Commit graph

10236 commits

Author SHA1 Message Date
Andy Polyakov
301799b803 x86[_64]cpuid.pl: add function accessing rdrand instruction. 2011-06-04 12:20:45 +00:00
Richard Levitte
8d515259e2 No spaces in assignements in a shell script... 2011-06-04 09:00:59 +00:00
Dr. Stephen Henson
4f8f8bf3a4 fix error discrepancy 2011-06-03 18:50:24 +00:00
Dr. Stephen Henson
b8b90804b6 license correction, no EAY code included in this file 2011-06-03 17:56:17 +00:00
Dr. Stephen Henson
549c4ad35b Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
FIPS capable: i.e. FIPS module is supplied externally.
2011-06-03 16:26:58 +00:00
Dr. Stephen Henson
267229b141 Constify RSA signature buffer. 2011-06-03 12:38:18 +00:00
Dr. Stephen Henson
946f57105f Typo. 2011-06-02 18:20:55 +00:00
Dr. Stephen Henson
2280dc7c43 Remove FIPS RSA functions from crypto/rsa. 2011-06-02 17:52:39 +00:00
Dr. Stephen Henson
0cabe4e172 Move FIPS RSA function definitions to fips.h
New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
b6df360b9e Simple automated certificate creation demo. 2011-06-01 18:36:49 +00:00
Dr. Stephen Henson
e7ee10d3dc Clone digest prototypes. 2011-06-01 14:18:28 +00:00
Dr. Stephen Henson
bce1af7762 Add DSA and ECDSA "clone digests" to module for compatibility with old
applications.
2011-06-01 14:07:32 +00:00
Dr. Stephen Henson
654ac273c1 typo 2011-06-01 11:10:35 +00:00
Dr. Stephen Henson
8f119a0357 set FIPS permitted flag before initalising digest 2011-05-31 16:24:19 +00:00
Dr. Stephen Henson
06843f826f Fake CPU caps so fips_standalone_sha1 compiles.
Initialise update function for bad digest inits.
2011-05-31 16:22:21 +00:00
Dr. Stephen Henson
1b2047c5c0 Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.
2011-05-31 10:34:43 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Andy Polyakov
62b6c5c404 e_aes.c: fix typo. 2011-05-30 10:13:42 +00:00
Andy Polyakov
e76cbcf686 e_aes.c: fix aes_cfb1_cipher. 2011-05-30 10:10:05 +00:00
Andy Polyakov
d1fff483d6 e_aes.c: integrate AESNI directly into EVP. 2011-05-30 09:16:01 +00:00
Andy Polyakov
8da721ee2b aesni-x86[_64].pl: relax alignment requirement. 2011-05-30 09:15:16 +00:00
Dr. Stephen Henson
3e2e231852 Add more cipher prototypes. 2011-05-29 16:16:55 +00:00
Dr. Stephen Henson
87829ac926 Prototypes for more FIPS functions for use in FIPS capable OpenSSL. 2011-05-29 15:56:23 +00:00
Andy Polyakov
fe9a5107be Various mingw64 fixes. 2011-05-29 13:51:14 +00:00
Andy Polyakov
afa4b38671 sha1-586|x86_64.pl: minor portability fix. 2011-05-29 13:48:57 +00:00
Andy Polyakov
18f5603c53 x86cpuid.pl: last commit broke platforms with perl with 64-bit integer. 2011-05-29 12:50:02 +00:00
Andy Polyakov
0c149802a2 sha1-586|x86_64.pl: add SSSE3 and AVX code paths. 2011-05-29 12:39:48 +00:00
Dr. Stephen Henson
c33066900c Add FIPS_digestinit prototype for FIPS capable OpenSSL. 2011-05-28 23:02:23 +00:00
Dr. Stephen Henson
f87ff24bc4 Add prototypes for FIPS EVP implementations: for use in FIPS capable
OpenSSL.
2011-05-28 21:03:31 +00:00
Andy Polyakov
cf3aeae419 aes-ppc.pl: handle unaligned data on page boundaries. 2011-05-28 09:41:36 +00:00
Dr. Stephen Henson
9a205e5981 Rename many internal only module functions from FIPS_* to fips_*. 2011-05-27 21:11:54 +00:00
Andy Polyakov
f44cb15fab rc4-x86_64.pl: fix due credit. 2011-05-27 18:58:37 +00:00
Andy Polyakov
986289604e rc4-x86_64.pl: RC4_options fix-up. 2011-05-27 16:15:12 +00:00
Andy Polyakov
4bb90087d7 x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. 2011-05-27 15:32:43 +00:00
Andy Polyakov
6715034002 PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data. 2011-05-27 13:32:34 +00:00
Andy Polyakov
0ca9a483af rc4-x86_64.pl: major optimization for contemporary Intel CPUs. 2011-05-27 09:51:09 +00:00
Andy Polyakov
0dff8ba248 rc4-586.pl: optimize even further... 2011-05-27 09:46:19 +00:00
Dr. Stephen Henson
eb62cd807b Typo. 2011-05-26 22:01:49 +00:00
Dr. Stephen Henson
64f5178d67 Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld.
Use current directory for fips_premain_dso
2011-05-26 21:20:14 +00:00
Dr. Stephen Henson
e558c2aa3f In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative
location for libcrypto.a, support shared library builds in different
source tree.
2011-05-26 21:15:45 +00:00
Dr. Stephen Henson
ed0a35f222 Install fips_standalone_sha1 and make use of it in fipsld script. 2011-05-26 13:59:11 +00:00
Andy Polyakov
2bc3ad28b3 x86_64cpuid.pl: get AVX masking right. 2011-05-26 13:16:26 +00:00
Dr. Stephen Henson
d67813f878 Only install FIPS related files for fipscanisteronly build. 2011-05-26 11:00:06 +00:00
Dr. Stephen Henson
ecfe2d1753 More symbol renaming. 2011-05-25 16:01:37 +00:00
Dr. Stephen Henson
ebc5e72fe5 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:31:32 +00:00
Dr. Stephen Henson
3d52f1d52b PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
2011-05-25 15:20:49 +00:00
Dr. Stephen Henson
fd60dfa0f2 PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
2011-05-25 15:16:10 +00:00
Dr. Stephen Henson
be1242cbd1 PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.
2011-05-25 15:05:39 +00:00
Dr. Stephen Henson
a26e245ecd Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:21 +00:00
Dr. Stephen Henson
992bdde62d Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:41:56 +00:00