Commit graph

1642 commits

Author SHA1 Message Date
Bodo Möller
8b37d33a94 typo 2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
ccbb9badba fix CHANGES entry 2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function.
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags.
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
0486cce653 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Bodo Möller
837e1b6812 Fix memory leak on bad inputs. 2011-09-05 09:57:20 +00:00
Bodo Möller
acb4ab34a4 Synchronize with 1.0.1 CHANGES file. 2011-09-05 09:30:50 +00:00
Dr. Stephen Henson
f55f5f775e Add support for canonical generation of DSA parameter g.
Modify fips_dssvs to support appropriate file format.
2011-08-26 14:51:49 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
fe8aeffa92 Update CHANGES. 2011-07-25 21:43:57 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Bodo Möller
e66cb363d6 Fix the version history: changes going into 1.1.0 that are also going
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).
2011-06-15 14:49:17 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
992bdde62d Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:41:56 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
101e6e19f2 Add CHANGES entry: add FIPS support to ssl 2011-05-19 18:10:25 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only.
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
e0d1a2f80a Always return multiple of block length bytes from default DRBG seed
callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].
2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
2391681082 Initial untested CCM support via EVP. 2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
d7a3ce989c Update CHANGES. 2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
96ec46f7c0 Implement health checks needed by SP800-90.
Fix warnings.

Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Ben Laurie
d4f3dd5fb6 Fix Tom Wu's email. 2011-03-16 11:28:43 +00:00
Ben Laurie
0deea0e03c Note SRP support. 2011-03-12 17:04:07 +00:00
Dr. Stephen Henson
8857b380e2 Add ECDH to validated module. 2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
11e80de3ee New initial DH algorithm test driver. 2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
591cbfae3c Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
2011-03-04 18:00:21 +00:00