Nils Larsch
5c567ffd4c
fix assertion
2005-05-31 20:39:54 +00:00
Richard Levitte
3bc1781994
Synchronise with the Unix build...
2005-05-31 20:29:23 +00:00
Dr. Stephen Henson
485bcc9cab
Preliminary support for X9.31 RSA key generation for FIPS.
...
Included prime derivation, random prime generation, test program and
new option to genrsa.
2005-05-31 12:38:03 +00:00
Richard Levitte
bb1bbb3274
Synchronise with Unixly build
2005-05-30 22:26:22 +00:00
Dr. Stephen Henson
4bd7bc97e8
make update
2005-05-29 12:30:21 +00:00
Dr. Stephen Henson
4d4339922c
Stop warnings.
2005-05-29 12:22:05 +00:00
Richard Levitte
c3d03b70af
We have some source with \r\n as line ends. DEC C informs about that,
...
and I really can't be bothered...
2005-05-29 12:13:05 +00:00
Dr. Stephen Henson
e4c2c550b9
Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and
...
include options to use X9.31 in tests.
2005-05-28 20:15:48 +00:00
Dr. Stephen Henson
570357b7a8
Add PSS support to tests.
2005-05-28 11:18:44 +00:00
Dr. Stephen Henson
7044d328a2
Add PSS support. Minimal at this stage for FIPS140.
2005-05-27 21:59:52 +00:00
Dr. Stephen Henson
35d7cc8166
Error checking.
2005-05-27 21:22:48 +00:00
Bodo Möller
80790d89ec
Use BN_with_flags() in a cleaner way.
...
Complete previous change:
Constant time DSA [sync with mainstream].
2005-05-27 15:39:15 +00:00
Andy Polyakov
7bad200b49
Constant-time RSA [sync with mainstream].
...
Submitted by: bodo
2005-05-27 08:12:44 +00:00
Andy Polyakov
6b6f64da2d
Constant time DH [sync with mainstream].
...
Submitted by: bodo
2005-05-27 08:11:16 +00:00
Andy Polyakov
31def5ae59
Constant-time DSA signing [sync with mainstream].
...
Submitted by: bodo
2005-05-27 06:42:11 +00:00
Andy Polyakov
713407a5c7
fips/sha1 -> fips/sha remains.
2005-05-26 23:09:02 +00:00
Andy Polyakov
db73333585
Remove fips/sha1/*.
2005-05-26 23:01:20 +00:00
Andy Polyakov
84c9b6edb1
Throw in SHAmix test vectors.
2005-05-26 22:17:55 +00:00
Andy Polyakov
e609c04994
Rename fips/sha1 to fips/sha.
2005-05-26 21:29:10 +00:00
Dr. Stephen Henson
53cfa36d37
Allow zero length messages and make format look more like samples.
2005-05-26 18:48:24 +00:00
Dr. Stephen Henson
b10bd63df3
FIPS SHA* test for new format.
2005-05-26 18:31:53 +00:00
Bodo Möller
44a287747f
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:42 +00:00
Richard Levitte
20a413620c
Synchronise with Unix build.
2005-05-24 03:50:47 +00:00
Richard Levitte
e99b588f1b
Typo correction
2005-05-24 03:27:18 +00:00
Richard Levitte
48a3f2818e
When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
...
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html .
Notified by David Wolfe <dwolfe5272@yahoo.com>
2005-05-21 17:39:48 +00:00
Andy Polyakov
fc0e014ca3
fips_check_rsa update.
2005-05-19 22:29:55 +00:00
Dr. Stephen Henson
8baaeba881
Place #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl
...
knows about it.
2005-05-17 19:48:42 +00:00
Andy Polyakov
150ebacd8a
SHA-XXX are available in FIPS context only in 0.9.7.
2005-05-17 06:57:14 +00:00
Bodo Möller
bedcd5c0bb
fix memory leak (BIO_free_all needs pointer to first BIO)
...
PR: 1070
2005-05-17 05:52:18 +00:00
Bodo Möller
fd86c390eb
Change wording for BN_mod_exp_mont_consttime() entry
2005-05-16 19:14:38 +00:00
Dr. Stephen Henson
63453c025f
Remove redundant test. Add new SHAXXX algorithms to mkdef.pl, update
...
symbol info.
2005-05-16 17:52:32 +00:00
Bodo Möller
ecb1445ce2
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:26:08 +00:00
Richard Levitte
64c32bf9eb
Synchronise with the Unixly build.
2005-05-15 09:20:15 +00:00
Dr. Stephen Henson
775e82c58d
Fix from HEAD.
2005-05-14 12:59:05 +00:00
Dr. Stephen Henson
db5cbd8954
Fixes from HEAD.
2005-05-13 00:23:02 +00:00
Dr. Stephen Henson
c6012b252d
Fix from HEAD.
2005-05-12 23:13:40 +00:00
Dr. Stephen Henson
e1ff593dcb
Typo.
2005-05-12 17:27:48 +00:00
Bodo Möller
c4d9c13a31
fix msg_callback() arguments for SSL 2.0 compatible client hello
...
(previous revision got this wrong)
2005-05-12 06:24:26 +00:00
Bodo Möller
00c1c6cb28
PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:26:08 +00:00
Bodo Möller
973fbfe3a3
make update
2005-05-11 17:49:50 +00:00
Dr. Stephen Henson
9fc1d3f4c4
Allow AES CFB1 ciphers in FIPS mode.
2005-05-11 16:28:33 +00:00
Dr. Stephen Henson
765863f0bf
Stop warnings.
2005-05-11 00:35:55 +00:00
Andy Polyakov
cbd72088ec
Tidy up an error code.
2005-05-10 22:57:21 +00:00
Andy Polyakov
8aabdf3505
Fix fips_hmactest.c.
2005-05-10 22:54:44 +00:00
Nils Larsch
fcec494072
use 'p' as conversion specifier for printf to avoid truncation of
...
pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz
via Mike Frysinger <vapier@gentoo.org>.
PR: 1064
2005-05-10 11:57:19 +00:00
Nils Larsch
88f62fb98a
improve command line argument checking
...
PR: 1061
2005-05-10 09:52:39 +00:00
Andy Polyakov
69488fa929
Add algorithm selection command-line option to fips_hmactest
...
[and fix typo in fips.h].
2005-05-09 22:35:35 +00:00
Andy Polyakov
b0367dde56
Comply with optimization manual (no data should share cache-line with code).
2005-05-09 21:41:47 +00:00
Andy Polyakov
ad93095f16
Missing declaration.
2005-05-09 20:47:42 +00:00
Andy Polyakov
82b47955fc
Void new FIPS tests if configured without FIPS.
2005-05-09 19:34:34 +00:00