Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
d7a3ce989c
Update CHANGES.
2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
96ec46f7c0
Implement health checks needed by SP800-90.
...
Fix warnings.
Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Ben Laurie
d4f3dd5fb6
Fix Tom Wu's email.
2011-03-16 11:28:43 +00:00
Ben Laurie
0deea0e03c
Note SRP support.
2011-03-12 17:04:07 +00:00
Dr. Stephen Henson
8857b380e2
Add ECDH to validated module.
2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
11e80de3ee
New initial DH algorithm test driver.
2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
591cbfae3c
Initial, provisional, subject to wholesale change, untested, probably
...
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
Did I say this was untested?
2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
eead69f5ed
Make fipscanisteronly build only required files.
2011-02-21 14:07:15 +00:00
Dr. Stephen Henson
5d439d6955
Make -DOPENSSL_FIPSSYMS work for assembly language builds.
2011-02-17 19:03:52 +00:00
Dr. Stephen Henson
017bc57bf9
Experimental FIPS symbol renaming.
...
Fixups under fips/ to make symbol renaming work.
2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
fe26d066ff
Add ECDSA functionality to fips module. Initial very incomplete version
...
of algorithm test program.
2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
30b56225cc
New "fispcanisteronly" build option: only build fipscanister.o and
...
associated utilities. This functionality will be used by the validated
tarball.
2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Bodo Möller
c415adc26f
Sync with 1.0.1 branch.
...
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Bodo Möller
9bda745876
fix omissions
2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
968062b7d3
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
2b3936e882
avoid verification loops in trusted store when path building
2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
300b1d76fe
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
f830c68f4d
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
732d31beee
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e49af2ac38
move CHANGES entry to correct place
2010-10-10 12:24:13 +00:00
Dr. Stephen Henson
5759425810
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:15:47 +00:00
Dr. Stephen Henson
39239280f3
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Bodo Möller
7b3a9b0099
Update version numbers
2010-08-26 18:45:45 +00:00
Bodo Möller
7c2d4fee25
For better forward-security support, add functions
...
SSL_[CTX_]set_not_resumable_session_callback.
Submitted by: Emilia Kasper (Google)
[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855 ).]
2010-08-26 15:15:47 +00:00
Bodo Möller
04daec862c
New 64-bit optimized implementation EC_GFp_nistp224_method().
...
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).
Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Dr. Stephen Henson
44959ee456
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
2010-08-26 14:23:52 +00:00
Bodo Möller
c94f7f657b
ECC library bugfixes.
...
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Bodo Möller
173350bcca
Harmonize with OpenSSL_1_0_1-stable version of CHANGES.
2010-08-26 11:22:33 +00:00
Ben Laurie
ee2ffc2794
Add Next Protocol Negotiation.
2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
eb1c48be6f
Add new type ossl_ssize_t instead of ssize_t and move definitions to
...
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
223c59eae5
Fix WIN32 build system to correctly link ENGINE DLLs contained in a
...
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:52:43 +00:00
Dr. Stephen Henson
7bbd0de88d
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:14:48 +00:00
Dr. Stephen Henson
f96ccf36ff
PR: 1830
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7
oops, revert wrong patch..
2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192
Fix warnings (From HEAD, original patch by Ben).
2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Andy Polyakov
3efe51a407
Revert previous Linux-specific/centric commit#19629. If it really has to
...
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5
Non-executable stack in asm.
2010-05-05 15:50:13 +00:00
Dr. Stephen Henson
1bf508c9cf
new function to diff tm structures
2010-04-15 13:25:26 +00:00