Dr. Stephen Henson
36246be915
Make no-ec2m work on Win32 build. Add nexprotoneg support too.
2011-02-12 17:38:40 +00:00
Dr. Stephen Henson
c9a90645a5
Disable some functions in headers with no-ec2m
2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Andy Polyakov
afb4191304
dso_dlfcn.c: make it work on Tru64 4.0.
...
PR: 2316
2011-02-12 16:43:41 +00:00
Andy Polyakov
874b0bd968
Configure: engage assembler in Android target.
2011-02-12 16:13:59 +00:00
Andy Polyakov
a6d915e0ef
gcm128.c: make it work with no-sse2.
2011-02-12 11:47:55 +00:00
Dr. Stephen Henson
975138edaa
Add Makefile.fips.
2011-02-11 20:56:24 +00:00
Dr. Stephen Henson
30b56225cc
New "fispcanisteronly" build option: only build fipscanister.o and
...
associated utilities. This functionality will be used by the validated
tarball.
2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
dc527a62a1
Make Windows build work with GCM.
2011-02-11 16:49:01 +00:00
Dr. Stephen Henson
ed12c2f7ca
In FIPS mode only use "Generation by Testing Candidates" equivalent.
2011-02-11 15:19:54 +00:00
Dr. Stephen Henson
16a7fcc447
Return security strength for supported DSA parameters: will be used
...
later.
2011-02-11 14:38:39 +00:00
Dr. Stephen Henson
a1a5885b64
Free keys if DSA pairwise error.
2011-02-11 14:21:01 +00:00
Andy Polyakov
f84a8ea526
x86gas.pl: make data_short work on legacy systems.
2011-02-10 21:24:24 +00:00
Andy Polyakov
01be5db64e
xts128.c: initial draft.
2011-02-10 21:16:21 +00:00
Dr. Stephen Henson
a4113c52b2
Disable FIPS restrictions when doing GCM testing.
2011-02-10 01:46:25 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Andy Polyakov
632d83f0a3
ccm128.c: initialize ctx->block (what I was smoking?).
2011-02-08 23:08:02 +00:00
Andy Polyakov
d3fad7cb51
ccm128.c: initial draft.
2011-02-08 23:02:45 +00:00
Dr. Stephen Henson
f4bfe97fc9
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
...
in the request file need to update it to generate IVs once we have an IV
generator in place.
2011-02-08 19:25:24 +00:00
Bodo Möller
c415adc26f
Sync with 1.0.1 branch.
...
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
9afe95099d
Set values to NULL after freeing them.
2011-02-08 18:25:57 +00:00
Dr. Stephen Henson
9dd346c90d
Experimental incomplete AES GCM algorithm test program.
2011-02-08 18:15:59 +00:00
Bodo Möller
9770924f9b
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:57 +00:00
Dr. Stephen Henson
f4001a0d19
Link GCM into FIPS module. Check return value in EVP gcm.
2011-02-08 15:10:42 +00:00
Bodo Möller
cea73f9db3
Synchronize with 1.0.0 branch
2011-02-08 08:48:51 +00:00
Andy Polyakov
1f2502eb58
gcm128.c: add boundary condition checks.
2011-02-07 19:11:13 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
fd3dbc1dbf
Add CRYPTO_gcm128_tag() function to retrieve the tag.
2011-02-07 18:05:27 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
634b66186a
Typo.
2011-02-07 14:36:55 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
f9678b8b57
Fix memory leak.
2011-02-07 13:34:00 +00:00
Dr. Stephen Henson
83e9c36261
Use default ASN1 if flag set.
2011-02-07 12:47:16 +00:00
Andy Polyakov
b68c13154e
gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
2011-02-06 23:50:05 +00:00
Andy Polyakov
68e2586bd3
gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt.
...
PR: 2432
Submitted by: Michael Heyman
2011-02-06 23:48:32 +00:00
Dr. Stephen Henson
61f477f4ab
Fix duplicate code and typo.
2011-02-06 00:51:05 +00:00
Dr. Stephen Henson
7e95116064
Remove unneeded functions, make some functions and variables static.
2011-02-04 17:56:57 +00:00
Dr. Stephen Henson
06b433acad
Add FIPS support to the WIN32 build system.
2011-02-03 23:12:04 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
3710d1aae9
Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
2011-02-03 16:16:30 +00:00
Dr. Stephen Henson
cc5c772abd
Include fips header file in err_all.c if needed.
2011-02-03 16:03:21 +00:00
Dr. Stephen Henson
65041aa27e
Add FIPS error codes.
2011-02-03 15:58:43 +00:00
Dr. Stephen Henson
7dbbd4b357
add -stripcr option to copy.pl from 0.9.8
2011-02-03 14:57:51 +00:00
Dr. Stephen Henson
544c84b720
Add Windows FIPS build utilities.
2011-02-03 14:20:59 +00:00
Dr. Stephen Henson
65847ca378
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
...
completes without linker errors.
2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
53f7633739
Add FIPS support to mkdef.pl script, update ordinals.
2011-02-03 12:59:01 +00:00
Dr. Stephen Henson
c2a459315a
Use single X931 key generation source file for FIPS and non-FIPS builds.
2011-02-03 12:47:56 +00:00
Bodo Möller
e2b798c8b3
Assorted bugfixes:
...
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:51 +00:00
Bodo Möller
9bda745876
fix omissions
2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:43:00 +00:00