wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9844 commits 20 branches 302 tags 153 MiB
Commit graph

9844 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming 
is picked up.
 2011-02-16 17:25:01 +00:00
Dr. Stephen Henson
017bc57bf9 Experimental FIPS symbol renaming. 
Fixups under fips/ to make symbol renaming work.
 2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
d749e1080a Experimental symbol renaming to avoid clashes with regular OpenSSL. 
Make sure crypto.h is included first in any affected files.
 2011-02-16 14:40:06 +00:00
Dr. Stephen Henson
0fbf8f447b Add pairwise consistency test to EC. 2011-02-15 16:58:28 +00:00
Dr. Stephen Henson
c81f8f59be Use SHA-256 in fips_test_suite. 2011-02-15 16:58:06 +00:00
Dr. Stephen Henson
225a9e296b Update pairwise consistency checks to use SHA-256. 2011-02-15 16:18:18 +00:00
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
14567b1451 Add FIPS flags to AES ciphers and SHA* digests. 2011-02-15 15:57:54 +00:00
Dr. Stephen Henson
fe082202c0 Ignore final '\n' when checking if hex line length is odd. 2011-02-15 15:56:13 +00:00
Dr. Stephen Henson
fbc164ec2f Add support for SigGen and KeyPair tests. 2011-02-15 14:16:57 +00:00
Dr. Stephen Henson
943a0ceed0 Update ECDSA test program to handle ECDSA2 format files. 
Correctly handle hex strings with an odd number of digits.
 2011-02-14 19:42:49 +00:00
Dr. Stephen Henson
5d2f1538a0 Add .cvsignore. 2011-02-14 17:28:28 +00:00
Dr. Stephen Henson
fe26d066ff Add ECDSA functionality to fips module. Initial very incomplete version 
of algorithm test program.
 2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
c876a4b7b1 Include support for an add_lock callback to tiny FIPS locking API. 2011-02-14 17:05:42 +00:00
Dr. Stephen Henson
c966120412 Don't use FIPS api for ec2_oct.c 2011-02-14 16:55:28 +00:00
Dr. Stephen Henson
84b08eee4b Reorganise ECC code for inclusion in FIPS module. 
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.
 2011-02-14 16:52:12 +00:00
Dr. Stephen Henson
bf2546f947 Use BN_nist_mod_func to avoid need to peek error queue. 2011-02-14 16:45:28 +00:00
Dr. Stephen Henson
133291f8e7 New function BN_nist_mod_func which returns an appropriate function 
if the passed prime is a NIST prime.
 2011-02-14 16:44:29 +00:00
Dr. Stephen Henson
e990b4f838 Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new 
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
 2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
e47af46cd8 Change FIPS source and utilities to use the "FIPS_" names directly 
instead of using regular OpenSSL API names.
 2011-02-12 18:25:18 +00:00
Dr. Stephen Henson
36246be915 Make no-ec2m work on Win32 build. Add nexprotoneg support too. 2011-02-12 17:38:40 +00:00
Dr. Stephen Henson
c9a90645a5 Disable some functions in headers with no-ec2m 2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Andy Polyakov
afb4191304 dso_dlfcn.c: make it work on Tru64 4.0. 
PR: 2316
 2011-02-12 16:43:41 +00:00
Andy Polyakov
874b0bd968 Configure: engage assembler in Android target. 2011-02-12 16:13:59 +00:00
Andy Polyakov
a6d915e0ef gcm128.c: make it work with no-sse2. 2011-02-12 11:47:55 +00:00
Dr. Stephen Henson
975138edaa Add Makefile.fips. 2011-02-11 20:56:24 +00:00
Dr. Stephen Henson
30b56225cc New "fispcanisteronly" build option: only build fipscanister.o and 
associated utilities. This functionality will be used by the validated
tarball.
 2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
dc527a62a1 Make Windows build work with GCM. 2011-02-11 16:49:01 +00:00
Dr. Stephen Henson
ed12c2f7ca In FIPS mode only use "Generation by Testing Candidates" equivalent. 2011-02-11 15:19:54 +00:00
Dr. Stephen Henson
16a7fcc447 Return security strength for supported DSA parameters: will be used 
later.
 2011-02-11 14:38:39 +00:00
Dr. Stephen Henson
a1a5885b64 Free keys if DSA pairwise error. 2011-02-11 14:21:01 +00:00
Andy Polyakov
f84a8ea526 x86gas.pl: make data_short work on legacy systems. 2011-02-10 21:24:24 +00:00
Andy Polyakov
01be5db64e xts128.c: initial draft. 2011-02-10 21:16:21 +00:00
Dr. Stephen Henson
a4113c52b2 Disable FIPS restrictions when doing GCM testing. 2011-02-10 01:46:25 +00:00
Dr. Stephen Henson
b3d8022edd Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. 2011-02-09 16:21:43 +00:00
Andy Polyakov
632d83f0a3 ccm128.c: initialize ctx->block (what I was smoking?). 2011-02-08 23:08:02 +00:00
Andy Polyakov
d3fad7cb51 ccm128.c: initial draft. 2011-02-08 23:02:45 +00:00
Dr. Stephen Henson
f4bfe97fc9 Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs 
in the request file need to update it to generate IVs once we have an IV
generator in place.
 2011-02-08 19:25:24 +00:00
Bodo Möller
c415adc26f Sync with 1.0.1 branch. 
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
 2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
9afe95099d Set values to NULL after freeing them. 2011-02-08 18:25:57 +00:00
Dr. Stephen Henson
9dd346c90d Experimental incomplete AES GCM algorithm test program. 2011-02-08 18:15:59 +00:00
Bodo Möller
9770924f9b OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:48:57 +00:00
Dr. Stephen Henson
f4001a0d19 Link GCM into FIPS module. Check return value in EVP gcm. 2011-02-08 15:10:42 +00:00
Bodo Möller
cea73f9db3 Synchronize with 1.0.0 branch 2011-02-08 08:48:51 +00:00
Andy Polyakov
1f2502eb58 gcm128.c: add boundary condition checks. 2011-02-07 19:11:13 +00:00
Dr. Stephen Henson
bdaa54155c Initial *very* experimental EVP support for AES-GCM. Note: probably very 
broken and subject to change.
 2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
fd3dbc1dbf Add CRYPTO_gcm128_tag() function to retrieve the tag. 2011-02-07 18:05:27 +00:00
Dr. Stephen Henson
d45087c672 Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: 
the NULL value for the input buffer is sufficient to notice this case.
 2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
634b66186a Typo. 2011-02-07 14:36:55 +00:00