henson
45321c41e2
Add length limitation from SP800-38E.
2011-04-15 12:01:53 +00:00
Dr. Stephen Henson
06b7e5a0e4
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f
Remove duplicate flag.
2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
399aa6b5ff
Implement FIPS CMAC.
...
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00
Richard Levitte
487b023f3d
make update (1.1.0-dev)
...
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Dr. Stephen Henson
4fc02f1229
Use a signed value to check return value of do_cipher().
2011-03-21 17:37:27 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
3e446ba347
Make "make links" work in fipscanisteronly builds.
2011-02-22 12:34:46 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
37eae9909a
Remove unnecessary dependencies.
2011-02-21 17:35:53 +00:00
Dr. Stephen Henson
ab8a4e54db
Move gcm128_context definition to modes_lcl.h (along with some related
...
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.
2011-02-19 22:16:52 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
14567b1451
Add FIPS flags to AES ciphers and SHA* digests.
2011-02-15 15:57:54 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Dr. Stephen Henson
f4001a0d19
Link GCM into FIPS module. Check return value in EVP gcm.
2011-02-08 15:10:42 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
83e9c36261
Use default ASN1 if flag set.
2011-02-07 12:47:16 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
7a4bd34a4f
FIPS mode EVP changes:
...
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
09c1dc850c
PR: 2385
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
2010-11-30 19:37:21 +00:00
Dr. Stephen Henson
ae3fff5034
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
...
EVP_MD_CTX was much larger: it isn't needed anymore.
2010-11-27 17:37:03 +00:00
Dr. Stephen Henson
f830c68f4d
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
46fc96d4ba
constify EVP_PKEY_new_mac_key()
2010-11-24 13:13:49 +00:00
Dr. Stephen Henson
ad889de097
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
...
we should use its method instead of any generic one.
2010-11-16 12:11:46 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Dr. Stephen Henson
2948fbab3a
Fix ctr mode properly this time....
2010-07-28 16:53:28 +00:00
Dr. Stephen Henson
081464fa14
Make ctr mode behaviour consistent with other modes.
2010-07-28 11:03:09 +00:00
Andy Polyakov
874a3757af
Rework framework for assembler support for AES counter mode and add
...
AES_ctr32_encrypt to aes-s390x.pl.
2010-07-09 12:21:52 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
cb877ccb35
PR: 2258
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:05 +00:00
Dr. Stephen Henson
efcf5f1c50
PR: 2244
...
Submitted By: "PMHager" <hager@dortmund.net>
Initialise pkey callback to 0.
2010-05-03 12:50:36 +00:00
Dr. Stephen Henson
08df41277a
PR: 1904
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
d6eebf6d8a
reserve a few more bits for future cipher modes
2010-03-08 23:48:21 +00:00
Dr. Stephen Henson
069d4cfea5
although AES is a variable length cipher, AES EVP methods have a fixed key length
2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5
oops, make EVP ctr mode work again
2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
1708456220
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
8c4ce7bab2
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
da3955256d
'typo'
2010-03-01 01:53:34 +00:00
Ben Laurie
19ec2f4194
Fix warnings (note that gcc 4.2 has a bug that makes one of its
...
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
37c541faed
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
385a488c43
prevent warning
2010-02-24 15:24:19 +00:00
Andy Polyakov
d976f99294
Add AES counter mode to EVP.
2010-02-23 16:48:41 +00:00
Dr. Stephen Henson
1458b931eb
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
e3e31ff482
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
089f02c577
oops, use new value for new flag
2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
e92f9f45e8
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
7e765bf29a
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Dr. Stephen Henson
e50858c559
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
338a61b94e
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
fdb2c6e4e5
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
773b63d6f9
set engine to NULL after releasing it
2009-11-12 19:25:37 +00:00
Dr. Stephen Henson
fecef70773
Yes it is a typo ;-)
2009-10-01 12:17:44 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
cd4f7cddc7
Add more return value checking attributes to evp.h and hmac.h
2009-09-23 23:40:13 +00:00
Dr. Stephen Henson
acf20c7dbd
Add attribute to check if return value of certain functions is incorrectly
...
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
3ed3603b60
Update default dependency flags.
...
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
0f1d77a870
Fix error code.
2009-08-06 16:39:34 +00:00
Dr. Stephen Henson
c55d27ac33
Make update.
2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
4e9de7aa3a
Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is
...
a new branch we can also disable it by default.
2009-07-08 08:49:17 +00:00
Dr. Stephen Henson
9a6d8ee5b5
Update from 1.0.0-stable
2009-07-01 11:40:19 +00:00
Dr. Stephen Henson
f0288f05b9
Submitted by: Artem Chuprina <ran@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Various GOST ciphersuite and ENGINE fixes. Including...
Allow EVP_PKEY_set_derive_peerkey() in encryption operations.
New flag when certificate verify should be omitted in client key exchange.
2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
43e12b6f1c
Add ignored FIPS options to evp.h change clashing flag value.
2009-05-29 18:57:31 +00:00
Dr. Stephen Henson
d4f0339c66
Update from 1.0.0-stable.
2009-04-26 22:18:22 +00:00
Dr. Stephen Henson
ef236ec3b2
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00