Dr. Stephen Henson
a4113c52b2
Disable FIPS restrictions when doing GCM testing.
2011-02-10 01:46:25 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Andy Polyakov
632d83f0a3
ccm128.c: initialize ctx->block (what I was smoking?).
2011-02-08 23:08:02 +00:00
Andy Polyakov
d3fad7cb51
ccm128.c: initial draft.
2011-02-08 23:02:45 +00:00
Dr. Stephen Henson
f4bfe97fc9
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
...
in the request file need to update it to generate IVs once we have an IV
generator in place.
2011-02-08 19:25:24 +00:00
Bodo Möller
c415adc26f
Sync with 1.0.1 branch.
...
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
9afe95099d
Set values to NULL after freeing them.
2011-02-08 18:25:57 +00:00
Dr. Stephen Henson
9dd346c90d
Experimental incomplete AES GCM algorithm test program.
2011-02-08 18:15:59 +00:00
Bodo Möller
9770924f9b
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:57 +00:00
Dr. Stephen Henson
f4001a0d19
Link GCM into FIPS module. Check return value in EVP gcm.
2011-02-08 15:10:42 +00:00
Bodo Möller
cea73f9db3
Synchronize with 1.0.0 branch
2011-02-08 08:48:51 +00:00
Andy Polyakov
1f2502eb58
gcm128.c: add boundary condition checks.
2011-02-07 19:11:13 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
fd3dbc1dbf
Add CRYPTO_gcm128_tag() function to retrieve the tag.
2011-02-07 18:05:27 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
634b66186a
Typo.
2011-02-07 14:36:55 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
f9678b8b57
Fix memory leak.
2011-02-07 13:34:00 +00:00
Dr. Stephen Henson
83e9c36261
Use default ASN1 if flag set.
2011-02-07 12:47:16 +00:00
Andy Polyakov
b68c13154e
gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
2011-02-06 23:50:05 +00:00
Andy Polyakov
68e2586bd3
gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt.
...
PR: 2432
Submitted by: Michael Heyman
2011-02-06 23:48:32 +00:00
Dr. Stephen Henson
61f477f4ab
Fix duplicate code and typo.
2011-02-06 00:51:05 +00:00
Dr. Stephen Henson
7e95116064
Remove unneeded functions, make some functions and variables static.
2011-02-04 17:56:57 +00:00
Dr. Stephen Henson
06b433acad
Add FIPS support to the WIN32 build system.
2011-02-03 23:12:04 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
3710d1aae9
Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
2011-02-03 16:16:30 +00:00
Dr. Stephen Henson
cc5c772abd
Include fips header file in err_all.c if needed.
2011-02-03 16:03:21 +00:00
Dr. Stephen Henson
65041aa27e
Add FIPS error codes.
2011-02-03 15:58:43 +00:00
Dr. Stephen Henson
7dbbd4b357
add -stripcr option to copy.pl from 0.9.8
2011-02-03 14:57:51 +00:00
Dr. Stephen Henson
544c84b720
Add Windows FIPS build utilities.
2011-02-03 14:20:59 +00:00
Dr. Stephen Henson
65847ca378
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
...
completes without linker errors.
2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
53f7633739
Add FIPS support to mkdef.pl script, update ordinals.
2011-02-03 12:59:01 +00:00
Dr. Stephen Henson
c2a459315a
Use single X931 key generation source file for FIPS and non-FIPS builds.
2011-02-03 12:47:56 +00:00
Bodo Möller
e2b798c8b3
Assorted bugfixes:
...
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:51 +00:00
Bodo Möller
9bda745876
fix omissions
2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:43:00 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
ee9884654b
Cope with new DSA2 file format where some p/q only tests are made.
2011-02-02 17:48:03 +00:00
Dr. Stephen Henson
5f885f1ea4
Fix target config errors.
2011-02-02 15:11:40 +00:00
Dr. Stephen Henson
7a4ec19a5f
Make no-asm work in fips mode. Add android platform.
2011-02-02 15:07:13 +00:00
Dr. Stephen Henson
a5b196a22c
Add sign/verify digest API to handle an explicit digest instead of finalising
...
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
b6104f9ad8
Remove DSA parameter generation from DSA selftest. It is unnecessary and
...
can be very slow on embedded platforms. Hard code DSA parameters instead.
2011-02-02 14:20:45 +00:00
Dr. Stephen Henson
96d5997f5b
Don't try to set pmd if it is NULL.
2011-02-01 19:15:12 +00:00
Dr. Stephen Henson
92eb4c551d
Add DSA2 support to final algorithm tests: keypair and keyver.
2011-02-01 18:53:48 +00:00
Dr. Stephen Henson
89f63d06f8
Support more DSA2 tests.
2011-02-01 17:54:23 +00:00
Dr. Stephen Henson
2ecc150530
Tolerate mixed case and leading zeroes when comparing.
2011-02-01 17:15:53 +00:00
Dr. Stephen Henson
3c2c4cc5f2
fixes for DSA2 parameter generation
2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
5eedacc904
update README.FIPS
2011-02-01 17:14:07 +00:00
Dr. Stephen Henson
7f64c26588
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00