wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10294 commits 20 branches 302 tags 153 MiB
Commit graph

10294 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
8f82912460 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.
 2011-05-12 14:38:01 +00:00
Dr. Stephen Henson
f76b1baf86 Fix error discrepancy. 2011-05-12 14:28:09 +00:00
Dr. Stephen Henson
b1d00b9611 Add SSL_INTERN definition. 2011-05-12 13:13:07 +00:00
Dr. Stephen Henson
c76e024dde Sync ordinals. 2011-05-11 23:04:10 +00:00
Dr. Stephen Henson
4f7a2ab8b1 make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:50:18 +00:00
Andy Polyakov
b0188c4f07 bn_nist.c: fix shadowing warnings. 2011-05-11 20:19:00 +00:00
Andy Polyakov
f24e95b72c fips_canister.c: pick more neutral macro name. 2011-05-11 20:17:06 +00:00
Dr. Stephen Henson
fc101f88b6 Reorder signature algorithms in strongest hash first order. 2011-05-11 16:33:28 +00:00
Dr. Stephen Henson
2f38b38986 Set FIPS mode for values other than 1. The only current effect 
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.
 2011-05-11 14:49:01 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
5024b79f5c Inlcude README.ECC in FIPS restricted tarball. 2011-05-11 12:52:51 +00:00
Dr. Stephen Henson
c5ee394b58 Add NSA sublicense info. 2011-05-11 12:50:57 +00:00
Dr. Stephen Henson
21a40da045 Update instructions. 2011-05-10 10:59:25 +00:00
Dr. Stephen Henson
7919c07947 Typo. 2011-05-10 10:57:03 +00:00
Andy Polyakov
ab67c517ae fips_canister.c: fix typo. 2011-05-10 10:03:23 +00:00
Andy Polyakov
31b46ebb62 fips_canister.c: initial support for cross-compiling. "Initial" refers 
to the two-entry list of verified platforms in #ifndef
FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
 2011-05-10 09:53:59 +00:00
Dr. Stephen Henson
dc7995eeb8 Initialise rc. 2011-05-09 21:21:29 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
0b59755f43 Call fipsas.pl directly for pa-risc targets. 2011-05-09 15:23:00 +00:00
Andy Polyakov
1fb97e1313 Optimized bn_nist.c. Performance improvement varies from one benchmark 
and platform to another. It was measured to deliver 20-30% better
performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
 2011-05-09 10:16:32 +00:00
Dr. Stephen Henson
fc683d7213 allow SHA384, SHA512 wit DSA 2011-05-08 12:38:35 +00:00
Dr. Stephen Henson
03bc500a9f Remove gf2m modules from bn_asm if no-ec2m set. 2011-05-07 22:56:56 +00:00
Dr. Stephen Henson
bfe1d2f895 Remove FIXME comments. 2011-05-07 22:37:58 +00:00
Dr. Stephen Henson
ed1afd327d Omit GF2m properly this time ;-) 2011-05-07 22:36:03 +00:00
Dr. Stephen Henson
dacdd5203d Don't include GF2m source files is NOEC2M set. 2011-05-07 22:22:37 +00:00
Andy Polyakov
56c5f703c1 IA-64 assembler pack: fix typos and make it work on HP-UX. 2011-05-07 20:36:05 +00:00
Andy Polyakov
58cc21fdea x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for 
details and performance data).
 2011-05-07 10:31:06 +00:00
Dr. Stephen Henson
4fa3c4c3e9 Fixes for WIN64 FIPS build. 2011-05-06 23:47:23 +00:00
Dr. Stephen Henson
524289baa5 Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S 
files in fipsdist.
 2011-05-06 21:42:34 +00:00
Dr. Stephen Henson
2677d85631 Don't fail WIN32 builds on warnings. 2011-05-06 17:55:59 +00:00
Dr. Stephen Henson
ad4784953d Return error codes for selftest failure instead of hard assertion errors. 2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
c184711124 Hide more symbols. 2011-05-05 23:10:32 +00:00
Andy Polyakov
925596f85b ARM assembler pack: engage newly introduced armv4-gf2m module. 2011-05-05 21:57:11 +00:00
Dr. Stephen Henson
8d3cdd5b58 Fix warning of signed/unsigned comparison. 2011-05-05 14:47:38 +00:00
Andy Polyakov
75359644d0 ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code 
for details and performance data).
 2011-05-05 07:21:17 +00:00
Dr. Stephen Henson
6313d628da Remove superfluous PRNG self tests. 
Print timer resolution.
 2011-05-04 23:17:29 +00:00
Andy Polyakov
c7d0d0ae09 xts128.c: minor optimizaton. 2011-05-04 20:57:43 +00:00
Dr. Stephen Henson
c9adde0699 Update status. 2011-05-04 18:43:32 +00:00
Dr. Stephen Henson
614dd926cb Remove debugging print. 
Explicitly use LINKDIRS for fipsdist links.
 2011-05-04 18:33:42 +00:00
Andy Polyakov
034688ec4d bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign. 
Exact improvement coefficients vary from one benchmark and platform to
another, e.g. it performs 70%-33% better on ARM, hereafter less for
longer keys, and 100%-90% better on x86_64.
 2011-05-04 15:22:53 +00:00
Dr. Stephen Henson
d16765919d Fix warning. 2011-05-04 14:34:36 +00:00
Dr. Stephen Henson
a95bbadb57 Include fipssyms.h for ARM builds to translate symbols. 
Translate arm symbol to fips_*.
 2011-05-04 14:16:03 +00:00
Dr. Stephen Henson
e350458a63 Remove useless setting. 2011-05-04 01:09:52 +00:00
Dr. Stephen Henson
e9093c9832 PR: 2499 
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>

Typos.
 2011-05-02 23:29:57 +00:00
Dr. Stephen Henson
2e2a962aad Fix do_fips script. 2011-05-02 17:11:54 +00:00
Dr. Stephen Henson
9243a86d75 Use faster curves for ECDSA self test. 2011-05-02 12:13:04 +00:00
Dr. Stephen Henson
fc98a4377d Use more portable clock_gettime() for fips_test_suite timing. 
Output times of each subtest.
 2011-05-02 11:09:38 +00:00
Dr. Stephen Henson
fd600c0037 Stop warning in VxWorks. 2011-05-01 20:55:05 +00:00
Dr. Stephen Henson
a32ad6891b Quick hack to time POST. 2011-05-01 20:54:42 +00:00