wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9788 commits 20 branches 302 tags 153 MiB
Commit graph

9788 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
33c98a28ac correctly encode OIDs near 2^32 2011-06-22 15:15:48 +00:00
Dr. Stephen Henson
b2ddddfb20 allow MD5 use for computing old format hash links 2011-06-22 02:18:06 +00:00
Dr. Stephen Henson
c24367ebb9 Don't set FIPS rand method at same time as RAND method as this can cause 
the FIPS library to fail. Applications that want to set the FIPS rand
method can do so explicitly and presumably they know what they are doing...
 2011-06-21 17:08:25 +00:00
Dr. Stephen Henson
7397b35379 Add FIPS error codes. 2011-06-21 16:58:10 +00:00
Dr. Stephen Henson
baee44c3de Stop warning. 2011-06-21 16:42:15 +00:00
Dr. Stephen Henson
1f2e4ecc30 Rename all AES_set*() functions using private_ prefix. 2011-06-21 16:23:42 +00:00
Dr. Stephen Henson
955e28006d make EVP_dss() work for DSA signing 2011-06-20 20:05:13 +00:00
Dr. Stephen Henson
bf0736eb1f Redirect null cipher to FIPS module. 2011-06-20 20:00:10 +00:00
Dr. Stephen Henson
3a5b97b7f1 Don't set default public key methods in FIPS mode so applications 
can switch between modes.
 2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
45bf825066 Set FIPSLINK correctly now trailing slash is removed from FIPSDIR. 2011-06-18 19:35:03 +00:00
Dr. Stephen Henson
4a18d5c89b Don't add trailing slash to FIPSDIR: it causes problems with Windows builds. 2011-06-18 19:02:12 +00:00
Dr. Stephen Henson
174b26c497 Preliminary WIN32 support for FIPS capable OpenSSL building. 2011-06-17 12:50:40 +00:00
Bodo Möller
5cacc82f61 Fix the version history: given that 1.0.1 has yet to be released, 
we should list "Changes between 1.0.0e and 1.0.1",
not "between 1.0.0d and 1.0.1".
 2011-06-15 14:23:44 +00:00
Dr. Stephen Henson
29a90816ff Update key sizes to 2048 bits. 
Only build ssltest with fipsld.

Include FIPS mode test for ssltest.
 2011-06-14 15:35:49 +00:00
Dr. Stephen Henson
4bea454021 set FIPS allow before initialising ctx 2011-06-14 15:25:41 +00:00
Dr. Stephen Henson
8bfd0ae4c4 typo 2011-06-14 13:47:25 +00:00
Dr. Stephen Henson
378943ce67 Use include dir when copiling fips_premain_dso. 2011-06-14 12:58:35 +00:00
Dr. Stephen Henson
c65d409afd Fix warnings in shared builds. 2011-06-14 12:58:00 +00:00
Dr. Stephen Henson
ed1bbe2cad make sure custom cipher flag doesn't use any mode bits 2011-06-13 23:10:34 +00:00
Dr. Stephen Henson
b0b3d09063 Set rand method in FIPS_mode_set() not in rand library. 2011-06-13 21:18:00 +00:00
Dr. Stephen Henson
0ede2af7a0 Redirect RAND to FIPS module in FIPS mode. 2011-06-13 20:40:52 +00:00
Dr. Stephen Henson
e8d23f7811 Redirect HMAC and CMAC operations to module. 2011-06-12 15:07:26 +00:00
Dr. Stephen Henson
907cd7217e update ordinals 2011-06-10 17:17:55 +00:00
Dr. Stephen Henson
7c402e5af3 Disable GCM, CCM, XTS outside FIPS mode this will be updated 
when backported.
 2011-06-10 14:22:42 +00:00
Dr. Stephen Henson
b8d78a5520 add cmac to Windows build, update ordinals 2011-06-10 14:12:55 +00:00
Dr. Stephen Henson
dfa5862960 Add android platforms. Let fipsdir come from environment. 2011-06-09 21:54:13 +00:00
Dr. Stephen Henson
4276908f51 add android support to DSO (from HEAD) 2011-06-09 21:49:24 +00:00
Ben Laurie
be23b71e87 Add -attime. 2011-06-09 17:09:31 +00:00
Ben Laurie
f851acbfff Fix warnings/errors(!). 2011-06-09 17:09:08 +00:00
Ben Laurie
78ef9b0205 Fix warnings. 2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
ed9b0e5cba Redirect DH key and parameter generation. 2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
cc30415d0c Use method rsa keygen first if FIPS mode if it is a FIPS method. 2011-06-09 13:18:07 +00:00
Dr. Stephen Henson
03e16611a3 Redirect DH operations to FIPS module. Block non-FIPS methods. 
Sync DH error codes with HEAD.
 2011-06-08 15:58:59 +00:00
Dr. Stephen Henson
8e2f3c1c83 fix memory leak 2011-06-08 15:55:57 +00:00
Dr. Stephen Henson
b6d63b2516 Check fips method flags for ECDH, ECDSA. 2011-06-08 14:01:00 +00:00
Dr. Stephen Henson
e6b88d02bd Implement Camellia_set_key properly for FIPS builds. 2011-06-08 13:11:46 +00:00
Andy Polyakov
125060ca63 rc4_skey.c: remove dead/redundant code (it's never compiled) and 
misleading/obsolete comment [from HEAD].
 2011-06-06 20:04:33 +00:00
Dr. Stephen Henson
b4baca9261 Recognise "fips" in mkdef.pl script. 2011-06-06 15:46:25 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
a6dc77822b Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:14 +00:00
Dr. Stephen Henson
59bc67052b Add flags field to EC_KEY structure (backport from HEAD). 2011-06-06 13:18:03 +00:00
Dr. Stephen Henson
c090562828 Make no-ec2m work again (backport from HEAD). 2011-06-06 13:00:30 +00:00
Dr. Stephen Henson
69e2ec63c5 Reorganise ECC code so it can use FIPS module. 
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.

Backport from HEAD with minor changes.
 2011-06-06 12:54:51 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
2e51a4caa3 Function not used outside FIPS builds. 2011-06-06 11:24:47 +00:00
Dr. Stephen Henson
c6fa97a6d6 FIPS low level blocking for AES, RC4 and Camellia. This is complicated by 
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
 2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
7978dc989d fix error discrepancy 2011-06-03 18:50:49 +00:00
Dr. Stephen Henson
d99e6b5014 New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD). 2011-06-03 18:35:49 +00:00